{ hostRegistry, config, pkgs, lib, strings, ... }:

let
  eth0 = "ens18";
in
{
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./streamdump.nix
    # ../../config
    # ../../config/hq.nix
    # ../../config/shared.nix
  ];

  c3d2 = {
    k-ot.enable = true;
    isInHq = true;
    mergeHostsFile = true;
    hq.interface = eth0;
    mountCeph = "/mnt/cephfs";
  };

  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  boot.loader.grub = {
    enable = true;
    version = 2;
    efiSupport = true;
    devices = [ "nodev" ];
  };
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.loader.efi.canTouchEfiVariables = true;
  systemd.enableEmergencyMode = false;

  networking = {
    hostName = "storage-ng";
    # usePredictableInterfacenames = false;
    interfaces."${eth0}" = {
      ipv4.addresses = [{
        address = config.c3d2.hosts.${config.networking.hostName}.ip4;
        prefixLength = 24;
      }];
      ipv6.addresses = [{
        address = config.c3d2.hosts.${config.networking.hostName}.ip6;
        prefixLength = 64;
      }];
    };

    defaultGateway.address = "172.22.99.4";
    defaultGateway.interface = eth0;
    nameservers = [
      hostRegistry.hosts.dnscache.ip4
      hostRegistry.hosts.dnscache.ip6
      "9.9.9.9"
    ];
  };

  environment.systemPackages = with pkgs; [
    screen
    zsh
    lftp
    lsof
    psmisc
    git-annex

    mpv
    iotop
  ];

  programs.bash.enableCompletion = true;
  programs.mtr.enable = true;
  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

  services.openssh = {
    enable = true;
    allowSFTP = true;
  };

  services.atftpd = {
    enable = true;
    root = "/mnt/cephfs/c3d2/tftp";
  };

  services.samba = {
    enable = true;
    enableNmbd = true;
    extraConfig = ''
      workgroup = HQ
      server string = storage
      netbios name = storage
      hosts allow = 172.20.0.0/14 127.0.0.0/8 ::1/128 fe80::/64 fd23:42:c3d2:500::/56 2a00:8180:2c00:200::/56
      hosts deny = 0.0.0.0/0
      security = user
      guest account = nobody
      map to guest = bad user
      smb encrypt = required
      ntlm auth = yes
      passdb backend = smbpasswd
    '';
    shares = {
      c3d2 = {
        path = "/mnt/cephfs/c3d2";
        browseable = "yes";
        writable = "yes";
        "valid users" = "k-ot";
        "guest ok" = "no";
        "create mode" = "0666";
        "directory mode" = "0777";
      };
    };
  };

  networking.firewall.enable = false;

  system.stateVersion = "19.03"; # Did you read the comment?
}