# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

# NixOS-WSL specific options are documented on the NixOS-WSL repository:
# https://github.com/nix-community/NixOS-WSL

{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.services.forgejo;
  srv = cfg.settings.server;
in
{
  imports = [
    ./shared/system.nix
    ./shared/dev_user.nix
    ./shared/docker.nix
    ./shared/ssh.nix
  ];

  sops = {
    defaultSopsFile = ./secrets/ssh-key.yaml;
    age = {
      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
      keyFile = "/root/.config/sops/age/keys.txt";
      generateKey = true;
    };
    secrets."pipe-ssh-key" = { };
  };

  services.openssh.settings.AllowUsers = [ "pipeline" ];

  users.users = {
    # connection only via ssh key
    pipeline = {
      isNormalUser = true;
      home = "/home/pipeline";
      description = "User used by forgejo runners to connect to this system";
      extraGroups = [ "docker" ];
    };
  };

  services = {
    mysql = {
      enable = true;
      package = pkgs.mariadb;
      settings = {
        mysqld = {
          port = 8000;
        };
      };
    };
  };
}