{ config, lib, pkgs, sources, modules, ... }:

{
  imports = [
   ../../common
    ./hardware.nix
    modules.encboot
    modules.network.nftables modules.nftnat
    ((import sources.nix-hexchen) {}).profiles.nopersist

    ../../services/nextcloud
    ../../services/mattermost.nix
    ../../services/thelounge.nix
    ../../services/murmur.nix
    ../../services/hedgedoc-hacc.nix
    ../../services/hedgedoc-i4f.nix
  ];

  hexchen.encboot = {
    enable = true;
    dataset = "-a";
    networkDrivers = [ "igb" ];
  };

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ];
  boot.supportedFilesystems = [ "zfs" ];

  networking.hostId = "b2867696";
  networking.useDHCP = true;
  networking.nftables.enable = true;
  hexchen.nftables.nat.enable = true;
  networking.nat.internalInterfaces = ["ve-+"];
  networking.nat.externalInterface = "enp35s0";

  services.nginx.enable = true;
  services.nginx.recommendedProxySettings = true;
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.restic.backups.tardis = {
    passwordFile = "/persist/restic/system";
    s3CredentialsFile = "/persist/restic/system.s3creds";
    paths = [
      "/home"
      "/persist"
    ];
    pruneOpts = [
      "--keep-daily 7"
      "--keep-weekly 5"
      "--keep-monthly 3"
    ];
    repository = "b2:tardis-parsons:system";
  };

  system.stateVersion = "21.05";
}