{ config, pkgs, ... }:
{
  c3d2 = {
    deployment.server = "server10";
    hq.statistics.enable = true;
  };

  microvm = {
    mem = 1024;
    vcpu = 8;
  };

  networking.hostName = "buzzrelay";

  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets = {
      "buzzrelay/privKey".owner = config.services.buzzrelay.user;
      "buzzrelay/pubKey".owner = config.services.buzzrelay.user;
    };
  };

  services = {
    buzzrelay = {
      enable = true;
      hostName = "relay.fedi.buzz";
      privKeyFile = config.sops.secrets."buzzrelay/privKey".path;
      pubKeyFile = config.sops.secrets."buzzrelay/pubKey".path;
    };

    nginx = {
      enable = true;
      virtualHosts."relay.fedi.buzz" = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://127.0.0.1:${toString config.services.buzzrelay.listenPort}/";
      };
    };

    postgresql = {
      package = pkgs.postgresql_15;
      settings.log_min_duration_statement = 50;
      upgrade.stopServices = [ "buzzrelay" ];
    };
  };

  system.stateVersion = "22.11";
}