# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ depot, lib, pkgs, rebuilder, config, ... }:
let
  inherit (depot.ops) secrets;
  machineSecrets = secrets.machineSpecific.clouvider-fra01;

  vhostsConfig = {
    int = rec {
      proxy = _apply (value: { locations."/".proxyPass = value; }) {
        "deluge.int.lukegb.com" = "http://localhost:8112";
        "radarr.int.lukegb.com" = "http://localhost:7878";
        "sonarr.int.lukegb.com" = "http://localhost:8989";
      };
      serve = _apply (value: { root = value; }) {
        "int.lukegb.com" = depot.web.int;
        "logged-out.int.lukegb.com" = depot.web.logged-out-int;
      };
      other = _apply lib.id {
        "content.int.lukegb.com" = {
          listen = [{
            addr = config.my.ip.tailscale;
            port = 80;
          } {
            addr = config.my.ip.tailscale;
            port = 18081;
          }];
          locations."/" = {
            alias = "/store/content/";
            extraConfig = ''
              autoindex on;
            '';
          };
        };
      };
      _apply = f: builtins.mapAttrs (name: value: lib.recursiveUpdate hostBase (f value));
    };
  };
  vhosts = vhostsConfig.int.proxy // vhostsConfig.int.serve // vhostsConfig.int.other;
  hostBase = {
    listen = [{
      addr = config.my.ip.tailscale;
      port = 80;
    }];
  };
in {
  imports = [
    ../lib/zfs.nix
    ../lib/bgp.nix
    ../lib/ts3spotifybot.nix
    ../lib/coredns/default.nix
  ];

  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usbhid"
    "usb_storage"
    "sd_mod"
    "sr_mod"
  ];
  boot.kernelModules = [ "kvm-intel" ];

  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";

  fileSystems = let
    zfs = device: {
      device = device;
      fsType = "zfs";
    };
  in {
    "/" = zfs "zfast/local/root";
    "/nix" = zfs "zfast/local/nix";
    "/persist" = zfs "zfast/safe/persist";
    "/home" = zfs "zfast/safe/home";
    "/store" = zfs "zslow/local/store";

    "/boot" = {
      device = "/dev/disk/by-label/ESP";
      fsType = "vfat";
    };
  };

  nix.maxJobs = lib.mkDefault 12;

  # Use systemd-boot.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Networking!
  networking = {
    hostName = "clouvider-fra01";
    domain = "as205479.net";
    hostId = "9e983570";

    nameservers = [
      "2001:4860:4860::8888"
      "2001:4860:4860::8844"
      "8.8.8.8"
      "8.8.4.4"
    ];
    useDHCP = false;
    defaultGateway = {
      address = "193.228.196.56";
      interface = "enp1s0";
    };
    defaultGateway6 = {
      address = "2a0f:93c0:0:22::1";
      interface = "enp1s0";
    };
    interfaces.enp1s0 = {
      useDHCP = false;
      ipv4.addresses = [{ address = "193.228.196.57"; prefixLength = 31; }];
      ipv6.addresses = [{ address = "2a0f:93c0:0:22::2"; prefixLength = 126; }];
    };
    firewall.allowPing = true;
    firewall.allowedTCPPorts = [
      4001  # ipfs
    ];
    firewall.allowedUDPPorts = [
      4001  # ipfs
    ];
  };
  my.ip.tailscale = "100.75.142.119";
  my.coredns.bind = [ "enp1s0" "tailscale0" "127.0.0.1" "::1" ];

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    rebuilder
  ];

  # Define a user account.
  users.mutableUsers = false;
  users.users = {
    lukegb.extraGroups = [ "wheel" "content" "deluge" ];
    content = {
      isSystemUser = true;
      group = "content";
    };
    plex.extraGroups = [ "content" ];
    deluge.extraGroups = [ "content" ];
    sonarr.extraGroups = [ "deluge" "content" ];
    radarr.extraGroups = [ "deluge" "content" ];
  } // (lib.setAttrByPath [ config.services.nginx.user "extraGroups" ] [ "acme" ]);
  users.groups = {
    content = {};
  };

  services.openssh.hostKeys = [
    {
      path = "/persist/etc/ssh/ssh_host_ed25519_key";
      type = "ed25519";
    }
    {
      path = "/persist/etc/ssh/ssh_host_rsa_key";
      type = "rsa";
      bits = 4096;
    }
  ];

  services.plex = {
    enable = true;
    dataDir = "/store/plex";
    openFirewall = true;
    package = depot.nix.pkgs.plex-pass;
  };

  services.deluge = {
    enable = true;
    declarative = true;
    openFirewall = true;
    dataDir = "/store/deluge";
    config = {
      upnp = false;
      natpmp = false;
      max_active_seeding = 900;
      max_active_downloading = 100;
      max_active_limit = 1000;
      move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ];
      enabled_plugins = [ "Label" ];
    };
    authFile = machineSecrets.delugeAuthFile;

    web.enable = true;
    package = depot.pkgs.deluge;
  };
  services.sonarr = {
    enable = true;
  };
  services.radarr = {
    enable = true;
  };

  services.nginx = {
    enable = true;
    virtualHosts = vhosts;
  };
  systemd.services.nginx.serviceConfig = {
    SupplementaryGroups = [ "content" ];
  };

  services.ipfs = {
    enable = true;
    extraConfig = {
      Discovery.MDNS.Enabled = false;
      Swarm.DisableNatPortMap = true;
      Experimental.FilestoreEnabled = true;
    };
    dataDir = "/store/ipfs";
  };

  system.stateVersion = "20.09";
}