{ config, pkgs, ... }:
{
  system.stateVersion = "25.11";
  clan.core.sops.defaultGroups = [ "admins" ];

  clan.core.settings.machine.description = "Zima board computer for testing in B4L";

  clan.core.vars.generators.prometheus = {
    files.envFile.secret = true;
    files.matrix-alertmanager-token.secret = true;
    files.matrix-alertmanager-secret.secret = true;
    files.matrix-alertmanager-urlfile = {
      secret = true;
      owner = "alertmanager";
      group = "alertmanager";
    };
    script = ''
      echo "" > $out/envFile
      echo "" > $out/matrix-alertmanager-token
      openssl rand -hex 32 > "$out"/matrix-alertmanager-secret

      echo "http://localhost:3000/alerts?secret=$(cat $out/matrix-alertmanager-secret)" > $out/matrix-alertmanager-urlfile
    '';
    runtimeInputs = [
      pkgs.openssl
    ];
  };

  services.prometheus.alertmanager.environmentFile =
    config.clan.core.vars.generators.prometheus.files.envFile.path;

  services.matrix-alertmanager.tokenFile =
    config.clan.core.vars.generators.prometheus.files.matrix-alertmanager-token.path;
  services.matrix-alertmanager.secretFile =
    config.clan.core.vars.generators.prometheus.files.matrix-alertmanager-secret.path;

}