{ config, ... }:
{
  custom.nextcloud_domain = "idacloud.sinerva.eu";
  services.nextcloud.settings.trusted_domains = [ "idacloud.vsinerva.fi" ];
  custom.collabora_domain = "idacollab.sinerva.eu";

  imports = [
    ../../shared/base.nix
    ../../shared/hardware/vm.nix
    ../../servers/nextcloud.nix
  ];

  sops = {
    secrets = {
      priv-idacloud-wg = {
        sopsFile = ../../secrets/idacloud.yaml;
        restartUnits = [ "wg-quick-wg0.service" ];
      };
      psk-laptop-idacloud-wg = {
        sopsFile = ../../secrets/idacloud.yaml;
        restartUnits = [ "wg-quick-wg0.service" ];
      };
    };
  };

  # Networking conf including WireGuard
  networking = {
    firewall.allowedUDPPorts = [ 51822 ];

    wg-quick.interfaces = {
      wg0 = {
        address = [ "10.1.0.1/24" ];
        privateKeyFile = config.sops.secrets.priv-idacloud-wg.path;
        listenPort = 51822;

        peers = [
          # Laptop
          {
            publicKey = "qJl6XBAGlmGHLre+RoCLUsZUrOrDgGoinREHFiw29ys=";
            presharedKeyFile = config.sops.secrets.psk-laptop-idacloud-wg.path;
            allowedIPs = [ "10.1.0.2/32" ];
          }
          # Phone
          #          {
          #            publicKey = "TODO";
          #            presharedKeyFile = "/root/wireguard-keys/psk2";
          #            presharedKeyFile = config.sops.secrets.psk-phone-idacloud-wg.path;
          #            allowedIPs = [ "10.1.0.3/32" ];
          #          }
        ];
      };
    };
  };
}