{ config, lib, ... }:

let
  inherit (lib) mkDefault mkForce;

in
{
  imports = [
    ../common/options.nix
    ../common/nixos
  ];

  procolixVm = {
    name = "forgejo-ci";
    domain = "procolix.com";

    ipv4 = {
      interface = "enp1s0f0";
      address = "192.168.201.65";
      prefixLength = 24;
      gateway = "192.168.201.1";
    };
    ipv6.enable = false;

    # Most Procolix machines are QEMU VMs so the options are tailored to them by
    # default. `forgejo-ci` is not, so we need to explicitly disable them.
    isQemuVm = false;
  };

  networking = {
    nftables.enable = mkForce false;
    hostId = "1d6ea552";
  };

  hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;

  boot = {
    ## In an initial version, we used `mkForce` to remove QEMU VM-specific
    ## kernel modules. This is a terrible idea as it will also remove other
    ## kernel modules, for instance the ones added for ZFS.
    initrd = {
      availableKernelModules = [
        "ahci"
        "xhci_pci"
        "ehci_pci"
        "nvme"
        "megaraid_sas"
        "usbhid"
        "usb_storage"
        "sd_mod"
      ];
      kernelModules = [ ];
    };
    kernelModules = [ "kvm-intel" ];
  };

  fileSystems."/" = {
    device = "rpool/root";
    fsType = "zfs";
  };

  fileSystems."/home" = {
    device = "rpool/home";
    fsType = "zfs";
  };

  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/50B2-DD3F";
    fsType = "vfat";
    options = [
      "fmask=0077"
      "dmask=0077"
    ];
  };
}