{ zentralwerk, config, pkgs, lib, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./hydra.nix
    ./cache.nix
    ./updater.nix
    ../../config/c3d2.nix
  ];

  nixpkgs.config.allowUnfree = true;

  security.pam.enableSSHAgentAuth = true;

  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };

  programs.mosh.enable = true;

  nix = {
    useSandbox = false;
    maxJobs = 4;
    buildCores = 16;
    gc = {
      automatic = true;
      dates = lib.mkForce "06:00";
      options = "--delete-older-than 14d";
    };
    autoOptimiseStore = true;
    sshServe.enable = true;
    trustedUsers = [ "@wheel" ];
  };

  boot = {
    tmpOnTmpfs = true;
    tmpOnTmpfsSize = "80%";
    kernelPackages = pkgs.linuxPackages_latest;
    kernelModules = [ "kvm-intel" ];
    kernelParams = [ "mitigations=off" "preempt=none" ];
    # For cross-building
    binfmt.emulatedSystems = [ "armv6l-linux" "armv7l-linux" "aarch64-linux" "riscv32-linux" "riscv64-linux" ];
  };

  networking = {
    hostName = "hydra";
    firewall.enable = false;
    defaultGateway = "172.20.73.1";
    interfaces.enp3s0 = {
      useDHCP = false;
      tempAddress = "disabled";
      ipv4.addresses = [{
        address = "172.20.73.49";
        prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
      }];
    };
    nameservers = [ "172.20.73.8" "9.9.9.9" ];
  };

  c3d2.hq.statistics.enable = true;

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "20.09"; # Did you read the comment?
}