{ config, pkgs, lib, ... }:

with lib;
let
  hostname = "procul";
  mail-hostname = hostname;
  host_ipv4 = "172.86.179.18";
  all-hostnames = [];

  acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem";
  acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem";
  acme-ca = "/etc/nixos/static/letsencryptauthorityx3.pem";

  fudo-ca = "/etc/nixos/static/fudo_ca.pem";

in {

  boot.loader.grub = {
    enable = true;
    version = 2;
    device = "/dev/sdb";
  };

  imports = [
    ../hardware-configuration.nix

    ../defaults.nix
  ];

  fudo.common = {
    # Sets some server-common settings. See /etc/nixos/fudo/profiles/...
    profile = "server";

    # Sets some common site-specific settings: gateway, monitoring, etc. See /etc/nixos/fudo/sites/...
    site = "joes";

    local-networks = [
      "172.86.179.18/29"
      "208.81.1.128/28"
      "208.81.3.112/28"
      "172.17.0.0/16"
      "127.0.0.0/8"
    ];
  };

  environment.systemPackages = with pkgs; [
    multipath-tools
  ];

  # Not all users need access to procul; don't allow LDAP-user access.
  fudo.authentication.enable = false;

  # TODO: not used yet
  fudo.acme.hostnames = all-hostnames;

  networking = {
    hostName = hostname;

    dhcpcd.enable = false;
    useDHCP = false;

    # TODO: fix IPv6
    enableIPv6 = true;

    # Create a bridge for VMs to use
    macvlans = {
      extif0 = {
        interface = "enp0s25";
        mode = "bridge";
      };
    };

    interfaces = {
      extif0 = {
        # result of:
        # echo $FQDN-extif|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
        macAddress = "02:e2:b7:db:e8:af";
        ipv4.addresses = [
          {
            address = host_ipv4;
            prefixLength = 29;
          }
        ];
      };
    };
  };

  hardware.bluetooth.enable = false;
}