# NixOS configuration for development VPS
# Simple setup for Matrix + Forgejo + Slack bridge testing
{ config, pkgs, lib, ... }:

{
  imports = [
    ../modules/dev-services.nix
  ];

  # Basic boot configuration for VPS
  boot = {
    loader = {
      grub = {
        enable = true;
        device = "/dev/vda";  # Common for cloud VPS
        useOSProber = false;
      };
    };
    # Cloud VPS typically uses virtio
    initrd.availableKernelModules = [
      "virtio_pci"
      "virtio_blk"
      "virtio_net"
      "virtio_scsi"
    ];
  };

  # Network configuration
  networking = {
    hostName = "dev-matrix-vps";

    # Most VPS providers use DHCP
    useDHCP = false;
    interfaces.ens3 = {  # Common interface name, adjust as needed
      useDHCP = true;
    };

    enableIPv6 = true;

    # Firewall - only expose what's needed
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22    # SSH
        80    # HTTP
        443   # HTTPS
        3000  # Forgejo (for testing, remove in production)
        8008  # Matrix (for testing, remove in production)
      ];
      allowPing = true;
    };
  };

  # SSH configuration
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "prohibit-password";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
  };

  # Admin user
  users.users.admin = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      # Add your SSH public key here
      # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI..."
    ];
  };

  # Enable sudo without password for admin (dev environment)
  security.sudo.wheelNeedsPassword = false;

  # Enable dev services stack
  services.dev-platform = {
    enable = true;
    domain = "localhost";  # Change to your domain or IP

    matrix = {
      enable = true;
      serverName = "dev.matrix";
    };

    forgejo = {
      enable = true;
      subdomain = "git";
    };

    slackBridge = {
      enable = true;
      workspace = "";  # Will be configured via secrets
    };
  };

  # Basic monitoring
  services.netdata = {
    enable = true;
    config = {
      global = {
        "bind to" = "127.0.0.1";
      };
    };
  };

  # Automatic garbage collection
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 7d";
  };

  # Enable flakes and optimize for deployment
  nix.settings = {
    experimental-features = [ "nix-command" "flakes" ];

    # Optimize for builds and downloads
    max-jobs = "auto";
    cores = 0;  # Use all cores
    substituters = [
      "https://cache.nixos.org"
    ];
    trusted-public-keys = [
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
    ];
  };

  system.stateVersion = "24.11";
}