# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
  imports =
    [ ../hardware-configuration.nix
      ../secrets.nix
      ../overlays.nix
      ../unfree.nix
      ../services/clamav.nix
      ../services/firewall.nix
      ../services/docker.nix
      ../services/dnsmasq.nix
      ../services/sound.nix
      ../services/x11.nix
      ../services/x11-intel.nix
      ../services/x11-laptop.nix
      ../services/gnome.nix
      ../services/dbus.nix
      ../services/haveged.nix
      ../services/printing.nix
      ../system/bluetooth.nix
      ../system/ca.nix
      ../system/console.nix
      ../system/documentation.nix
      ../system/fonts.nix
      ../system/i18n.nix
      ../system/networking.nix
      ../system/packages.nix
      ../system/security.nix
      ../system/timezone.nix
      ../system/users.nix
      ../system/wireshark.nix
      ../system/yubikey-gpg.nix
      ../programs/mtr.nix
      ../system/nix.nix
    ];

  # Use the GRUB 2 boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  boot.kernelPackages = pkgs.linuxPackages_latest;

  boot.initrd.luks = {
    gpgSupport = true;
    device = {
      luks- = {
        device = "/dev/disk/by-uuid/";
        gpgCard = {
          publicKey = ./public.asc;
          encryptedPass = ./luks-passphrase.asc;
        };
      };
    };
  };
  boot.blacklistedKernelModules = [
    "iptables"
  ];

  networking.hostName = "daeva";

  # Only keep a week instead of 2
  nix.gc.options = "--delete-older-than 7d";

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "20.09"; # Did you read the comment?

}