{ pkgs, ... }:
let
  modpack = pkgs.fetchPackwizModpack {
    url = "https://git.malice.zone/alisceon/tfcpack/-/raw/main/pack.toml";
    packHash = "sha256-AKmS+CLiex+N2YipHNbOJpOS+cUut4fcG2oKCWuXBwY=";
  };
in
{
  imports = [ ./hardware-configuration.nix ];

  security.sudo.wheelNeedsPassword = false;
  networking.hostName = "tesla-nixos";

  boot = {
    initrd.enable = true;
    loader.systemd-boot.enable = true;
  };

  environment.systemPackages = with pkgs; [ tmux ];

  virtualisation.podman.dockerCompat = false;
  virtualisation.docker = {
    enable = true;
    autoPrune = {
      enable = true;
      dates = "daily";
    };
    daemon.settings = {
      runtimes.crun.path = "${pkgs.crun}/bin/crun";
      default-runtime = "crun";
    };
  };

  networking.firewall.allowedTCPPorts = [
    8100
  ];

  services.minecraft-servers = {
    enable = true;
    eula = true;
    openFirewall = true;
    servers.tfcpack = {
      enable = true;
      package = pkgs.neoforgeServers.neoforge-1_21_1-21_1_219;
      autoStart = true;
      serverProperties = {
        motd = "TFC Pack - Tesla Nixos";
        max-players = "20";
        view-distance = "32";
        level-type = "tfc\\:overworld";
        spawn-protection = "0";
        max-tick-time = "-1";
      };
      jvmOpts = [
        "-Xmx24G"
        "-Xms24G"
        "-XX:+UseZGC"
        "-XX:+ZGenerational"
      ];
      symlinks.mods = "${modpack}/mods";
      files."config/bluemap/core.conf" = "${modpack}/config/bluemap/core.conf";
    };
  };

  users.users.gitlab-runner = {
    isNormalUser = true;
    home = "/var/lib/gitlab-runner";
    createHome = true;
    shell = pkgs.bashInteractive;
    extraGroups = [ "docker" "wheel" ];
    group = "gitlab-runner";
  };

  users.groups.gitlab-runner = { };
  users.groups.docker = { };

  systemd.services.enable-linger-gitlab-runner = {
    description = "Enable linger for gitlab-runner";
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "oneshot";
      ExecStart = "${pkgs.systemd}/bin/loginctl enable-linger gitlab-runner";
      RemainAfterExit = true;
    };
  };

  services.gitlab-runner = {
    enable = true;
    services.ci-nspawn-docker = {
      authenticationTokenConfigFile = "/var/lib/gitlab-runner/token-env";
      executor = "docker";
      dockerImage = "alpine:3";
      dockerPrivileged = true;
      dockerVolumes = [
        "/var/lib/gitlab-runner/cache:/cache"
      ];
    };
  };
}