{ config, lib, ... }:
let
  cfg = config.my.utils.lxc-standard;
in
{
  options.my.utils.lxc-standard = {
    enable = lib.mkEnableOption "Enable if the host is a service LXC container";
  };

  config = lib.mkIf cfg.enable {

    age.secrets.snmpd-config.file = ../../secrets/snmpd-config.age;

    # Enable SSH
    services.openssh = {
      enable = true;
      settings = {
        # Disable password root access. Necessary for Colmena
        PermitRootLogin = "prohibit-password";
        PasswordAuthentication = false;
      };
    };

    my.utils.serverNodeUsers.enable = true;

    # Monitor node with node_exporter
    services.prometheus.exporters = {
      node = {
        enable = true;
        openFirewall = true;
        enabledCollectors = [ "systemd" ];
      };
    };

    # SNMP
    services.snmpd = {
      enable = true;
      openFirewall = true;
      configFile = config.age.secrets.snmpd-config.path;
    };

    networking.nameservers = [ "192.168.1.2" ];

  };
}