self-host-playbook/configuration.nix

{
  config,
  lib,
  pkgs,
  self,
  ...
}:
# Read configuration from JSON
let
  jsonConfig = builtins.fromJSON (builtins.readFile ./config.json);

  customServicesDir = ./custom-services;
  customServicesExists = builtins.pathExists customServicesDir;

  customServices =
    if customServicesExists
    then
      map
      (name: ./custom-services + "/${name}")
      (builtins.filter
        (name: lib.hasSuffix ".nix" name)
        (builtins.attrNames (builtins.readDir customServicesDir)))
    else [];
in {
  imports =
    [
      ./disko-config.nix
    ]
    ++ customServices;

  options.nixosConfig.flake = lib.mkOption {
    type = lib.types.path;
    description = "Path to the current flake configuration";
  };

  config = {
    nix.settings = {
      trusted-users = [jsonConfig.username];
    };
    # Set the flake path
    nixosConfig.flake = self;

    # Activation script to save the configuration
    system.activationScripts.saveFlakeConfig = {
      deps = [];
      text = ''
        rm -rf /etc/nixos/current-systemconfig
        mkdir -p /etc/nixos/current-systemconfig
        cp -rf ${config.nixosConfig.flake}/* /etc/nixos/current-systemconfig/
        cd /etc/nixos/current-systemconfig
        chown -R ${jsonConfig.username}:users /etc/nixos/current-systemconfig
        chmod -R u=rwX,g=rX,o=rX /etc/nixos/current-systemconfig
      '';
    };

    services.selfHostPlaybook = {
      enable = true;
      tier = "starter"; # This determines which services are enabled
    };

    # Networking
    networking = {
      hostName = jsonConfig.hostname;
      firewall = {
        enable = true;
        # Only allow necessary ports
        allowedTCPPorts = [80 443 2222]; # HTTP, HTTPS, and SSH
      };
    };

    environment.etc = {
      environment-files = {
        source = ./env;
      };
    };
    # User configuration
    users.users.${jsonConfig.username} = {
      isNormalUser = true;
      extraGroups = ["wheel" "docker"];
      hashedPassword = jsonConfig.hashedPassword;
      openssh.authorizedKeys.keys = [jsonConfig.sshKey];
      # Set default shell to bash
      shell = pkgs.bash;
    };

    programs.git = {
      enable = true;
      config = {
        user.name = jsonConfig.username;
        user.email = "${jsonConfig.username}@nixos";
        safe.directory = "/etc/nixos/current-systemconfig";
      };
    };
  };
}