{ zentralwerk, config, pkgs, ... }:
let
  netConfig = zentralwerk.lib.config.site.net.serv;

in
{
  microvm = {
    hypervisor = "qemu";

    shares = [ {
      source = "/nix/store";
      mountPoint = "/nix/.ro-store";
      tag = "store";
      proto = "virtiofs";
      socket = "store.socket";
    } ] ++ map (dir: {
      source = "/var/lib/microvms/${config.networking.hostName}/${dir}";
      mountPoint = "/${dir}";
      tag = dir;
      proto = "virtiofs";
      socket = "${dir}.socket";
    }) [ "etc" "home" "var"];

    interfaces = [ {
      type = "tap";
      id = "leon";
      mac = "00:de:8d:c1:9f:45";
    } ];
  };

  networking = {
    hostName = "leon";

    useDHCP = false;
    interfaces.eth0 = {
      useDHCP = false;
      ipv4.addresses = [ {
        address = netConfig.hosts4.${config.networking.hostName};
        prefixLength = netConfig.subnet4Len;
      } ];
    };
    defaultGateway = netConfig.hosts4.serv-gw;
    nameservers = [
      netConfig.hosts4.dnscache "9.9.9.9"
    ];

    firewall.enable = true;
  };

  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };
  services.openssh.enable = true;

  users.users.leon = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    createHome = true;
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcYiIES2gFpS4OXFpCkiVqV34+duNKOAySkSsO+1e8Nyegmb7mchmCy78uohsjgZD5lPwNUX9UsAY4Uw9vO9w5QV/2zAX5XNElKf8xm4UvtkEiKU5zquxn3iAi1UBrT2+AgRZEOzkPpc5yeh76b9thYZULUao6CXAR2TTD2CaYFIOrZ2psDtAAdNdq8Sqkpg5BaVFnTITHIc+ihr2QpONFsWGHA4J2jgLnKATQIXMfCJuAJb2oAA6FkyMbDqcCkt6Y0FDhHX9Vj8ANzoSwKmptG3S6EEryz/XfYkkqNG37FgKXpCg4pMm84X6T0oWIJ3xLWH7UFAMkxeHE34GYnnU0fw0hmcY0DHYZsG9n+2cKpr0XXA6sXYdp5VwGBJItbAZF3m2qK1xyLtBk02sPzlaS/88knMa784ISPXPJ2fQqoO5cX3fkPJkrK4csEf08ERFa/wouUl+fSDSfK8Ug1qAsY//JpfMSaSZsa6vGS83thpqfWJbxN/dD7Er/lYFA/tE= leon@MacBook-Air"
    ];
  };

  system.stateVersion = "22.05";
}