{ config, lib, pkgs, ... }:
let duid = "00:01:00:01:21:a2:4e:a8:d0:bf:9c:45:a6:ec";
in {
  imports = [
    ../config/router.nix
    ../config/borg-backup.nix
    ../config/dns.nix
    ../config/web-server.nix
    ../config/cgit.nix
  ];

  orbekk.monitoring-server.enable = true;
  orbekk.postfix.enable = true;
  orbekk.nextcloud.enable = true;
  orbekk.backups.enableServer = true;
  orbekk.backups.enableClient = true;

  environment.systemPackages = with pkgs; [ ipmitool ];
  programs.mosh.enable = true;

  orbekk.valheim-server.enable = false;
  orbekk.valheim-server.programDir = "/opt/valheim";

  orbekk.hledger-web.enable = true;
  orbekk.hledger-web.journalFile =
    "/var/lib/hledger-web/hledger/anniekj.journal";

  # virtualisation.lxd.enable = true;

  boot = {
    kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ];

    loader.grub.extraConfig = ''
      GRUB_TERMINAL="serial"
      GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
      serial --speed 115200 --unit=0
      terminal_input serial
      terminal_output serial
    '';
    loader.grub.enable = true;
    loader.grub.version = 2;
    loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
  };

  networking = { hostName = lib.mkForce "dragon"; };

  # Required to enable password authentication for one user.
  security.pam.services.sshd.unixAuth = lib.mkForce true;
  services.openssh = {
    enable = lib.mkDefault true;
    passwordAuthentication = false;
    extraConfig = ''
      Match User readonly
        PasswordAuthentication yes
    '';
  };

  fileSystems = {
    "/storage" = {
      device = "/dev/sda3";
      fsType = "btrfs";
      options = [ "subvol=storage" ];
    };
    "/staging" = {
      device = "/dev/sda3";
      fsType = "btrfs";
      options = [ "subvol=staging" ];
    };
  };

  users.users.breakds = {
    uid = 1101;
    shell = pkgs.bashInteractive;
    home = "/home/breakds";
    createHome = false;
    isNormalUser = true;
    description = "Break Yang";
    openssh.authorizedKeys.keyFiles = [ ../data/break_rsa.pub ];
  };

  system.stateVersion = lib.mkForce "17.09";

  # hardware-configuration.nix
  boot.initrd.availableKernelModules =
    [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usb_storage" "sd_mod" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" = {
    device = "/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3";
    fsType = "btrfs";
    options = [
      "subvol=system/dragon-nixos,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKHV0LS-part3,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3,degraded"
    ];
  };

  swapDevices = [ ];

  nix.trustedUsers = [ "builder" ];
  nix.maxJobs = lib.mkDefault 8;
  powerManagement.cpuFreqGovernor = "ondemand";
  hardware.enableRedistributableFirmware = lib.mkDefault true;
}