{ config, pkgs, lib, ... }:

{
  imports = [ ./hydra.nix ./cache.nix ];

  c3d2 = {
    users = {
      emery = true;
      windsleep = true;
    };
    # hq.statistics.enable = true;
  };

  nixpkgs.config.allowUnfree = true;

  security.acme = {
    email = "mail@c3d2.de";
    acceptTerms = true;
  };
  security.pam.enableSSHAgentAuth = true;

  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };

  programs.mosh.enable = true;

  nix = {
    useSandbox = false;
    maxJobs = 4;
    buildCores = 20;
    autoOptimiseStore = true;
    gc = {
      automatic = true;
      dates = "06:00";
      options = "--delete-older-than 14d";
    };
    sshServe.enable = true;
    trustedUsers = [ "@wheel" ];
  };

  boot = {
    tmpOnTmpfs = true;
    # For cross-building
    binfmt.emulatedSystems = [ "aarch64-linux" ];
  };

  fileSystems."/" = {
    fsType = "rootfs";
    device = "rootfs";
  };

  networking = {
    hostName = "hydra";
    firewall.enable = false;
    defaultGateway = "172.20.73.1";
    interfaces.eth0.ipv4.addresses = [{
      address = "172.20.73.49";
      prefixLength = 26;
    }];
  };

  environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixFlakes ];
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "20.09"; # Did you read the comment?
}