let
  pkgs = import <nixpkgs> { };

  gridlib = import ../../lib;
  rawConfig = pkgs.lib.trivial.importJSON ./config.json;
  config = rawConfig // {
    sshUsers = import ./public-keys/users.nix;

    # Convert relative paths to absolute so library code can resolve names
    # correctly.
    publicKeyPath = toString ./. + "/${rawConfig.publicKeyPath}";
    privateKeyPath = toString ./. + "/${rawConfig.privateKeyPath}";
  };

  # Configure deployment management authorization for all systems in the grid.
  deployment = {
    services.private-storage.deployment = {
      authorizedKey = builtins.readFile "${config.publicKeyPath}/deploy_key.pub";
      gridName = "local";
    };
  };

  payments = {
    imports = [
      gridlib.issuer
      (gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.21"; }))
      (gridlib.customize-issuer (config // {
          monitoringvpnIPv4 = "172.23.23.11";
      }))
      deployment
    ];
  };

  storage1 = {
    imports = [
      gridlib.storage
      (gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.22"; }))
      (gridlib.customize-storage (config // {
        monitoringvpnIPv4 = "172.23.23.12";
        stateVersion = "19.09";
      }))
      deployment
    ];
  };

  storage2 = {
    imports = [
      gridlib.storage
      (gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.23"; }))
      (gridlib.customize-storage (config // {
        monitoringvpnIPv4 = "172.23.23.13";
        stateVersion = "19.09";
      }))
      deployment
    ];
  };

  monitoring = {
    imports = [
      gridlib.monitoring
      (gridlib.hardware-virtual ({ publicIPv4 = "192.168.67.24"; }))
      (gridlib.customize-monitoring {
        inherit hostsMap vpnClientIPs nodeExporterTargets paymentExporterTargets;
        inherit (config) domain publicKeyPath privateKeyPath letsEncryptAdminEmail;
        googleOAuthClientID = config.monitoringGoogleOAuthClientID;
        monitoringvpnIPv4 = "172.23.23.1";
        stateVersion = "19.09";
      })
      deployment
    ];
  };

  # TBD: derive these automatically:
  hostsMap = {
    "172.23.23.1"  = [ "monitoring" "monitoring.monitoringvpn" ];
    "172.23.23.11" = [ "payments" "payments.monitoringvpn" ];
    "172.23.23.12" = [ "storage1" "storage1.monitoringvpn" ];
    "172.23.23.13" = [ "storage2" "storage2.monitoringvpn" ];
  };
  vpnClientIPs = [ "172.23.23.11" "172.23.23.12" "172.23.23.13" ];
  nodeExporterTargets = [ "monitoring" "payments" "storage1" "storage2" ];
  paymentExporterTargets = [ "payments" ];

in {
  network = {
    description = "PrivateStorage.io LocalDev Grid";
  };
  inherit payments monitoring storage1 storage2;
}