{ config, pkgs, ... }:

{
  imports = [ ./hardware/hardware-configuration.nix ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.kernelModules = [ "overlay" "vmd" ];
  boot.initrd.systemd.tmpfiles.settings."nixdirs" = {
    "/nix".d = { mode = "0755"; type = "d"; user = "root"; group = "root";};
    "/nix/.ro-store".d = { mode = "0755"; type = "d"; user = "root"; group = "root";};
    "/nix/.rw-store".d = { mode = "0755"; type = "d"; user = "root"; group = "root";};
  };
  boot.zfs.extraPools = ["tank"];

  networking.hostName = "nix-nas";
  networking.hostId = "39373132";  # via: head -c4 /etc/machine-id | od -An -tx4

  fileSystems."/" =
    { device = "rpool/root";
      fsType = "zfs";
      neededForBoot = true;
    };

  fileSystems."/nix" =
    { device = "rpool/nix";
      fsType = "zfs";
      neededForBoot = true;
    };

  fileSystems."/home" =
    { device = "tank/home";
      fsType = "zfs";
    };

  fileSystems."/tank" =
    { device = "tank/media";
      fsType = "zfs";
    };

  swapDevices = [ ];

  users.users.nicole = {
    isNormalUser = true;
    hashedPassword = "$6$p73d5mOLoSuJGOol$KRlszaPXZK9/frADlfR3kAr/57DD5f4.CPTGNNX80QWEWFE5y.bM1WiZwmRHiAlrws3q/zCDQ6AqeSyCUX.8U/";
    extraGroups = [ "wheel" "docker" "libvirtd" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAsiKDWCwyf1usprg3K6Zk0xE9S4DX6+Bc4+nIOZGmf drezil@Manticore"
    ];
  };


  system.stateVersion = "25.05";   # ← einmalig festnageln
  security.sudo.wheelNeedsPassword = false;
  services.openssh.enable = true;
  services.zfs.autoScrub.enable = true;   # Snapshots & Details kommen später

  systemd.services.zfs-prune-snapshots = {
    description = "Remove ZFS snapshots older than policy";
    serviceConfig.ExecStart = "/run/current-system/sw/bin/zfs-prune-snapshots -r --keep=2w";
    startAt = "daily";
  };


  # Wir pinnen den Kernel, bis ZFS 2.3.x für 6.13 bereit ist
  boot.kernelPackages = pkgs.linuxPackages_6_12;

  environment.systemPackages = with pkgs; [ git vim zfs ];


  #### Virtualisation

  virtualisation.docker.enable = true;
  virtualisation.libvirtd.enable = true;
  users.groups.docker.members = [ "nicole" ];
  programs.virt-manager.enable = true;

}