# MANUAL: On client machines generate signing keys:
#   nix-store --generate-binary-cache-key some-name /persist/manual/nix/nix-cache-key.sec /persist/manual/nix/nix-cache-key.pub
#
# Trust other machines and add the substituters:
#   nix.binaryCachePublicKeys = [ "some-name:AzNW1MOlkNEsUAXS1jIFZ1QCFKXjV+Y/LrF37quAZ1A=" ];
#   nix.binaryCaches = [ "https://test.example/nix-cache" ];

{
  config,
  lib,
  pkgs,
  ...
}:
{
  imports = [
    ./hardware-configuration.nix
    ./vm_disk.nix
  ];

  config = {
    networking =
      let
        interface = "enp0s2";
      in
      {
        # Generate with `head -c4 /dev/urandom | od -A none -t x4`
        hostId = "0aadbb10";

        hostName = "worker0"; # Define your hostname.

        interfaces = {
          "${interface}" = {
            ipv4.addresses = [
              {
                address = "10.215.1.224";
                prefixLength = 24;
              }
            ];

            ipv6.addresses = [
              {
                address = "2620:11f:7001:7:ffff:ffff:0ad7:01e0";
                prefixLength = 64;
              }
            ];
          };
        };
        defaultGateway = "10.215.1.1";
        defaultGateway6 = {
          # address = "2620:11f:7001:7::1";
          address = "2620:11f:7001:7:ffff:ffff:0ad7:0101";
          inherit interface;
        };
        nameservers = [
          "10.215.1.1"
        ];

        dhcpcd.enable = lib.mkForce false;
        useDHCP = lib.mkForce false;
      };

    time.timeZone = "America/New_York";
    i18n.defaultLocale = "en_US.UTF-8";

    me.boot.enable = true;
    me.boot.secure = false;
    me.mountPersistence = true;
    boot.loader.timeout = lib.mkForce 0; # We can always generate a new ISO if we need to access other boot options.

    me.optimizations = {
      enable = true;
      arch = "znver4";
      # build_arch = "x86-64-v3";
      system_features = [
        "gccarch-znver4"
        "gccarch-skylake"
        "gccarch-kabylake"
        # "gccarch-alderlake" missing WAITPKG
        "gccarch-x86-64-v3"
        "gccarch-x86-64-v4"
        "benchmark"
        "big-parallel"
        "kvm"
        "nixos-test"
      ];
    };

    # Mount tmpfs at /tmp
    boot.tmp.useTmpfs = true;

    # Enable TRIM
    # services.fstrim.enable = lib.mkDefault true;

    # nix.optimise.automatic = true;
    # nix.optimise.dates = [ "03:45" ];
    # nix.optimise.persistent = true;

    environment.systemPackages = with pkgs; [
      htop
    ];

    # nix.sshServe.enable = true;
    # nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ];

    me.dont_use_substituters.enable = true;
    me.minimal_base.enable = true;
    me.worker_node.enable = true;
  };
}