{ config, lib, pkgs, ... }:

with lib.my;
{
  imports = [
    ./hardware-configuration.nix
    ../server.nix
  ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "library";
  networking.domain = "mesh.vimium.net";
  networking.hostId = "d24ae953";

  networking.networkmanager.enable = true;

  nix.package = pkgs.nixFlakes;
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';

  users.defaultUserShell = pkgs.zsh;

  system.stateVersion = "22.11";

  systemd.services.vps1-tunnel = {
    enable = true;
    description = "vps1.mesh.vimium.net SSH tunnel";
    after = [
      "network-online.target"
      "podman-jellyfin.service"
    ];
    wants = [ "network-online.target" ];
    serviceConfig = {
      Type="simple";
      ExecStart=pkgs.lib.mkForce ''
        ${pkgs.openssh}/bin/ssh \
          -NT \
          -o ExitOnForwardFailure=yes \
          -o ServerAliveInterval=60 \
          -o TCPKeepAlive=no \
          -i %h/.ssh/id_jellyfin \
          -R localhost:8096:localhost:8096 \
          -R localhost:3579:localhost:3579 \
          jellyfin@vps1.mesh.vimium.net
      '';
      Restart="on-failure";
    };
    wantedBy = [ "default.target" ];
  };

  virtualisation.podman = {
    enable = true;
    extraPackages = [ pkgs.zfs ];
  };
  virtualisation.containers.storage.settings = {
    storage = {
      driver = "zfs";
      graphroot = "/var/lib/containers/storage";
      runroot = "/run/containers/storage";
    };
  };
  virtualisation.oci-containers.containers = {
    jellyfin = {
      image = "docker.io/jellyfin/jellyfin:10.8.10";
      autoStart = true;
      ports = [ "8096:8096/tcp" ];
      volumes = [
        "jellyfin-cache:/cache:Z"
        "jellyfin-config:/config:Z"
      ];
      extraOptions = [
        "--detach"
        "--privileged"
        "--label=io.containers.autoupdate=registry"
        "--group-add=989"
        "--mount=type=bind,source=/mnt/library,target=/library,ro=true"
        "--device=/dev/dri:/dev/dri"
      ];
    };
    ombi = {
      image = "lscr.io/linuxserver/ombi:latest";
      autoStart = true;
      ports = [ "3579:3579/tcp" ];
      environment = {
        BASE_URL = "/requests";
      };
      volumes = [
        "ombi-config:/config:Z"
      ];
      extraOptions = [
        "--label=io.containers.autoupdate=registry"
      ];
      dependsOn = [ "jellyfin" ];
    };
  };

  modules = {
    security = {
      gpg.enable = true;
    };
    shell = {
      zsh.enable = true;
    };
  };
}