# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later

{ config, lib, pkgs, ... }:
{
  imports = [
    ./hardware-configuration.nix
    ../../modules
    ../../users/simon

    ./services/media-backup.nix
    ./services/media.nix
    ./services/paperless.nix
    ./services/photoprism.nix
    ./services/torrent.nix
  ];

  sbruder = {
    wireguard.home.enable = true;
    nginx.hardening.enable = true;
    printing.server.enable = true;
    restic = {
      enable = true;
      backups.system = {
        enable = true;
        qos = true;
        extraPaths = [
          "/data"
        ];
        extraExcludes = [
          "/data/cold/media/video"
          "/data/cold/misc"
          "/data/cold/torrent"
          "/data/hot/torrent"
          "/data/media/video"
          "/data/torrent"
        ];
      };
    };
    unfree.allowSoftware = true;
  };

  services.nginx = {
    enable = true;
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys";

  services.syncthing.enable = true;

  services.udisks2.enable = true; # does not have gui, but often deals with removable storage

  networking.hostName = "fuuko";

  system.stateVersion = "20.09";

  services.postgresql = {
    enable = true;
    package = pkgs.postgresql_16;
  };

  services.postgresqlBackup = {
    enable = true;
    startAt = [ ]; # triggered by restic system backup
    location = "/var/lib/postgresql-backup";
    compression = "none";
  };
  systemd.services.restic-backups-system = {
    after = [ "postgresqlBackup.service" ];
    wants = [ "postgresqlBackup.service" ];
  };
}