{ lib, config, pkgs, ... }: {
  imports = [
    ../../common
    ../../profiles/headless.nix
    ../../profiles/kartoffel.nix
    ../../profiles/lxc.nix
    ../../services/akkoma
    ../../services/nginx.nix
  ];
  networking = {
    hostName = "florp";
    domain = lib.mkForce "social";
  };
  systemd.network.networks."98-eth-default" = {
    address = [
      "2a0f:be01:0:100::171/128" 
    ];
  };

  kyouma.nginx.defaultForbidden = "florp.social";
  kyouma.restic = let
    pgBackup = "/var/cache/postgresql.sql";
  in {
    enable = true;
    remoteUser = "zh3485s1";
    timerConfig = {
      OnCalendar = "hourly";
      Persistent = true;
    };
    paths = [
      "/var/lib/akkoma"
      "/var/lib/secrets"
      pgBackup
    ];

    backupPrepareCommand = ''
      umask 0077
      rm -f -- ${pgBackup} 
      ${pkgs.su}/bin/su -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \
        ${config.services.postgresql.superUser} >${pgBackup}
    '';

    backupCleanupCommand = ''
      rm -f -- ${pgBackup}
    '';
  };

  services.postgresql.settings = {
    max_connections = 128;
    shared_buffers = "4GB";
    effective_cache_size = "12GB";
    maintenance_work_mem = "1GB";
    checkpoint_completion_target = 0.9;
    wal_buffers = "16MB";
    default_statistics_target = 100;
    random_page_cost = 1.1;
    effective_io_concurrency = 200;
    work_mem = "34952kB";
    huge_pages = "try";
    min_wal_size = "2GB";
    max_wal_size = "8GB";
    max_worker_processes = 16;
    max_parallel_workers_per_gather = 4;
    max_parallel_workers = 16;
    max_parallel_maintenance_workers = 4;
  };
  system.stateVersion = "24.11";
}