{ config, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./microvm-staging.nix
  ];

  c3d2 = {
    deployment.microvmBaseZfsDataset = "server10/vm";
    hq.statistics.enable = true;
    simd.arch = "ivybridge";
  };

  boot = {
    loader.grub = {
      enable = true;
      version = 2;
      device = "/dev/sda";
    };
    kernelParams = [
      "preempt=none"
      # No server/router runs any untrusted user code
      "mitigations=off"
    ];
    tmpOnTmpfs = true;
    tmpOnTmpfsSize = "80%";
  };

  networking = {
    firewall = {
      enable = true;
      allowedTCPPorts = [ 22 ];
    };
    hostName = "server10";
    # TODO: change that to something more random
    hostId = "10101010";
  };

  services = {
    openssh.enable = true;
    smartd.enable = true;
    zfs.autoScrub.enable = true;

    # reserve resources for legacy MicroVMs
    nomad.settings.client.reserved = {
      cpu = 4200;
      # see /sys/fs/cgroup/system.slice/system-microvm.slice/memory.current
      memory = 28 * 1024;
    };
  };

  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets."machine-id" = {
      mode = "444";
      path = "/etc/machine-id";
    };
  };

  # static list of microvms from other sources
  microvm.autostart = [
    "data-hoarder"
    "staging-data-hoarder"
  ];
  skyflake.nomad.client.meta."c3d2.cpuSpeed" = "4";

  system.stateVersion = "21.11"; # Did you read the comment?
}