{ config, lib, pkgs, ... }:

with pkgs.lib;
let
  hostname = "locum";

  host-ipv4 = "190.2.134.48";
  hostData = config.fudo.hosts."${hostname}";
  site = config.fudo.sites."${hostData.site}";

  hostSecrets = config.fudo.secrets.host-secrets."${hostname}";

in {
  config = {
    networking = {
      enableIPv6 = true;
      nameservers = [ "127.0.0.1" ];
      defaultGateway = {
        interface = "extif0";
        address = site.gateway-v4;
      };

      interfaces.extif0 = {
        ipv4.addresses = [{
          address = host-ipv4;
          prefixLength = 24;
        }];
      };
      firewall = {
        enable = false;
        interfaces.podman0.allowedUDPPorts = [ 53 ];
      };
    };

    virtualisation = {
      podman = {
        enable = true;
        autoPrune.enable = true;
        dockerSocket.enable = true;
        defaultNetwork.settings.dns_enabled = true;
      };
      oci-containers.backend = "podman";
      arion.backend = "podman-socket";
    };

    security.acme.defaults.email = "root@informis.land";

    fudo = {
      client.dns = {
        ipv4 = true;
        ipv6 = true;
        user = "fudo-client";
        external-interface = "extif0";
      };

      secure-dns-proxy = {
        enable = true;
        upstream-dns =
          [ "https://1.1.1.1/dns-query" "https://1.0.0.1/dns-query" ];
        bootstrap-dns = "1.1.1.1";
        listen-ips = [ "127.0.0.1" ];
        listen-port = 53;
        allowed-networks =
          [ "1.1.1.1/32" "1.0.0.1/32" "localhost" "link-local" ];
      };

      # mail-server = {
      #   clamav.state-directory = "/state/services/mail/clamav";
      #   dkim = { key-directory = "/state/services/mail/dkim"; };
      # };

      mail.state-directory = "/state/services/mail";

      services = {
        auth = {
          kerberos.state-directory = "/state/services/kerberos";
          ldap.state-directory = "/state/services/ldap";
        };
        logging.loki.state-directory = "/state/services/loki";
        metrics = {
          prometheus.state-directory = "/state/services/prometheus";
          grafana.state-directory = "/state/services/grafana";
        };
        mail-server.state-directory = "/state/services/msailserver";
        dns.zones."informis.land".enable = true;
      };
    };

    services = {
      authentikContainer.state-directory = "/state/services/authentik";
      lemmyDocker = {
        enable = true;
        hostname = "informis.land";
        site-name = "Informis Lemmy";
        version = "0.18.2";
        state-directory = "/state/services/lemmy";
        smtp-server = "smtp.informis.land:587";
        docker-images = {
          pictrs = "asonix/pictrs:0.4.0-rc.14";
          postgres = "postgres:15-alpine";
        };
      };

      nginx = {
        enable = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        recommendedProxySettings = true;
      };
    };
  };
}