{ inputs, config, pkgs, ... }:

{
  imports =
    [ 
      ./hardware-configuration.nix
      inputs.home-manager.nixosModules.home-manager
      ./modules/nix
    ];

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sdb";

  networking.hostName = "srv-sin";
  networking.networkmanager.enable = true;

  time.timeZone = "Europe/Paris";

  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "fr_FR.UTF-8";
    LC_IDENTIFICATION = "fr_FR.UTF-8";
    LC_MEASUREMENT = "fr_FR.UTF-8";
    LC_MONETARY = "fr_FR.UTF-8";
    LC_NAME = "fr_FR.UTF-8";
    LC_NUMERIC = "fr_FR.UTF-8";
    LC_PAPER = "fr_FR.UTF-8";
    LC_TELEPHONE = "fr_FR.UTF-8";
    LC_TIME = "fr_FR.UTF-8";
  };

  services.xserver.xkb = {
    layout = "fr";
    variant = "azerty";
  };

  console.keyMap = "fr";

  programs.nh = {
    enable = true;
    clean = {
      enable = true;
      extraArgs = "--keep 10";
      dates = "hourly";
    };
    flake = "/home/baptiste/srv-sin";
  };

  security.sudo.wheelNeedsPassword = false;

  users.users.baptiste = {
    isNormalUser = true;
    description = "server1";
    extraGroups = [ "networkmanager" "wheel" ];
  };

  home-manager = {
    extraSpecialArgs = { inherit inputs; };
    users = {
      baptiste = import ./home.nix;
    };
  };

  environment.systemPackages = with pkgs; [
    vim
    git
    wget
    tldr
    tree
    dig
    btop
    file
    fastfetch
    lf
    tshark
    nixfmt
    usbutils
    unzip
    nixfmt-tree
    fzf
    nmap
  ];
  programs.fzf.keybindings = true;

  programs.zsh.enable = true;
  users.defaultUserShell = pkgs.zsh;

  services.openssh = {
    enable = true;
    ports = [ 22 ];
    settings = {
      PasswordAuthentication = true;
      AllowUsers = null;
      UseDns = true;
      X11Forwarding = false;
      PermitRootLogin = "prohibit-password";
    };
  };

  system.stateVersion = "25.05";

  systemd.timers."scan" = {
    wantedBy = [ "timers.target" ];
      timerConfig = {
        OnBootSec = "5m";
        OnCalendar = "*:0/5";
        Unit = "scan.service";
      };
  };

  systemd.services."scan" = {
    script = ''
      /run/current-system/sw/bin/nmap -sn 192.168.1.0/24 \
      | /run/current-system/sw/bin/awk '
      /Nmap scan report for/ {
          if (match($0, /\(([^)]+)\)/)) {
              ip = substr($0, RSTART+1, RLENGTH-2)
              host = $5
          } else {
              ip = $NF
              host = ""
          }
      }
      /MAC Address:/ {
          mac = $3
          vendor = $0
          sub(/^.*\(/, "", vendor)
          sub(/\).*$/, "", vendor)

          print ip "," host "," vendor "," mac
      }
      ' > "/data/nmap/$(date +%F_%H-%M-%S)-nmap.csv"
    '';
    serviceConfig = {
      Type = "oneshot";
      User = "root";
    };
  };
  
  systemd.tmpfiles.rules = [
    "d /data 777 root root"
    "d /data/nmap 777 root root"
  ];
}