{ config, pkgs, ... }:
{
    imports = [
        ./gitea.nix
    ];

    boot.loader.grub.enable = true;
    boot.loader.grub.version = 2;
    boot.loader.grub.device = "/dev/vda";

    networking.hostName = "Emitter";

    networking.tempAddresses = "disabled";
    networking.useDHCP = false;
    networking = {
        defaultGateway = {
            address = "2.59.133.1";
            interface = "ens3";
        };
        defaultGateway6 = {
            address = "2a0d:5940:7::1";
            interface = "ens3";
        };
        nameservers = [
            "9.9.9.10"
            "8.8.8.8"
            "2606:4700:4700::1111"
            "2001:4860:4860::8888"
        ];
        interfaces.ens3 = {
            ipv4 = {
                addresses = [
                    {
                        address = "2.59.133.12";
                        prefixLength = 24;
                    }
                ];
                routes = [
                    {
                        address = "2.59.133.0";
                        prefixLength = 24;
                        via = "2.59.133.1";
                    }
                ];
            };
            ipv6 = {
                addresses = [
                    {
                        address = "2a0d:5940:7:16f:216:3cff:fe63:9a54";
                        prefixLength = 64;
                    }
                    {
                        address = "fe80::216:3cff:fe63:9a54";
                        prefixLength = 64;
                    }
                ];
                routes = [
                    {
                        address = "2a0d:5940:7:16f:216:3cff:fe63:9a54";
                        prefixLength = 64;
                        via = "2a0d:5940:7::1";
                    }
                ];
            };
        };
    };

    i18n.defaultLocale = "de_DE.UTF-8";
    console.keyMap = "de";

    services.openssh.ports = [ 8248 ];
    networking.firewall.allowedTCPPorts = [ 8248 ];

    nix.settings.trusted-users = [ "fruchti" ];
    security.sudo.wheelNeedsPassword = false;

    security.acme = {
        defaults = {
            email = config.email.adminEmail;
        };
        acceptTerms = true;
    };

    system.autoUpgrade = {
        enable = true;
        allowReboot = true;
        sendEmail = true;
        gitPull = true;
        gitUser = "fruchti";
    };


    nixpkgs.overlays = [
        (self: super: {
            burp = (super.burp.overrideAttrs (old: {
                postInstall = ''
                    mv $out/sbin/burp $out/sbin/burp-untunneled
                    cat > $out/sbin/burp <<-EOF
                    #!/${pkgs.bash}/bin/bash
                    ${pkgs.openssh}/bin/ssh -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true
                    $out/sbin/burp-untunneled \$@
                    EOF
                    chmod +x $out/sbin/burp
                '';
            }));
        })
    ];

    services.burp = {
        client = {
            enable = true;
            # Because of the port forward, the server will be localhost
            server = "localhost";
            frequency = "3:00";
            passwordFile = "/secrets/burp_client_password";
            sslKeyPasswordFile = "/secrets/burp_ssl_key_password";
        };
    };
    services.statusEmail.enable = true;
    systemd.services.burp-client.unitConfig.OnFailure = "status-email@%n.service";

    # This value determines the NixOS release from which the default
    # settings for stateful data, like file locations and database versions
    # on your system were taken. It’s perfectly fine and recommended to leave
    # this value at the release version of the first install of this system.
    # Before changing this value read the documentation for this option
    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
    system.stateVersion = "21.11"; # Did you read the comment?
}