# KAWA Physical - Configuration pour machine physique CPU
# Usage: imports = [ ./modules/kawa-physical.nix ];

{ pkgs, ... }:

{
  # Fixe le nom en dur pour éviter l'erreur /sys
  networking.hostName = "honor-v4-cpu";

  # Activation de Tailscale
  services.tailscale = {
    enable = true;
    extraUpFlags = [
      "--login-server=https://headscale.du-senegal.com"
      "--authkey=f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0"
      "--force-reauth"
    ];
  };

  # CONFIGURATION OLLAMA CPU
  services.ollama = {
    enable = true;
    acceleration = null; # Force le mode CPU uniquement
    host = "0.0.0.0";
    port = 11434;
  };

  # SSH pour ton confort futur
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "yes";
      PasswordAuthentication = true;
    };
  };

  # NATS Client
  services.nats = {
    enable = true;
    server = "100.64.0.1:4222";
  };

  # Syncthing pour synchronisation
  services.syncthing = {
    enable = true;
    user = "kawa";
    group = "kawa";
    config = {
      devices = {
        "vps-7ed4abb0" = { id = "AHF53QZ-ZYCQ2K7-556QBZ2-2UAYZL4-QNEQOGZ-PHZQIAG-4ZRXI3P-QLLJNA6"; };
      };
      folders = {
        "kawa-memory" = {
          path = "/home/kawa/.local/share/kawa/memory";
          devices = [ "vps-7ed4abb0" ];
        };
        "kawa-workspace" = {
          path = "/home/kawa/.local/share/kawa/workspace";
          devices = [ "vps-7ed4abb0" ];
        };
      };
    };
  };

  # Utilisateur KAWA
  users.users.kawa = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "tailscale" "syncthing" ];
    # Mot de passe initial (à changer)
    initialPassword = "kawa2026";
  };

  # Firewall
  networking.firewall = {
    allowedTCPPorts = [ 22 11434 4222 22000 ];
    allowedUDPPorts = [ 41641 22000 ];
    trustedInterfaces = [ "tailscale0" ];
  };

  # Packages système
  environment.systemPackages = with pkgs; [
    git
    vim
    tailscale
    ollama
    nats-cli
    curl
    wget
    htop
  ];

  # Systemd service pour connexion auto au mesh
  systemd.services.kawa-mesh-connect = {
    description = "KAWA Mesh Auto-Connect";
    after = [ "network-online.target" "tailscale.service" ];
    wants = [ "network-online.target" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "oneshot";
      ExecStart = "${pkgs.tailscale}/bin/tailscale up --login-server=https://headscale.du-senegal.com --authkey=f43f36ef159b3df799eb316b81bdac1b415c7cc2add174d0 --force-reauth";
      RemainAfterExit = true;
    };
  };
}