# NixOS configuration for john-endesktop (ZFS/NFS server)
# Migrated from Arch Linux to provide ZFS pools via NFS to k3s cluster

{ config, lib, pkgs, ... }:

with lib;

{
  imports = [
    ./hardware-configuration.nix
  ];

  # Boot configuration
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # ZFS support
  boot.supportedFilesystems = [ "zfs" ];
  boot.zfs.forceImportRoot = false;
  boot.zfs.extraPools = [ "media" "swarmvols" ];

  # Set ZFS hostid to match current system (from Arch Linux)
  # This resolves the hostid mismatch warnings
  networking.hostId = "007f0101";

  # Hostname
  networking.hostName = "john-endesktop";

  # Network configuration - using DHCP on enp0s31f6
  networking.useDHCP = false;
  networking.interfaces.enp0s31f6.useDHCP = true;

  # NFS Server configuration
  services.nfs.server = {
    enable = true;

    # NFS protocol versions
    # v3 for broader compatibility, v4 for better performance
    exports = ''
      # These are managed by ZFS sharenfs properties
      # but we enable the NFS server here
    '';
  };

  # Enable NFS4 with proper configuration
  services.rpcbind.enable = true;

  # Firewall configuration for NFS
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [
      111   # rpcbind
      2049  # nfs
      4000  # nfs callback
      4001  # nlockmgr
      4002  # mountd
      20048 # mountd
    ];
    allowedUDPPorts = [
      111   # rpcbind
      2049  # nfs
      4000  # nfs callback
      4001  # nlockmgr
      4002  # mountd
      20048 # mountd
    ];
    # Allow NFS from local network
    extraCommands = ''
      iptables -A nixos-fw -p tcp -s 10.0.0.0/24 -j ACCEPT
      iptables -A nixos-fw -p udp -s 10.0.0.0/24 -j ACCEPT
    '';
  };

  # ZFS maintenance
  services.zfs = {
    autoScrub = {
      enable = true;
      interval = "monthly";
    };
    trim = {
      enable = true;
      interval = "weekly";
    };
  };

  # Basic system packages
  environment.systemPackages = with pkgs; [
    vim
    git
    htop
    tmux
    zfs
  ];

  # Enable SSH
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = true;
    };
  };

  # User configuration
  roles.users.enable = true;

  # k3s agent configuration
  roles.k3s-node = {
    enable = true;
    role = "agent";
    # serverAddr defaults to https://10.0.0.222:6443
    # tokenFile defaults to /etc/k3s/token
    extraFlags = [
      # Node labels for workload scheduling
      # fast-cpu: This node has a faster CPU than other cluster nodes
      "--node-label=fast-cpu=true"
      # fast-storage: This node is the NFS host with fast local storage access
      "--node-label=fast-storage=true"
      # k3s-upgrade=disabled: NixOS manages k3s upgrades via Nix, not system-upgrade-controller
      "--node-label=k3s-upgrade=disabled"
    ];
  };

  # Time zone
  time.timeZone = "America/Los_Angeles"; # Adjust as needed

  # NixOS version
  system.stateVersion = "25.11";
}