{ config, lib, pkgs, ... }:
let
  duid = "00:01:00:01:21:a2:4e:a8:d0:bf:9c:45:a6:ec";
in
{
  imports = [
    ../config/minecraft.nix
    ../config/acme-sh.nix
    ../config/mpd.nix
    ../config/borg-backup.nix
    ../config/common.nix
    ../config/users.nix
    # ../config/weechat.nix
    ../config/dns.nix
    # ../config/hydra.nix
    ../config/web-server.nix
    ../config/cgit.nix
    ../config/mail-server.nix
    ../config/munin-node.nix
    ../config/munin-master.nix
    ../config/vpn-server.nix
    ../config/terraria.nix
    ../config/pjournal.nix
  ];

  services.pjournal = {
    enable = true;
    port = (import ../data/aliases.nix).services.pjournal.port;
    base_url = "https://journal.orbekk.com";
  };

  environment.systemPackages = with pkgs; [ ipmitool ];
  
  # environment.etc."dhcpcd.duid".text = duid;
  # systemd.services.dhcpcd.preStart = ''
  #   cp ${pkgs.writeText "duid" "${duid}"} /var/db/dhcpcd/duid
  # '';

  programs.mosh.enable = true;

  virtualisation.lxd.enable = true;
  #security.apparmor = {
  #  enable = true;
  #  profiles = [
  #    "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-star" 
  #    "${pkgs.lxc}/etc/apparmor.d/lxc-containers"
  #  ];
  #  packages = [ pkgs.lxc pkgs.apparmor-parser ];
  #};

  boot = {
    kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ];
    kernel.sysctl = {
      "net.ipv4.conf.all.forwarding" = true;
      "net.ipv6.conf.all.forwarding" = true;
      "net.ipv6.conf.br0.accept_ra" = 2;
    };
    
    loader.grub.extraConfig = ''
      GRUB_TERMINAL="serial"
      GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
      serial --speed 115200 --unit=0
      terminal_input serial
      terminal_output serial
    '';
    loader.grub.enable = true;
    loader.grub.version = 2;
    loader.grub.devices = ["/dev/sda" "/dev/sdb"];
  };
  
  networking = {
    hostName = lib.mkForce "dragon";

    firewall.allowPing = true;
    firewall.checkReversePath = "loose";
    firewall.logRefusedConnections = false;

    useDHCP = false;
    interfaces.br0.useDHCP = true;
    bridges = {
      br0 = {
        interfaces = ["eno2"];
      };
    };

    dhcpcd.enable = true;
    dhcpcd.extraConfig = ''
    duid
    ipv6ra_noautoconf
    debug
    interface br0
      clientid ${duid}
      ipv6ra_noautoconf
      dhcp6
    '';
  };

  # Required to enable password authentication for one user.
  security.pam.services.sshd.unixAuth = lib.mkForce true;
  services.openssh = {
    enable = lib.mkDefault true;
    passwordAuthentication = false;
    extraConfig = ''
      Match User readonly
        PasswordAuthentication yes
    '';
  };

  fileSystems = {
    "/storage" = {
      device = "/dev/sda3";
      fsType = "btrfs";
      options = [ "subvol=storage" ];
    };
    "/staging" = {
      device = "/dev/sda3";
      fsType = "btrfs";
      options = [ "subvol=staging" ];
    };
  };

  users.users.breakds = {
    uid = 1101;
    shell = pkgs.bashInteractive;
    home = "/home/breakds";
    createHome = false;
    isNormalUser = true;
    description = "Break Yang";
    openssh.authorizedKeys.keyFiles = [ ../data/break_rsa.pub ];
  };

  system.stateVersion = lib.mkForce "17.09";
}