{ config, pkgs, inputs, ... }:

{
  imports = [
    "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix"
    ../common-cli.nix
    ./hardware-configuration.nix
    ./network.nix
    ./users.nix
    ./services.nix
  ];

  nix.settings.trusted-users = [ "root" "paul" ];

  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };

    supportedFilesystems = [ "zfs" ];

    tmp.useTmpfs = true;

    # Enabling both boot.enableContainers & virtualisation.containers on system.stateVersion < 22.05 is unsupported
    enableContainers = false;
  };

  documentation.nixos.enable = false;

  services.zfs = {
    autoSnapshot.enable = true;
    autoScrub = {
      enable = true;
      interval = "monthly";
    };
  };

  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      X11Forwarding = true;
    };
  };

  users = {
    groups.autossh = { };
    users.autossh = {
      home = "/home/autossh";
      createHome = true;
      group = "autossh";
      isSystemUser = true;
    };
  };

  # Options explanations
  # -N                              disable shell
  # -R 0.0.0.0:2222:127.0.0.1:22    redirect SSH port on VPS server on port 2222
  # -R 127.0.0.1:2525:127.0.0.1:25  redirect SMTP port on VPS port 2525
  services.autossh.sessions = [
    {
      extraArguments = "-N -R 0.0.0.0:2222:127.0.0.1:22 loutre@vps772619.ovh.net";
      monitoringPort = 20000;
      name = "backup-ssh-reverse";
      user = "autossh";
    }
  ];

  virtualisation.podman.enable = true;

  security.sudo.wheelNeedsPassword = false;

  system.stateVersion = "18.03";
}