{ lib, pkgs, ... }:

let address = "129.199.146.101";
in
{
  imports = [
    ./hardware.nix

    # NOTE: For now, only deploy the bare minimum
    #./photoprism.nix
    #./immich.nix
  ];

  # Bootloader.
  boot.loader.systemd-boot.enable = true;

  networking.hostName = "photoprism";

  disko.devices = import ./disko.nix;

  deployment.targetHost = "";

  # Set your time zone.
  time.timeZone = "Europe/Paris";

  environment.systemPackages = with pkgs; [ neovim ];

  services.openssh = {
    enable = true;
    settings = { PasswordAuthentication = false; };
  };

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270"
  ];

  security.acme.acceptTerms = true;
  security.acme.defaults.email = "webmaster@nixos.org";

  networking.firewall.allowedTCPPorts = [ 22 80 443 8007 ];
  networking.firewall.allowedUDPPorts = [ ];

  networking.useNetworkd = true;

  systemd.network = {
    config.routeTables = {
      he = 100;
      mwan = 110;
    };
    networks = {
      "10-ens18" = {
        name = "ens18";

        networkConfig = {
          Description = "ENS uplink";
          Address = [ "129.199.146.101/24" ];
          Gateway = "129.199.146.254";
          LLDP = true;
        };
      };
    };
  };

  # NOTE: for now, we use internal ports
  # TODO: switch to unixsockets if supported
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
  };

  system.stateVersion = "24.05";
}