{
  config,
  pkgs,
  lib,
  ...
}:
let
  defaultNodePort = toString config.services.prometheus.exporters.node.port;
  p = import ../parameters.nix;
in
{

  age.secrets = {
    exportarr-secrets.file = ../../secrets/exportarr-secrets.age;
    tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
    grafana-admin-pwd = {
      file = ../../secrets/grafana-admin-pwd.age;
      owner = "grafana";
    };
    grafana-secret-auth = {
      file = ../../secrets/grafana-secret-auth.age;
      owner = "grafana";
    };
    searx-prometheus-secret = {
      file = ../../secrets/searx-prometheus-secret.age;
      owner = config.users.users."prometheus".name;
      group = config.users.groups."prometheus".name;
      mode = "0644";
    };
  };

  my = {
    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };

    services.media-mgr = {
      exportMetrics = {
        enable = true;
        apiKeyFile = config.age.secrets.exportarr-secrets.path;
      };
      proxy.host = p.hosts.arr;
    };

    monitoring = {
      grafana = {
        enable = true;
        adminPasswordFile = config.age.secrets.grafana-admin-pwd.path;
        auth = {
          enable = true;
          baseUrl = "auth.${p.domains.public}";
          sectetKeyFile = config.age.secrets.grafana-secret-auth.path;
        };
        proxy.domain = p.domains.public;
      };
      prometheus = {
        enable = true;
        extraScrapeConfigs = [
          {
            job_name = "caddy";
            static_configs = [ { targets = [ "${p.hosts.caddy}:2024" ]; } ];
          }
          {
            job_name = "searxng";
            static_configs = [ { targets = [ "${p.hosts.caddy}:8080" ]; } ];
            basic_auth = {
              username = "searxng";
              password_file = config.age.secrets.searx-prometheus-secret.path;
            };
          }
        ];
      };
      loki.enable = true;
    };

    networking = {
      tailscale = {
        enable = true;
        magicDNSDomain = p.domains.tsDns;
        authKeyFile = config.age.secrets.tailscale-authKey.path;
      };

    };

    virtualisation = {
      proxmox.enable = true;
    };
  };

  # Extra packages
  environment.systemPackages = with pkgs; [ ];

  services = {
    prometheus.scrapeConfigs = [
      {
        job_name = "host-metrics";
        static_configs = [
          {
            targets = [
              "${p.hosts.metrics}:${defaultNodePort}"
              "${p.hosts.caddy}:${defaultNodePort}"
              "${p.hosts.arr}:${defaultNodePort}"
              "${p.hosts.nextcloud}:${defaultNodePort}"
              "${p.hosts.vaultwarden}:${defaultNodePort}"
              "${p.hosts.plex}:${defaultNodePort}"
              "${p.hosts.docker}:${defaultNodePort}"
            ];
          }
        ];
      }
    ];
  };

  system.stateVersion = "24.05";
}