{ config, lib, pkgs, ... }:

with lib;
let
  hostOpts = { hostname, ... }: {
    options = with types; {
      hostname = mkOption {
        type = types.str;
        description = "Hostname (without domain name).";
        default = hostname;
      };

      domain = mkOption {
        type = types.str;
        description =
          "Domain to which the host belongs, in the form of a domain name.";
        default = "fudo.org";
      };

      site = mkOption {
        type = types.str;
        description = "Site at which the host is located.";
      };

      local-networks = mkOption {
        type = listof str;
        description =
          "A list of networks to be considered trusted by this host.";
        default = [ "127.0.0.0/8" ];
      };

      profile = mkOption {
        # FIXME: get this list from profiles directly
        type = listof (enum "desktop" "laptop" "server");
        description =
          "The profile to be applied to the host, determining what software is included.";
      };

      admin-email = mkOption {
        type = nullOr str;
        description = "Email for the administrator of this host.";
        default = null;
      };

      local-users = mkOption {
        type = listOf str;
        description =
          "List of users who should have local (i.e. login) access to the host.";
        default = [ ];
      };

      description = mkOption {
        type = types.str;
        description = "Description of this host.";
        default = "Another Fudo Host.";
      };

      local-admins = mkOption {
        type = listOf str;
        description =
          "A list of users who should have admin access to this host.";
        default = [ ];
      };

      local-groups = mkOption {
        type = listOf str;
        description = "List of groups which should exist on this host.";
        default = [ ];
      };

      ssh-fingerprints = mkOption {
        type = listOf str;
        description = ''
          A list of DNS SSHFP records for this host.
        '';
        default = [ ];
      };

      rp = mkOption {
        type = nullOr str;
        description = "Responsible person.";
        default = null;
      };

      enable-gui = mkEnableOption "Install desktop GUI software.";

      docker-server = mkEnableOption "Enable Docker on the current host.";
    };
  };

in {
  options.fudo.hosts = with types;
    mkOption {
      type = attrsOf (submodule hostOpts);
      description = "Host configurations for all hosts known to the system.";
      default = { };
    };

  config = let
    hostname = config.instance.hostname;
    host-cfg = config.fudo.hosts.${hostname};
    site-name = host-cfg.site;
    site = config.fudo.sites.${site-name};
    domain-name = host-cfg.domain;
    domain = config.fudo.domain.${domain-name};

  in {
    networking = {
      hostName = config.instance.hostname;
      nameservers = site.nameservers;
      # This will cause a loop on the gateway itself
      #defaultGateway = site.gateway-v4;
      #defaultGateway6 = site.gateway-v6;

      # Necessary to ensure that Kerberos and Avahi both work. Kerberos needs
      # the fqdn of the host, whereas Avahi wants just the simple hostname.`
      hosts = { "127.0.0.1" = [ "${hostname}.${domain-name}" "${hostname}" ]; };
    };

    krb5.libdefaults.default_realm = domain.gssapi-realm;

    services.cron.mailto = domain.admin-email;

    environment.systemPackages = with pkgs;
      mkIf (host-cfg.docker-server) [ docker nix-prefetch-docker ];

    virtualisation.docker = mkIf (host-cfg.docker-server) {
      enable = true;
      enableOnBoot = true;
      autoPrune.enable = true;
    };
  };
}