with import <stockholm/lib>;
{ config, ... }: let

  hostDefaults = hostName: host: flip recursiveUpdate host ({
    ci = false;
    external = true;
    monitoring = false;
  } // optionalAttrs (host.nets?retiolum) {
    nets.retiolum.ip6.addr =
      (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
  } // optionalAttrs (host.nets?wiregrill) {
    nets.wiregrill.ip6.addr =
      (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
  });
  ssh-for = name: builtins.readFile (./ssh + "/${name}.pub");
  tinc-for = name: builtins.readFile (./tinc + "/${name}.pub");

in {
  hosts = mapAttrs hostDefaults {
    pepe = {
      owner = config.krebs.users.palo;
      nets = {
        retiolum = {
          ip4.addr = "10.243.23.1";
          tinc.port = 720;
          aliases = [ "pepe.r" ];
          tinc.pubkey = tinc-for "palo";
        };
      };
    };
    kruck = {
      owner = config.krebs.users.palo;
      nets = {
        retiolum = {
          ip4.addr = "10.243.23.3";
          tinc.port = 720;
          aliases = [ "kruck.r" ];
          tinc.pubkey = tinc-for "palo";
        };
      };
    };
    schasch = {
      owner = config.krebs.users.palo;
      nets = {
        retiolum = {
          ip4.addr = "10.243.23.2";
          tinc.port = 720;
          aliases = [ "schasch.r" ];
          tinc.pubkey = tinc-for "palo";
        };
      };
    };
    workhorse = {
      owner = config.krebs.users.palo;
      nets = {
        retiolum = {
          ip4.addr = "10.243.23.5";
          tinc.port = 720;
          aliases = [ "workhorse.r" ];
          tinc.pubkey = tinc-for "palo";
        };
      };
    };
    workout = {
      owner = config.krebs.users.palo;
      nets = {
        retiolum = {
          ip4.addr = "10.243.23.4";
          tinc.port = 720;
          aliases = [ "workout.r" ];
          tinc.pubkey = tinc-for "palo";
        };
      };
    };
  };
  users = {
    palo = {
    };
  };
}