{ config, lib, pkgs, ... }:
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  nixpkgs.config.allowUnfree = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "${hostname}"; # Define your hostname.

  time.timeZone = "Australia/Melbourne";

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  # environment.systemPackages = with pkgs; [
  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #   wget
  # ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # List services that you want to enable:
  services = {
    nomad = {
      enable = true;
      enableDocker = true;
      dropPrivileges = false;
      settings = {
        datacenter = "jaglan-beta";
        server = {
          enabled = true;
%{if bootstrap ~}
          bootstrap_expect = 1;
%{endif ~}
        };
        client = {
          enabled = true;
          preferred_address_family = "ipv4";
%{if cpu_total_compute != null ~}
          cpu_total_compute = ${cpu_total_compute};
%{endif ~}
          host_volume = {
%{ for volume in host_volumes ~}
            ${volume} = {
              path = "/opt/${volume}";
              read_only = false;
            };
%{ endfor ~}
          };
          cni_path = "$${pkgs.cni-plugins}/bin";
        };
        plugin.docker.config.allow_privileged = true;
      };
      extraPackages = with pkgs; [
        cni-plugins
        consul
      ];
    };
    consul = {
      enable = true;
      webUi = true;
      interface.bind = "${bind_interface}";
      interface.advertise = "${bind_interface}";
      forceAddrFamily = "ipv4";
      extraConfig  = {
        client_addr = "{{ GetPrivateInterfaces | exclude \"type\" \"ipv6\" | join \"address\" \" \" }} {{ GetAllInterfaces | include \"flags\" \"loopback\" | join \"address\" \" \" }}";
%{if bootstrap ~}
        bootstrap_expect = 1;
%{endif ~}
        server = true;
        retry_join = [
          "jaglan-beta-m01"
          "jaglan-beta-m20"
          "jaglan-beta-m21"
          "jaglan-beta-m22"
        ];
        datacenter = "jaglan-beta";
        connect.enabled = true;
        ports.grpc = 8502;
      };
    };
    openssh = {
      enable = true;
      settings.PermitRootLogin = "yes";
    };
  };

  systemd.tmpfiles.rules = [
    # Fix issue where nomad needs alloc_mounts to be writable
    "d /var/lib/alloc_mounts 0755 root root -"
%{ for volume in host_volumes ~}
    # Create a directory for ${volume} to store its data
    "d /opt/${volume} 0755 root root -"
%{ endfor ~}
  ];

  # Open ports in the firewall. 80/443 are for HTTP/HTTPS (terraform), 464X are the default ports for Nomad, 830X are the default ports for Consul.
  networking.firewall.allowedTCPPorts = [ 80 443 8081 4646 4647 4648 8300 8301 8500 ];
  networking.firewall.allowedUDPPorts = [ 8301 ];

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  system.copySystemConfiguration = true;
 
  # Defines the initial NixOS version for compatibility with older application data.
  # Do NOT change this value after installation without careful consideration.
  system.stateVersion = "24.11"; # Did you read the comment?
}