{ config, pkgs, lib, ... }:

{
  imports = [
    <nixpkgs/nixos/modules/profiles/minimal.nix>
    ./hydra.nix
    ./cache.nix
    ../../lib
    ../../lib/hq.nix
    ../../lib/buildfarmer.nix
    ../../lib/yggdrasil.nix
  ];

  c3d2 = {
    users = {
      emery = true;
      windsleep = true;
    };
    isInHq = true;
    mapHqHosts = true;
    hq.interface = "eth0";
  };

  networking.interfaces.eth0.preferTempAddress = false;
  systemd.services.yggdrasil.preStart = ''
    mkdir -p /dev/net
    mknod /dev/net/tun c 10 200 || true
    chmod 0666 /dev/net/tun
  '';
  services.yggdrasil = {
    configFile = "/var/lib/yggdrasil/keys";
    config.Peers = [
      "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
      "tcp://ygg.thingylabs.io:443" # Nürnberg
      "tcp://176.223.130.120:22632" # Wrocław
      "tcp://[2a05:9403::8b]:7743" # Praha
    ];
  };

  nixpkgs.config.allowUnfree = true;

  security.pam.enableSSHAgentAuth = true;

  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };

  programs.mosh.enable = true;

  nix = {
    distributedBuilds = true;
    package = pkgs.nixFlakes;
    useSandbox = false;
    maxJobs = lib.mkDefault 10;
    autoOptimiseStore = true;
    gc = {
      automatic = true;
      dates = "06:00";
      options = "--delete-older-than 14d";
    };
    sshServe.enable = true;
    trustedUsers = [ "root" ];
  };

  boot = {
    tmpOnTmpfs = true;
    isContainer = true;
    loader.initScript.enable = true;
    loader.grub.enable = false;
    # For cross-building
    binfmt.emulatedSystems = [ "aarch64-linux" ];
  };

  fileSystems."/" = {
    fsType = "rootfs";
    device = "rootfs";
  };

  networking.hostName = "hydra";
  networking.firewall.enable = false;

  networking.useHostResolvConf = true;

  # caused problems on this host -- Astro 2019-09-08
  services.resolved.enable = false;

  # Set your time zone.
  time.timeZone = "Europe/Berlin";
  i18n = {
    defaultLocale = "en_US.UTF-8";
    supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
  };

  environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal ];

  # Create a few files early before packing tarball for Proxmox
  # architecture/OS detection.
  system.extraSystemBuilderCmds = ''
    mkdir -m 0755 -p $out/bin
    ln -s ${pkgs.bash}/bin/bash $out/bin/sh
    mkdir -m 0755 -p $out/sbin
    ln -s ../init $out/sbin/init
  '';

  services.collectd = {
    enable = true;
    autoLoadPlugin = true;
    extraConfig = ''
      Interval 10
      <Plugin "cpu">
      </Plugin>
      <Plugin "memory">
      </Plugin>
      <Plugin "interface">
      </Plugin>
      <Plugin "load">
      </Plugin>
      <Plugin "swap">
      </Plugin>
      <Plugin "network">
        Server "grafana.hq.c3d2.de" "25826"
      </Plugin>
    '';
  };

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "19.03"; # Did you read the comment?
}