{ pkgs, lib, ... }:

with lib;

{
  imports = [
    <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
  ];

  config = {
    fileSystems."/" = {
      device = "/dev/disk/by-label/nixos";
      fsType = "ext4";
      autoResize = true;
    };

    boot.growPartition = true;
    boot.kernelParams = [ "console=ttyS0" ];
    boot.loader.grub.device = "/dev/vda";
    boot.loader.timeout = 0;

    users.extraUsers.root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy"
    ];
    services.openssh.enable = true;
    services.openssh.permitRootLogin = "prohibit-password";
    networking.firewall = {
      enable = true;
      allowedTCPPorts = [ 22 ];
    };

    virtualisation.docker.enable = true;
    virtualisation.oci-containers.backend = "docker";
    virtualisation.oci-containers.containers = {
      drone_runner = {
        image = "drone/drone-runner-docker:1.4.0";
        volumes = [
          "/nix:/nix"
          "/var/run/docker.sock:/var/run/docker.sock"
        ];
        environment = {
          DRONE_RPC_PROTO = "https";
          DRONE_RPC_HOST = "drone.deuxfleurs.fr";
          DRONE_RUNNER_CAPACITY = "1";
          DRONE_DEBUG = "true";
          DRONE_LOGS_TRACE = "true";
          DRONE_RPC_DUMP_HTTP = "true";
          DRONE_RPC_DUMP_HTTP_BODY = "true";
          DRONE_RUNNER_LABELS = "nix:1";
        };
        environmentFiles = [
          "/dev/qemu/dronesecret0"
        ];
      };
      drone_gc = {
        image = "drone/gc:latest";
        volumes = [
          "/var/run/docker.sock:/var/run/docker.sock"
        ];
        environment = {
          GC_DEBUG = "true";
          GC_CACHE = "10gb";
          GC_INTERVAL = "10m";
        };
      };
    };
  };
}