{ config, pkgs, ... }:

let

  parameters = import ./parameters.nix { };

  # GID = 888;
  # user = "rtorrent";
  # passwordHash = "$y$j9T$dA94KVg1/jYLqclQQbTDk.$cnfxBWUN8P4shr8Kkipv5bU/RCtQNoAwYFDZ0X/BYs5";

  timeZone = "Europe/Rome";
  defaultLocale = "en_US.UTF-8";
in
{
  imports = [

    # Need to load some defaults for running in an lxc container.
    # This is explained in:
    # https://github.com/nix-community/nixos-generators/issues/79
    # "${modulesPath}/virtualisation/lxc-container.nix"

    # ./modules/qbittorrent.nix
    ./modules/rutorrent.nix

    # ./services/qbittorrent.nix
    ./services/rutorrent.nix
    ./services/networking.nix
  ];

  # This doesn't do _everything_ we need, because `boot.isContainer` is
  # specifically talking about light-weight NixOS containers, not LXC. But it
  # does at least gives us something to start with.
  boot.isContainer = true;

  networking = {
    hostName = parameters.containerName;
  };

  nixpkgs.config.allowUnfree = true;

  # Extra packages
  # environment.systemPackages = with pkgs; [ ];

  services = {
    openssh.enable = true;
    tailscale = {
      enable = false;
      useRoutingFeatures = "both";
      extraUpFlags = [ "--exit-node=${parameters.tailscaleExitNodeIP}" ];
      authKeyFile = builtins.toFile "authKey" ''${parameters.tailscaleAuthKey}'';
    };
  };

  time.timeZone = parameters.timeZone;

  i18n = {
    defaultLocale = defaultLocale;
    extraLocaleSettings = {
      LC_ADDRESS = defaultLocale;
      LC_IDENTIFICATION = defaultLocale;
      LC_MEASUREMENT = defaultLocale;
      LC_MONETARY = defaultLocale;
      LC_NAME = defaultLocale;
      LC_PAPER = defaultLocale;
      LC_TELEPHONE = defaultLocale;
      # LC_NUMERIC = defaultLocale;
      # LC_TIME = defaultLocale;
    };
  };

  users = {

    # If set to false, the contents of the user and group files will simply
    # be replaced on system activation.
    # This also holds for the user passwords.
    # All changed passwords will be reset according
    # to the `users.users` configuration on activation.
    mutableUsers = false;

    users.root = {
      hashedPassword = "$6$gir1YD6tNdC9xAj0$zLr1yt/ea9PvwygjHfQVnPmeCd1.2zrAKWiN80duidwOkZF6hwm06ta6J3O9uw6F3uUHC0N7iiKYhCgXXR.Q7/";
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
      ];
    };

    users.pazpi = {
      isNormalUser = true;
      shell = pkgs.bash;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
      ];
    };

    # groups = {
    #   qbittorrent = { gid = GID; };
    # };

    # users."${user}" = {
    #   isNormalUser = true;
    #   group = "qbittorrent";
    #   extraGroups = [ "user" "multimedia" ];
    #   # initialHashedPassword = passwordHash;
    # };
  };

  # # Enable passwordless sudo.
  # security.sudo.extraRules = [
  #   {
  #     users = [ user ];
  #     commands = [
  #       {
  #         command = "ALL";
  #         options = [ "NOPASSWD" ];
  #       }
  #     ];
  #   }
  # ];

  # Supress systemd units that don't work because of LXC.
  # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak
  systemd.suppressedSystemUnits = [
    "dev-mqueue.mount"
    "sys-kernel-debug.mount"
    "sys-fs-fuse-connections.mount"
  ];

  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  system.stateVersion = "24.05";
}