{ pkgs
, lib
, config
, ... }:

let
  keys = import ../../../variables/keys.nix;

in {
  # TASK: new device
  networking.hostName = "sj-pvehtz-0"; # Define your hostname.
  # networking.domain =  "";

  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [
    # iperf3
    5201
  ];
  networking.firewall.logRefusedConnections = false;

  networking.usePredictableInterfaceNames = false;

  networking.interfaces.eth0 = {
    mtu = 1400;
    useDHCP = false;
    ipv4.addresses = [
      { "address" = "167.233.1.14"; "prefixLength" = 29; }
    ];
    ipv6.addresses = [
    ];
  };

  networking.defaultGateway = {
    address = "167.233.1.9";
    interface = "eth0";
  };

  networking.defaultGateway6 = {
    address = "fe80::1";
    interface = "eth0";
  };

  networking.nameservers = [
    "1.1.1.1"
  ];

  networking.nat = {
    enable = true;
    internalInterfaces = [ "ve-+" ];
    externalInterface = "eth0";
  };

  # Kubernetes
  # services.kubernetes.roles = ["master" "node"];

  # virtualization
  virtualisation = {
    docker.enable = true;
  };

  services.spice-vdagentd.enable = true;
  services.qemuGuest.enable = true;

  systemd.services."sshd-status" = {
    enable = true;
    description = "sshd-status service";
    path = [ pkgs.systemd ];
    script = ''
      systemctl status sshd | grep -i tasks
    '';
  };

  systemd.services.sshd.serviceConfig = {
    TasksMax = 32;
  };

  systemd.timers."sshd-status" = {
    description = "Timer to trigger sshd-status periodically";
    enable = true;
    wantedBy = [ "timer.target" "multi-user.target" ];
    timerConfig = {
      OnActiveSec="360s";
      OnUnitActiveSec="360s";
      AccuracySec="1s";
      Unit = "sshd-status.service";
    };
  };

  nix.gc = {
    automatic = true;
  };

  networking.useHostResolvConf = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?
}