{ config, pkgs, ... }:

{
  imports =
    [
      ./hardware-configuration.nix

      ./restic-server.nix
    ];

  profiles.clerie.cybercluster-vm.enable = true;

  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";

  networking.useDHCP = false;
  systemd.network.enable = true;

  systemd.network.networks."10-wan" = {
    matchConfig.Name = "ens18";
    address = [
      "2001:638:904:ffc1::6/64"
    ];
    routes = [
      { Gateway ="2001:638:904:ffc1::1"; }
    ];
    linkConfig.RequiredForOnline = "routable";
  };

  services.nginx.enable = true;

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.borgbackup.repos = {
    uberspace-ceea = {
      authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiUWufpvAj/Rdxt/frAjs5Q4+/lzaN2jmf5+W3Gazjzw+CH+Agplux6op+LlzF7kAA32yP+lwQto8Rz92NzReDssXd+0JhgAAHrSMrPOPnQbZrierKOfVvDOteklEM4k5JXqZ+xHIMtNomuMV3wCFc18nvwc8t95pDBOI/HwzAwn2mGhVBod0CNXZs8EyMeQJNKLCRwpUrddOX6fz5x/fbPYO4KB3iPkC0X+e/d5SuBvrmwFdnpr2RkCboMPdd6i/0AsY4MLdMV54arS9Ed2jaFKqYCQR5wRdLxndn+aByyVQHQxVU0gVfO9+53NOgiVzhOFzXm6K2KcC/HZR5uj1r ceea@olbers.uberspace.de" ];
      path = "/mnt/clerie-backup/uberspace-ceea";
    };
  };

  # fix borgbackup primary grouping
  users.users.borg.group = "borg";

  services.borgbackup.jobs = {
    backup-replication-hetzner = {
      paths = [
        "/mnt/clerie-backup"
      ];
      doInit = true;
      repo =  "u275370-sub2@u275370.your-storagebox.de:./clerie-backup/" ;
      encryption = {
        mode = "none";
      };
      environment = { BORG_RSH = "ssh -p 23 -i /var/src/secrets/ssh/borg-backup-replication-hetzner"; };
      compression = "auto,lzma";
      startAt = "*-*-* 04:07:00";
    };
  };

  clerie.monitoring = {
    enable = true;
    id = "204";
    pubkey = "p6OEQ0HG6qiMHlGgCt48sXBuawPkoskSoIuMUVo2Dyc=";
  };

  system.stateVersion = "21.03";
}