{ config, lib, pkgs, ... }:

{
  imports = [
    ../../common
    ./encboot.nix
    ./hardware.nix
    ./services/murmur.nix
    ./services/mail.nix
#   ./services/engelsystem.nix
    ./services/codimd.nix
    ../../common
    ./wireguard.nix
    ./services/nginx.nix
#   ./k8s.nix
    ./services/docker.nix
    ./services/rocket.nix
    ./services/gitlab-runner.nix
  ];
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";
  boot.supportedFilesystems = [ "zfs" ];

  # networking
  networking.hostName = "hainich";
  networking.hostId = "8a58cb2f";
  networking.useDHCP = true;
  networking.interfaces.enp6s0.ipv4.addresses = [
    {
      address = "46.4.63.148";
      prefixLength = 27;
    }

    {
      address = "46.4.63.158";
      prefixLength = 27;
    }
  ];
  networking.interfaces.enp6s0.ipv6.addresses = [ {
    address = "2a01:4f8:140:84c9::1";
    prefixLength = 64;
  } ];
  networking.defaultGateway = "46.4.63.129";
  networking.nameservers = [
    "1.1.1.1" "1.0.0.1"
    "2606:4700:4700::1111" "2606:4700:4700::1001"
  ];
# networking.defaultGateway6 = {
#   address = "fe80::1";
#   interface = "enp6s0";
# };

  networking.nat.enable = true;
  networking.nat.internalInterfaces = ["ve-+"];
  networking.nat.externalInterface = "enp6s0";


  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # networking.firewall.enable = false;

  # misc
  time.timeZone = "UTC";

  environment.systemPackages = with pkgs; [
    wget vim git
  ];

  services.openssh.enable = true;
  services.openssh.ports = [ 22 62954 ];

  users.users.root = {
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDNVUDKx9sukRkb6INny432+2HZBWx/qIEAOvngF1qcj hexchen@montasch"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvmrk3i04tXfrSlZtHFbG3o6lQgh3ODMWmGDING4TJ4ctidexmMNY15IjVjzXZgQSET1uKLDLITiaPsii8vaWERZfjm3jjub845mpKkKv48nYdM0eCbv7n604CA3lwoB5ebRgULg4oGTi60rQ4trFf3iTkJfmiLsieFBZz7l+DfgeDEjDNSJcrkOggGBrjE5vBXoDimdkNh8kBNwgMDj1kPR/FHDqybSd5hohCJ5FzQg9vzl/x/H1rzJJKYPO4svSgHkYNkeoL84IZNeHom+UEHX0rw2qAIEN6AiHvNUJR38relvQYxbVdDSlaGN3g26H2ehsmolf+U0uQlRAXTHo0NbXNVYOfijFKL/jWxNfH0aRycf09Lu60oY54gkqS/J0GoQe/OGNq1Zy72DI+zAwEzyCGfSDbAgVF7Y3mU2HqcqGqNzu7Ade5oCbLmkT7yzDM3x6IsmT1tO8dYiT8Qv+zFAECkRpw3yDkJkPOxNKg10oM318whMTtM3yqntE90hk= schweby@taxusbaccata"
    ];
    initialHashedPassword = "$6$F316njEF2$GMF4OmPSF6QgZ3P/DblQ/UFMgoo98bztbdw7X0ygvBGC1UMMIc13Vtxjd/ZGRYW/pEHACZZ7sbRZ48t6xhvO7/";
#   shell = pkgs.fish;
  };

  # storage stuffs!
  services.zfs = {
    autoSnapshot = {
      enable = true;
    };
    autoScrub = {
      enable = true;
    };
  };

  services.journald.extraConfig = ''
  MaxFileSec=6h
  MaxRetentionSec=72h
  '';

  boot.kernelPackages = pkgs.linuxPackages;
 
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.03"; # Did you read the comment?
}