nixos-config/nixos/machines/orbi/configuration.nix

{ lib, config, pkgs, ... }: {
  imports = [

    #../../system/all/nginx.nix
    ../../system/all/borg-jobs.nix
    ../../system/all/defaults.nix
    ../../system/server/packages.nix

    ../../components
    ../../modules

    ./disko-config.nix
    ./hetzner.nix

    # services
    #./borg.nix
    #./codimd.nix
    #./gitea.nix
    #./nextcloud.nix
    #./packages.nix
    #./taskserver.nix
    #./vaultwarden.nix
    #./nginx.nix
    #./nginx-wkd.nix

    #./network-tinc.nix
    #./network-wireguard.nix

    #./media-share.nix
    #./media-jellyfin.nix
    #./media-syncthing.nix
    #./media-transmission.nix
    #./media-transmission2.nix
    #./media-arr.nix

    #./sync-opentracker.nix
    #./sync-torrent.nix

    #./social-jitsi.nix

    # matrix
    # ------
    #./terranix-dendrite.nix

    # logging
    #./loki.nix
    #./loki-promtail.nix
    ##./prometheus.nix
    #./grafana.nix
    ./telegraf.nix

    #./cache.nix
  ];


  components.terminal.enable = true;
  components.mainUser.enable = true;
  components.gui.enable = false;
  components.network.enable = true;
  components.network.wifi.enable = false;

  users.users.root.shell = pkgs.zsh;

  security.acme.acceptTerms = true;
  security.acme.defaults.email = "contact@ingolf-wagner.de";

  sops.defaultSopsFile = ../../secrets/robi.yaml;

  services.smartd.enable = true;

  # Use GRUB2 as the boot loader.
  # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
  boot.loader.systemd-boot.enable = false;
  boot.loader.grub = {
    enable = true;
    efiSupport = false;
  };
  boot.loader.grub.mirroredBoots = [
    { path = "/boot-1"; devices = [ "/dev/sda" ]; }
    { path = "/boot-2"; devices = [ "/dev/sdb" ]; }
  ];

  boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
  boot.supportedFilesystems = [ "zfs" ];
  # head -c4 /dev/urandom | od -A none -t x4
  networking.hostId = "5bb982a6";
}