{ config, lib, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./services
  ];

  networking.hostName = "raven";

  time.timeZone = "Etc/UTC";

  networking = {
    useDHCP = false;
    vlans = {
      labprod = {
        id = 1;
        interface = "eno1";
      };
      voip = {
        id = 5;
        interface = "eno1";
      };
      pubevent = {
        id = 6;
        interface = "eno1";
      };
    };
    interfaces = {
      eno2.useDHCP = true;
      labprod.ipv4.addresses = [{
        address = "192.168.94.1";
        prefixLength = 24;
      }];
      pubevent.ipv4.addresses = [{
        address = "10.10.0.1";
        prefixLength = 20;
      }];
      voip.ipv4.addresses = [{
        address = "192.168.93.1";
        prefixLength = 24;
      }];
    };
    nat = {
      enable = true;
      externalInterface = "eno2";
      internalInterfaces = [
        "labprod"
        "pubevent"
        "voip"
      ];
    };
  };

  i18n.defaultLocale = "en_US.UTF-8";
  console.keyMap = "de";

  security = {
    sudo.wheelNeedsPassword = false;

    acme = {
      acceptTerms = true;
      defaults.email = "accounts+letsencrypt.org@fablab-nea.de";
    };
  };

  users.users = {
    simon = {
      isNormalUser = true;
      extraGroups = [ "wheel" "docker" ];
      openssh.authorizedKeys.keys = config.fablab.pubkeys.users.simon;
    };
    jalr = {
      isNormalUser = true;
      extraGroups = [ "wheel" "docker" "audio" ];
      openssh.authorizedKeys.keys = config.fablab.pubkeys.users.jalr;
    };
  };

  services.openssh.enable = true;

  virtualisation.docker.enable = true;

  services.nginx.enable = true;

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  # FIXME
  networking.hosts = {
    "192.168.94.1" = [ "raven.lab.fablab-nea.de" "labsync.lab.fablab-nea.de" ];
  };

  system.stateVersion = "23.05";
}