# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
    # Bootloader.
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;
    imports =
        [ # Include the results of the hardware scan.
        ./hardware-configuration.nix
        ../common.nix
        ];

    networking.hostName = "dmeiburg"; # Define your hostname.
    networking.firewall.trustedInterfaces = [ "docker0" ];
    networking.firewall.allowedTCPPorts = [ 22 80 443 ];
    networking.firewall.allowedUDPPorts = [ 51820 ];
    networking.nat.enable = true;
    networking.nat.externalInterface = "enp3s0";
    networking.nat.internalInterfaces = [ "wg0" ];

    networking.wireguard.interfaces = {
        wg0 = {
            ips = [ "10.100.0.1/24" ];
            listenPort = 51820;

            privateKeyFile = "/home/dm/.wireguard/dmeiburg";

            peers = [
            { # p14s 
                publicKey = "BTIuA08t8lwPZa418EJ7vcni3MxC8ihhadem6uicnAA=";
                allowedIPs = [ "10.100.0.2/32" ];
            }
            { # pinix
                publicKey = "Zhnl8OJXjCk4zmuTg6xFnWPyf3Asnkhk/yW09s6yJCc=";
                allowedIPs = [ "10.100.0.3/32" ];
            }
            ];
        };
    };

    environment.systemPackages = with pkgs; [
        gnupg
        pinentry
    ];

    virtualisation.docker.enable = true;
    users.users.dm.extraGroups = [ "docker" ];

    programs = {
        gnupg.agent = {
        enable = true;
        };
    };

    system.stateVersion = "23.11"; # Did you read the comment?
}