{ config, ... }:

{
  microvm.mem = 3 * 1024;
  c3d2.deployment.server = "server10";

  networking.hostName = "blogs";

  services = {
    backup = {
      enable = true;
      paths = [ "/var/lib/plume/" ];
    };

    nginx = {
      enable = true;
      virtualHosts."blogs.c3d2.de" = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://localhost:7878";
      };
    };
    plume = {
      enable = true;
      # See secrets/hosts/blogs for the .env file with all settings
      envFile = config.sops.secrets."plume/env".path;
    };
  };

  sops = {
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    defaultSopsFile = ./secrets.yaml;
    secrets = {
      "plume/env".owner = config.systemd.services.plume.serviceConfig.User;
    };
  };

  system.stateVersion = "22.05";
}