{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
  name = "gitea-runner";
in
{
  microvm = {
    autostart = [
      name
    ];
    vms = {
      ${name} = {

        inherit pkgs;

        config = {
          imports = 
            [ agenix.nixosModules.default ] ++
            [ impermanence.nixosModules.impermanence ] ++
            [( ./gitea_runner.nix )];

          networking = {
            hostName = "${name}";

            firewall = {
              enable = true;
                allowedUDPPorts = [  ];
                allowedTCPPorts = [  ];
            };
          };
          systemd.network = {
              enable = true;
              networks = {
                  "10-lan" = {
                      matchConfig.Name = "*";
                      networkConfig = {
                        DHCP = "yes";
                        IPv6AcceptRA = true;
                      };
                  };
              };
          };

          users.users.${user} = {                   # System User
            isNormalUser = true;
            extraGroups = [ "wheel" ];
            uid = 2000;
            openssh.authorizedKeys.keys = [
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
            ];
          };
          services = {
            openssh = {
              enable = true;
              settings.PasswordAuthentication = false;
              hostKeys = [
              {
                  path = "/persist/etc/ssh/ssh_host_ed25519_key";
                  type = "ed25519";
              }
              {
                  path = "/persist/etc/ssh/ssh_host_rsa_key";
                  type = "rsa";
                  bits = 4096;
              }];
            };
          };

          fileSystems."/persist".neededForBoot = lib.mkForce true;

          environment = {
            systemPackages = with pkgs; [           # Default packages install system-wide
               bash
               coreutils
               curl
               gawk
               gitMinimal
               gnused
               nodejs
               wget
            ];
            persistence."/persist" = {
              directories = [
                "/var/log"
                "/var/lib/private"
              ];

              files = [
                "/etc/machine-id"
              ];
            };
          };

          microvm = {
            hypervisor = "qemu";
            vcpu = 4;
            mem = 3096;
            balloonMem = 3096;
            #kernel = pkgs.linuxKernel.packages.linux_latest;
            interfaces = [
            {
              type = "user";
              id = "vm-${name}";
              mac = "04:00:00:00:00:02";
            } ];
             shares = [{
              source = "/nix/store";
              mountPoint = "/nix/.ro-store";
              tag = "ro-store";
              proto = "virtiofs";
            }
            {
              source = "/etc/vm-persist/${name}";
              mountPoint = "/persist";
              tag = "persist";
              proto = "virtiofs";
            }];
            #writableStoreOverlay = "/nix/.rw-store";
            #storeOnDisk = true;
          };

          system.stateVersion = "23.05";
        };
      };
    };
  };
}