{ config, ... }:
let
  email = "admin@woach.me";
in {
  imports = [ 
    ./hardware.nix ];
  system.stateVersion = "24.11";
  system.timezone = "America/Los_Angeles";
  system.users.bigWheels = [ "pan" ];

  sops-nix = {
    enable = true;
    keyFile = "/etc/sops/age/keys.txt";
    sopsFile = ./secrets.yaml;
    secrets = {
      pdsEnv = {};
      forgejoPassword = {
        owner = "forgejo";
      };
    };
  };

  caddy = {
    enable = true;
    adminEmail = email;
    vhosts = {
      "juri.woach.me" = {
        extraConfig = ''
          reverse_proxy :3000
        '';
        serverAliases = [ "*.juri.woach.me" ];
      };
      "winry.woach.me" = {
        extraConfig = ''
          reverse_proxy :${builtins.toString config.forgejo.server.port}
        '';
      };
      "ginko.woach.me" = {
        extraConfig = ''
          reverse_proxy :${builtins.toString config.headscale.server.port}
        '';
      };
    };
  };

  pds = {
    enable = true;
    hostname = "juri.woach.me";
    adminEmail = email;
    environmentFile = config.sops.secrets.pdsEnv.path;
  };

  forgejo = {
    enable = true;
    server.domain = "winry.woach.me";
    users.admin = {
      enable = true;
      username = "Julia";
      passwordFile = config.sops.secrets.forgejoPassword.path;
    };
  };

  headscale = {
    enable = true;
    server.domain = "ginko.woach.me";
  };

  syncthing = {
    enable = true;
    devices = {
      "homura".id = "NEP24DB-DVXAHTZ-TCCNREQ-Q5TSC7K-ZXPWC4L-5ELGKQX-4I2P47O-2FT5QAU";
      "onizuka".id = "5S6QMND-MHD2HYR-DR6KQD4-6AWJTRL-FQUCR7W-FD2KBT3-AF6RE6R-F47KBQC";
    };

    folders = {
      "wiki" = {
        path = "/var/lib/wiki";
        devices = [ "homura" "onizuka" ];
      };
    };
  };
  systemd.tmpfiles.rules = [ "d /var/lib/wiki 0755 syncthing syncthing -" ];

  postgres.enable = true;

  shell.enabledShells = [ "fish" ];
  shell.defaultShell = "fish";

  tailscale.enable = true;
  sshd.enable = true;
}