{ inputs, config, ... }:
let
  sshKeys = import ../ssh_keys.nix;
in
{
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets.wg_private = {};

  imports =
    [ # Include the results of the hardware scan.
      #./hardware-configuration.nix
      ../modules/malobeo_user.nix
      ../modules/sshd.nix
      ../modules/minimal_tools.nix
      ../modules/autoupdate.nix
      inputs.self.nixosModules.malobeo.initssh
      inputs.self.nixosModules.malobeo.disko
      inputs.self.nixosModules.malobeo.microvm
    ];

  malobeo.autoUpdate = {
    enable = true;
    url = "https://hydra.dynamicdiscord.de";
    project = "malobeo";
    jobset = "infrastructure";
    cacheurl = "https://cache.dynamicdiscord.de";
  };

  nix = {
    settings.experimental-features = [ "nix-command" "flakes" ];
    #always update microvms
    extraOptions = ''
      tarball-ttl = 0
    '';
  };


  malobeo.disks = {
    enable = true;
    hostId = "a3c3101f";
    root = {
      disk0 = "disk/by-id/ata-SAMSUNG_MZ7LN256HCHP-000L7_S20HNAAH200381";
    };
    storage = {
      disks = ["disk/by-id/wwn-0x50014ee265b53b60" "disk/by-id/wwn-0x50014ee2bb0a194a"];
      mirror = true;
    };
  };

  malobeo.initssh = {
    enable = true;
    authorizedKeys = sshKeys.admins;
    ethernetDrivers = ["r8169"];
  };

  services.malobeo.vpn = {
    enable = true;
    name = "fanny";
    privateKeyFile = config.sops.secrets.wg_private.path;
  };

  services.malobeo.microvm.enableHostBridge = true;
  services.malobeo.microvm.deployHosts = [ "overwatch" "infradocs" "nextcloud" ];

  networking = {
    firewall = {
      allowedTCPPorts = [ 80 ];
    };
  };

  services.nginx = {
    enable = true;
    virtualHosts."docs.malobeo.org" = {
      locations."/" = {
        proxyPass = "http://10.0.0.11:9000";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };
    };

    virtualHosts."cloud.malobeo.org" = {
      locations."/" = {
        proxyPass = "http://10.0.0.13";
        extraConfig = ''
          proxy_set_header Host $host;
        '';
      };
    };
  };

  services.tor = {
    enable = true;
    client.enable = true;
  };

  # needed for printing drivers
  nixpkgs.config.allowUnfree = true; 

  services.acpid.enable = true;

  networking.hostName = "fanny";
  networking.networkmanager.enable = true;

  virtualisation.vmVariant.virtualisation.graphics = false;

  time.timeZone = "Europe/Berlin";
  system.stateVersion = "23.05"; # Do.. Not.. Change..
}