{ config, pkgs, lib, ... }:

let yggaddr = import ./yggaddr.nix;
in {
  imports = [
    <nixpkgs/nixos/modules/profiles/minimal.nix>
    ../../lib
    ../../lib/default-gateway.nix
    ../../lib/buildfarmer.nix
    ../../lib/yggdrasil.nix
    ./containers
    ./hardware-configuration.nix
    ./hydra.nix
    ./nix-serve.nix
  ];

  c3d2 = {
    users = {
      emery = true;
      windsleep = true;
    };
    isInHq = true;
    mapHqHosts = true;
    hq = {
      interface = "br0";
      statistics.enable = true;
    };
  };

  fileSystems."/srv/ceph" = {
    device = "172.22.99.13:6789:/";
    fsType = "ceph";
    options = [
      "name=storage2"
      "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
      "noatime,_netdev"
      "noauto"
      "x-systemd.automount"
      "x-systemd.device-timeout=175"
      "users"
    ];
  };

  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    statusPage = true;
  };

  # Route IPv6
  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
  # Obtain global IPv6 despite being a router myself
  boot.kernel.sysctl."net.ipv6.conf.eth0.accept_ra" = 2;

  services.yggdrasil = {
    configFile = "/var/lib/yggdrasil/keys";
    config.Peers = [
      "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
      "tcp://ygg.thingylabs.io:443" # Nürnberg
      "tcp://176.223.130.120:22632" # Wrocław
      "tcp://[2a05:9403::8b]:7743" # Praha
    ];
  };

  security.sudo.wheelNeedsPassword = false;
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
    # DO NOT CHANGE, KINDERGARTEN IS OVER
  };

  programs.mosh.enable = true;

  nix = {
    package = pkgs.nixFlakes;
    extraOptions = "experimental-features = nix-command flakes ca-references";
    gc.automatic = true;
    optimise.automatic = true;
  };

  virtualisation.docker.enable = true;

  networking = {
    firewall.enable = false;
    hostName = "server7";
    useDHCP = false;
    bridges.br0.interfaces = [ "enp2s0f0" ];
    interfaces = {
      br0 = {
        useDHCP = true;
        preferTempAddress = false;
        ipv4.addresses = [{
          address = "172.22.99.245";
          prefixLength = 24;
        }];
        ipv6.addresses = [{
          address = yggaddr.prefix + ":1";
          prefixLength = 64;
        }];
      };
      enp2s0f1.useDHCP = false;
    };
  };

  environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixfmt ];

  services.collectd.extraConfig = ''
    LoadPlugin sensors
    LoadPlugin memory
    LoadPlugin irq
    LoadPlugin thermal
    LoadPlugin processes
    LoadPlugin disk
    LoadPlugin hddtemp
    LoadPlugin df
    LoadPlugin cpu
    LoadPlugin cpufreq
    LoadPlugin entropy
    LoadPlugin load
    LoadPlugin swap
    LoadPlugin cgroups
    LoadPlugin vmem
    LoadPlugin interface
  '';

  boot.tmpOnTmpfs = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  };

  time.timeZone = "Europe/Berlin";

  system.stateVersion = "19.09"; # Did you read the comment?
}