{ zentralwerk, config, lib, pkgs, ... }:

{
  deployment = {
    persistedShares = [ "/etc" "/home" "/var" ];
    storage = "big";
    mem = 2048;
  };

  nix.settings.auto-optimise-store = lib.mkForce false;

  networking = {
    hostName = "leoncloud";
    firewall.enable = true;
  };

  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };
  
  c3d2.hq.statistics.enable = true;

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    wget
    vim
    python3Full
    python310Packages.pip
    nmap
    htop
    wireguard-tools
    docker-compose 
  ];

  users.users.leon-docker = {
    isNormalUser = true;
    extraGroups = [ "wheel" "docker" ];
    createHome = true;
    openssh.authorizedKeys.keys = with import ../../users.nix;
      leon.sshKeys;
  };


# enable IP routing

  networking.firewall = {
    allowedTCPPorts = [ 80 443 22 53 14000 14500 15000  ];
    allowedUDPPorts = [ 18900 53 ];  
  };

#>-----------------docker-------------------------

  virtualisation.docker.enable = true;

#<-----------------docker-------------------------

#>-----------------wireguard client---------------

# Enable WireGuard
  networking.wireguard.interfaces = {
    vpn = {
      ips = [ "10.10.11.4/24" ];
      privateKeyFile = "/etc/nixos/wireguard-keys/private-key";
      peers = [
        {
          publicKey = "iEVq4lvvKFfqjcoYYyNkA0MS8rcSGaDfPwQGN3C7+D0=";
          allowedIPs = [ "10.10.11.0/24" ];
          endpoint = "45.158.40.162:18900";
          persistentKeepalive = 25;
        }
      ];
    };
  };

#<-----------------wireguard client---------------

#>-----------------nextcloud----------------------

services.nextcloud = {
    enable = true;
    hostName = "cloud";
    config = {
      dbtype = "pgsql";
      dbuser = "nextcloud";
      dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
      dbname = "nextcloud";
      adminpassFile = "/etc/nixos/next-cloud/pass";
      adminuser = "root";
      extraTrustedDomains = ["45.158.40.165" "172.20.79.254" "10.10.11.4" "10.10.11.1" ];
    };
  };

  services.postgresql = {
    enable = true;
    ensureDatabases = [ "nextcloud" ];
    ensureUsers = [
      {
        name = "nextcloud";
        ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
      }
    ];
  };

  # ensure that postgres is running *before* running the setup
  systemd.services."nextcloud-setup" = {
    requires = ["postgresql.service"];
    after = ["postgresql.service"];
  };

#<-----------------nextcloud----------------------

  system.stateVersion = "22.05";

}