{ config, pkgs, lib, ... }:

with builtins;
let
  postgresPkg = pkgs.postgresql_14;
  numCPUs = 16;
in rec {
  networking.hostName = "bc01n05";
  # TODO: undefine fqdn and define domain after big nix change
  hscloud.base.fqdn = "${networking.hostName}.hswaw.net";
  #networking.domain = "hswaw.net";
  system.stateVersion = "22.05";
  nix.maxJobs = numCPUs;

  ### zfs
  # randomly generated
  networking.hostId = "26dbfbcd";
  boot.supportedFilesystems = [ "zfs" ];
  boot.initrd.supportedFilesystems = [ "zfs" ];
  services.zfs.trim.enable = true;

  boot.loader.grub.device = "/dev/sda";
  fileSystems = {
    "/" = {
      device = "rpool/nixos/root";
      fsType = lib.mkForce "zfs";
      options = [ "X-mount.mkdir" ];
    };
    "/home" = {
      device = "rpool/nixos/home";
      fsType = "zfs";
      options = [ "X-mount.mkdir" ];
    };
    "/var/lib/postgresql" = {
      device = "rpool/postgres";
      fsType = "zfs";
      options = [ "X-mount.mkdir" ];
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
      fsType = "ext4";
    };
  };

  hscloud.base = {
    mgmtIf = "eno1";
    ipAddr = "185.236.240.37";
    ipAddrBits = 28;
    gw = "185.236.240.33";
  };

  networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ];

  environment.systemPackages = [postgresPkg];
  services.postgresql = {
    enable = true;
    package = postgresPkg;
    enableTCPIP = true;
    initdbArgs = ["--encoding='UTF8'" "--lc-collate='C'" "--lc-ctype='C'"];
    settings = {
      max_connections = 300;
      shared_buffers = "8GB";
      temp_buffers = "128MB";
      work_mem = "128MB";
      maintenance_work_mem = "258MB";
      effective_io_concurrency = 10;  # ssd, guess
      maintenance_io_concurrency = 100; # ssd, guess
      max_worker_processes = numCPUs;
      max_parallel_workers = numCPUs;
      max_parallel_maintenance_workers = 4;
      wal_level = "logical";
      wal_sync_method = "fsync"; # slightly faster (per pg_test_fsync) AND safer
      full_page_writes = "off"; # partial writes impossible on zfs
      wal_init_zero = "off"; # useless on CoW
      wal_recycle = "off";  # same
      random_page_cost = 2.0; # ssd, TODO maybe even lower?
    };
    ensureDatabases = ["synapse" "mediarepo"];
    ensureUsers = [
      {
        name = "synapse";
        ensurePermissions = {
          "DATABASE synapse" = "ALL PRIVILEGES";
        };
      }
      {
        name = "mediarepo";
        ensurePermissions = {
          "DATABASE mediarepo" = "ALL PRIVILEGES";
        };
      }
    ];
    authentication = pkgs.lib.mkOverride 10 ''
      local   all               all                                 trust
      host    all               all               127.0.0.1/32      trust
      host    all               all               ::1/128           trust
      host    synapse,mediarepo synapse,mediarepo 185.236.240.0/24  scram-sha-256
    '';
  };
}