{ config, pkgs, ... }:

{
  imports =
    [
      ./common.nix
      ./large-sw.nix
      ./uefi.nix
    ];

  boot.initrd.luks.devices = [
    {
      name = "sda2_crypt";
      device = "/dev/disk/by-uuid/6c687d35-1b43-4799-b71c-a5b5c21b3e2a";
      preLVM = true;
    }
    {
      name = "sdb2_crypt";
      device = "/dev/disk/by-uuid/d3485d00-8399-40cc-8bce-80b9bd24e63a";
      preLVM = true;
    }
  ];

  networking = {
    hostName = "decoysnail";
    hostId = "cf04f682";
  };

  services.openssh.enable = true;

  hardware.cpu.intel.updateMicrocode = true;

  services.thermald.enable = true;

  virtualisation.docker = {
    enable = true;
    storageDriver = "overlay2";
  };
  users.extraUsers.gebner.extraGroups = [ "docker" ];

  hardware.opengl.driSupport32Bit = true;

  services.avahi.nssmdns = true;

  services.openssh.forwardX11 = true;

  system.stateVersion = "18.03";

  networking.wireguard.interfaces.wg0 = {
    ips = ["10.59.0.4/16"];
    privateKeyFile = "/etc/wgkeys/decoysnail";
    allowedIPsAsRoutes = true;
    postSetup = ''
      printf "nameserver 10.57.0.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0
    '';
    postShutdown = ''
      ${pkgs.openresolv}/bin/resolvconf -d wg0
    '';
    peers = [{
      publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
      allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
      endpoint = "mtlaa-gw.gebner.org:35869";
    }];
  };

}