# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ depot, lib, pkgs, rebuilder, config, ... }:
let
  inherit (depot.ops) secrets;
in {
  imports = [
    ../lib/zfs.nix
  ];

  boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "uhci_hcd" "be2iscsi" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
  boot.kernelModules = [ "kvm-amd" "acpi_power_meter" ];
  boot.kernelParams = [ "mitigations=off" ];

  fileSystems = let
    zfs = device: {
      device = device;
      fsType = "zfs";
    };
  in {
    "/" = zfs "tank/local/root";
    "/tmp" = zfs "tank/local/tmp";
    "/nix" = zfs "tank/local/nix";
    "/var" = zfs "tank/safe/var";
    "/home" = zfs "tank/safe/home";
    "/boot" = {
      device = "/dev/disk/by-label/boot";
      fsType = "ext4";
    };
  };

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;

  # Networking!
  networking = {
    domain = "house.as205479.net";
    nameservers = ["8.8.8.8" "8.8.4.4"];
    useDHCP = false;
    bonds.bond0 = {
      driverOptions = {
        mode = "802.3ad";
        miimon = "100";
        lacp_rate = "fast";
      };
      interfaces = [
        "enp4s0f0" "enp4s0f1"
      ];
    };
    bridges.br-ext = {
      interfaces = [ "bond0" ];
      rstp = false;
    };

    defaultGateway = "192.168.1.5";

    firewall.allowedTCPPorts = lib.mkIf config.services.ceph.enable [ 6789 3300 ];
    firewall.allowedTCPPortRanges = lib.mkIf config.services.ceph.enable [{ from = 6800; to = 7300; }];
  };

  virtualisation.podman.enable = true;

  environment.systemPackages = with pkgs; [
    ceph
    xfsprogs
  ];

  services.ceph = {
    enable = true;
    global.fsid = "521a59a5-a597-4432-b248-1ecd3c76ca4c";
    global.monHost = "192.168.1.180, 192.168.1.181, 192.168.1.184";
    global.monInitialMembers = "blade-janeway, blade-tuvok, blade-paris";
    mon.daemons = [ config.networking.hostName ];
    mds.daemons = [ config.networking.hostName ];
    rgw.daemons = [ config.networking.hostName ];
    mgr.daemons = [ config.networking.hostName ];
    mgr.enable = config.services.ceph.mon.enable;
    rgw.enable = true;
  };
  systemd.services.ceph-osd-lvm-activate = lib.mkIf config.services.ceph.osd.enable {
    enable = true;
    description = "Ceph OSD pre-start";
    before = [ "network-online.target" "ceph-osd.target" ];
    wantedBy = [ "ceph-osd.target" ];

    path = [ pkgs.lvm2.bin pkgs.util-linux pkgs.coreutils ];

    serviceConfig = {
      Type = "oneshot";
      ExecStart = "${pkgs.ceph.out}/bin/ceph-volume lvm activate --all --no-systemd";
    };
  };

  virtualisation.libvirtd = {
    enable = true;
    qemuRunAsRoot = false;
    qemuPackage = pkgs.qemu_full;
    package = pkgs.libvirt.override {
      enableCeph = true;
      enableIscsi = true;
    };
  };
  security.polkit.enable = true;
  users.users.lukegb.extraGroups = lib.mkAfter [ "libvirtd" ];

  system.stateVersion = "21.05";
}