{ pkgs, lib, modulesPath, ... }:

{
  imports = [
    (modulesPath + "/profiles/minimal.nix")
    (modulesPath + "/profiles/docker-container.nix")
  ];

  networking.networkmanager.dns = "unbound";
  networking.useHostResolvConf = false;

  nix.useSandbox = false;
  nix.maxJobs = lib.mkDefault 1;
  nix.buildCores = lib.mkDefault 4;
  networking.useNetworkd = true;
  networking.useDHCP = false;
  services.resolved.enable = false;
  networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];

  networking.interfaces.eth0 = {
    useDHCP = false;
    preferTempAddress = false;
  };
  systemd.network.networks."40-eth0" = {
    networkConfig = {
      IPv6AcceptRA = true;
      LinkLocalAddressing = "ipv6";
    };
  };

  boot.isContainer = true;

  # /sbin/init
  boot.loader.initScript.enable = true;
  boot.loader.grub.enable = false;

  # Create a few files early before packing tarball for Proxmox
  # architecture/OS detection.
  system.extraSystemBuilderCmds =
      ''
          mkdir -m 0755 -p $out/bin
          ln -s ${pkgs.bash}/bin/bash $out/bin/sh
          mkdir -m 0755 -p $out/sbin
          ln -s ../init $out/sbin/init
      '';

  fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };

  # add central logging
  services.journalbeat = {
    enable = true;
    tags = [ "container" ];
    extraConfig = ''
      journalbeat:
        seek_position: cursor
        cursor_seek_fallback: tail
        write_cursor_state: true
        cursor_flush_period: 5s
        clean_field_names: true
        convert_to_numbers: false
        move_metadata_to_field: journal
        default_type: journal
        kernel: true
      output.logstash:
        # Boolean flag to enable or disable the output module.
        enabled: true
        hosts: ["logging.serv.zentralwerk.org:5044", "172.20.73.13:5044"]
        '';
  };

  # Required for remote deployment
  services.openssh.enable = true;

}