{ config, ... }:

let hn = "singularity"; in {
  networking = {
    domain = config.constants.domain;
    firewall.allowedTCPPorts = [ 80 443 50051 ];
    hostName = hn;
    hostId = "2cadb253";
  };

  services.openssh = {
    enable = true;
    settings = {
      KbdInteractiveAuthentication = false;
      PasswordAuthentication = false;
    };
    hostKeys = [{
      comment = "host@${hn}";
      path = "/etc/ssh/host";
      rounds = 100;
      type = "ed25519";
    }];
  };

  sops.secrets."cloudflare/${hn}" = { };

  services.cloudflare-dyndns = {
    enable = true;
    apiTokenFile = config.sops.secrets."cloudflare/${hn}".path;
    domains = builtins.attrNames config.services.caddy.virtualHosts;
  };

  services.resolved.enable = true;
}