{ config, lib, pkgs,  ... }: {
  imports = [
    ./hardware-configuration.nix
    ./networking.nix # generated at runtime by nixos-infect
    
  ];

  boot.tmp.cleanOnBoot = true;
  environment.systemPackages = with pkgs; [
    bzip2
    fish
    git
    htop
    neovim
    tmux
    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    wget
  ];
  i18n.defaultLocale = "en_US.UTF-8";
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  programs.neovim.enable = true;
  programs.neovim.defaultEditor = true;

  security.acme = {
    acceptTerms = true;
    #certs."new.anythingforafriend.com" = {
      #dnsProvider = "porkbun";
      #domain = "anythingforafriend.com";
      #environmentFile = "/opt/keys/porkbun";
      #group = "nginx";
    #};
    defaults.email = "eli@gleipnir.technology";
  };
  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  services.cloud-init = {
    enable = true;
    network.enable = false;
  };
  services.phpfpm = {
    phpOptions = ''
      display_errors = on;
    '';
    pools.anythingforafriend = {
      user = "www-data";
      settings = {
        "listen.owner" = config.services.nginx.user;
        "pm" = "dynamic";
        "pm.max_children" = 32;
        "pm.max_requests" = 500;
        "pm.start_servers" = 2;
        "pm.min_spare_servers" = 2;
        "pm.max_spare_servers" = 5;
        "php_admin_value[error_log]" = "stderr";
        "php_admin_flag[log_errors]" = true;
        "catch_workers_output" = true;
      };
      phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
    };
  };
  services.mysql = {
    enable = true;
    package = pkgs.mariadb;
  };
  services.nginx = {
    enable = true;
    virtualHosts."new.anythingforafriend.com" = {
      addSSL = true;
      enableACME = true;
      extraConfig = ''
        error_log /var/log/nginx/error.log warn;
        fastcgi_intercept_errors on;
        include ${pkgs.nginx}/conf/mime.types;
	index index.php index.html;
      '';
      locations."/" = {
        extraConfig = ''
	  try_files $uri /index.php/$request_uri;
	'';
      };
      locations."~ \\.php" = {
        extraConfig = ''
	  try_files $uri =404;
	  set $script $uri;
	  set $path_info "";
	  if ($uri ~ "^(.+\.php)(/.+)") {
	    set $script $1;
	    set $path_info $2;
	  }
	  fastcgi_split_path_info ^(.+\.php)(/.+)$;
	  fastcgi_pass unix:${config.services.phpfpm.pools.anythingforafriend.socket};
	  include ${pkgs.nginx}/conf/fastcgi.conf;
	  fastcgi_param URI $uri;
	  fastcgi_param PATH_INFO $path_info;
	  fastcgi_param SCRIPT_NAME $script;
	  fastcgi_param SCRIPT_FILENAME $document_root$script;
	'';
      };
      root = "/var/www/new.anythingforafriend.com";
    };
  };
  services.openssh = {
    enable = true;
    # require public key authentication for better security
    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;
    settings.PermitRootLogin = "no";
  };
  services.swapspace.enable = true;


  # Set your time zone.
  time.timeZone = "America/Phoenix";

  users.groups.deploy = {};
  users.groups.nginx = {};
  users.users.www-data = {
    isSystemUser = true;
    createHome = true;
    extraGroups = [ "nginx" ];
    home = "/var/www/new.anythingforafriend.com";
    homeMode = "770";
    group = "nginx";
  };
  users.users.deploy = {
    extraGroups = [ "deploy" ];
    isNormalUser = true;
  };
  users.users.eliribble = {
	    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    initialHashedPassword = "$y$j9T$XYOMZR8RZEiTnpaF8lsxv1$H7YbWDpzbnYXTLN0ZMhvtKOlSMy64P7C/RdLBaeaNf/";
    isNormalUser = true;
    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvhtF6nRWlA6PVs71Eek7p0p2PxTd3P6ZEGFV2t75MB eliribble@nixos"];
  };
  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvhtF6nRWlA6PVs71Eek7p0p2PxTd3P6ZEGFV2t75MB eliribble@nixos'' ];




  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "23.11";

}