# Use `nixos-container login jobber` as root and empty pw.
{
	__findFile,
	const,
	lib,
	pkgsJobber,
	poetry2nixJobber,
	...
}: let
	script = import <package/jobber> {
		pkgs       = pkgsJobber;
		poetry2nix = poetry2nixJobber;
	};
in {
	networking.nat = {
		enable = true;
		externalInterface  = "enp8s0";
		internalInterfaces = [ "ve-+" ];
	};

	containers.jobber = {
		autoStart      = true;
		enableTun      = true;
		privateNetwork = true;
		hostAddress    = "188.242.247.132";
		localAddress   = "10.1.0.2";

		bindMounts = {
				"/data" = {
					hostPath   = "/storage/hot/data/jobber";
					isReadOnly = true;
				};
			};

		config = { ... }: let
			packages = [
				script
			] ++ (with pkgsJobber; [
				firefox
				geckodriver
				openvpn
				python311
			]);
		in {
			boot.isContainer = true;
			system.stateVersion = const.stateVersion;
			users = {
				users.root.password = "";
				mutableUsers = false;
			};
			networking = {
				useHostResolvConf = lib.mkForce false;
				nameservers = [
					"10.30.218.2"
				];
			};

			systemd.services.jobber = {
				description = "My job is pushing the button.";
				enable = true;
				path = packages;
				wantedBy = [
					"multi-user.target"
				];
				environment = {
					PYTHONDONTWRITEBYTECODE = "1";
					PYTHONUNBUFFERED        = "1";
				};
				serviceConfig = {
					ExecStart = "${script}/bin/jobber -u";
					Restart   = "on-failure";
					Type      = "simple";
				};
			};
		};
	};
}