{ config, self, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./disko-config.nix
    self.nixosModules.burrow-forge
    self.nixosModules.burrow-forge-runner
    self.nixosModules.burrow-forgejo-nsc
  ];

  system.stateVersion = "24.11";

  time.timeZone = "America/Los_Angeles";

  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  services.burrow.forge = {
    enable = true;
    adminPasswordFile = config.age.secrets.forgejoAdminPassword.path;
    authorizedKeys = [
      (builtins.readFile ../../keys/contact_at_burrow_net.pub)
      (builtins.readFile ../../keys/agent_at_burrow_net.pub)
    ];
  };

  services.burrow.forgeRunner = {
    enable = true;
    sshPrivateKeyFile = config.age.secrets.forgejoAgentSshKey.path;
  };

  age.secrets.forgejoAdminPassword = {
    file = ../../../secrets/forgejo/admin-password.age;
    mode = "0400";
    owner = "forgejo";
    group = "forgejo";
  };

  age.secrets.forgejoAgentSshKey = {
    file = ../../../secrets/forgejo/agent-ssh-key.age;
    mode = "0400";
    owner = "root";
    group = "root";
  };

  age.secrets.forgejoNscToken = {
    file = ../../../secrets/forgejo/nsc-token.age;
    mode = "0400";
    owner = "forgejo-nsc";
    group = "forgejo-nsc";
  };

  age.secrets.forgejoNscDispatcherConfig = {
    file = ../../../secrets/forgejo/nsc-dispatcher-config.age;
    mode = "0400";
    owner = "forgejo-nsc";
    group = "forgejo-nsc";
  };

  age.secrets.forgejoNscAutoscalerConfig = {
    file = ../../../secrets/forgejo/nsc-autoscaler-config.age;
    mode = "0400";
    owner = "forgejo-nsc";
    group = "forgejo-nsc";
  };

  services.burrow.forgejoNsc = {
    enable = true;
    nscTokenFile = config.age.secrets.forgejoNscToken.path;
    dispatcher = {
      configFile = config.age.secrets.forgejoNscDispatcherConfig.path;
    };
    autoscaler = {
      enable = true;
      configFile = config.age.secrets.forgejoNscAutoscalerConfig.path;
    };
  };
}