# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ depot, lib, pkgs, rebuilder, config, ... }:
let
  inherit (depot.ops) secrets;
in {
  imports = [
    ../lib/blade-router.nix
    ../lib/blade.nix
    ../lib/fup.nix
  ];

  boot.loader.grub.device = "/dev/disk/by-id/usb-USB_SanDisk_3.2Gen1_0101cabb1ebdbdc0fd7b18edd207d43717c39c4a59d1b138b363e315841eca15743400000000000000000000443273100087260091558107b6a8e06e-0:0";

  # Networking!
  networking = {
    hostName = "blade-tuvok";
    hostId = "525229f7";
    firewall.allowedTCPPorts = [ 80 443 ];
  };
  my.ip.tailscale = "100.119.123.33";
  my.blade.bay = 6;
  my.blade.macAddress = {
    internal = "e4:11:5b:ac:e3:fe";
    storage = "e4:11:5b:ac:e4:02";
    internet = "e4:11:5b:ac:e4:00";
  };

  services.ceph = {
    mon.enable = true;
    osd = {
      enable = true;
      daemons = [ "3" ];
    };
  };

  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedGzipSettings = true;
    virtualHosts."objdump.zxcvbnm.ninja" = {
      useACMEHost = "objdump.zxcvbnm.ninja";
      default = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://localhost:7480";
        extraConfig = ''
          proxy_redirect off;
          client_max_body_size 0;
          proxy_buffering off;
        '';
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    email = "letsencrypt@lukegb.com";
    certs."objdump.zxcvbnm.ninja" = {
      group = config.services.nginx.group;
      dnsProvider = "cloudflare";
      credentialsFile = secrets.cloudflareCredentials;
      extraDomainNames = [
        "*.objdump.zxcvbnm.ninja"
      ];
    };
  };
  my.fup.listen = [
    "0.0.0.0" "[::]"
  ];

  my.blade-router = {
    addresses.linknet = {
      v4 = { local = "195.74.55.21"; remote = "195.74.55.20"; };
      v6 = {
        local = "2a03:ee40:8080:9:1::2";
        remote = "2a03:ee40:8080:9:1::1";
      };
    };

    addresses.br-public = {
      v4.addr = "92.118.28.254";
      v6.addr = "2a09:a441::ffff";
    };

    vrrp.priority = 100;
  };
}