{ zentralwerk, config, lib, pkgs, ... }:
let
  netConfig = zentralwerk.lib.config.site.net.serv;

  mac = {
    serv = "e2:e9:bb:f4:4a:fe";
    pub = "e2:e9:bb:f4:4a:ff";
  };

in
{
  microvm = {
    mem = 1024;

    writableStoreOverlay = "/nix/.rw-store";

    volumes = [ {
      image = "/dev/zvol/tank/storage/leoncloud/nix-store-overlay";
      mountPoint = config.microvm.writableStoreOverlay;
      size = 32 * 1024;
    } ];
  };

  nix.settings.auto-optimise-store = lib.mkForce false;

  c3d2.deployment = {
    server = "server9";
    mounts = [ "etc" "home" "var"];
    autoNetSetup = true;
  };

  networking = {
    hostName = "leoncloud";
    firewall.enable = true;
  };

  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };

  c3d2.hq.statistics.enable = true;

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    wget vim python3Full nmap htop wireguard-tools 
  ];

  users.users.leoncloud = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    createHome = true;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2zpmWA3Z9zshWaU8k1SWyJnbAyasOu9pV+9BvTY0XE leon@¯\_(ツ)_/¯"
	  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPZoT83l0ogbJpviBs4VmO+NdF4NPtYAnyf8RRSoXsv leon@leon"
	];
  };

  networking.firewall = {
    allowedTCPPorts = [ 80 443 22 ];
    allowedUDPPorts = [ ];  
  };
#------------------DOCKER----------------------------

  virtualisation.docker.enable = true;

#------------------DOCKER----------------------------

  system.stateVersion = "22.05";
}