# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

# NixOS-WSL specific options are documented on the NixOS-WSL repository:
# https://github.com/nix-community/NixOS-WSL

{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.services.forgejo;
  srv = cfg.settings.server;
in
{
  imports = [
    ./shared/system.nix
    ./shared/dev_user.nix
    ./shared/docker.nix
    ./shared/ssh.nix
  ];

  services.openssh.settings.AllowUsers = [ "pipeline" ];

  users.users = {
    # connection only via ssh key
    pipeline = {
      isNormalUser = true;
      home = "/home/pipeline";
      description = "User used by forgejo runners to connect to this system";
      extraGroups = [ "docker" ];
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB9tvEWgxrhK0pUs9RJrdreNX1EBxJ/nrz57qzP48Uk michaelh@michael-node"
      ];
    };
  };

  networking = {
    firewall = {
      allowedTCPPorts = [ 3000 ];
      allowedTCPPortRanges = [
        { from = 8000; to = 8020; }
      ];
    };
  };

  services = {
    mysql = {
      enable = true;
      package = pkgs.mariadb;
      settings = {
        mysqld = {
          port = 8000;
        };
      };
    };
  };
}