{ config, lib, pkgs, ... }:

let state-dir = "/state";
in {
  fudo.slynk.enable = true;

  environment.systemPackages = with pkgs; [ opencv-java ];

  networking = { interfaces = { intif0 = { useDHCP = true; }; }; };

  systemd.tmpfiles.rules = [
    "L /root/.gnupg           - - - - ${state-dir}/user/root/gnupg"
    "L /root/.ssh/id_rsa      - - - - ${state-dir}/user/root/ssh/id_rsa"
    "L /root/.ssh/id_rsa.pub  - - - - ${state-dir}/user/root/ssh/id_rsa.pub"
    "L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
    "L /var/lib/flatpak       - - - - ${state-dir}/lib/flatpak"
  ];

  services.openssh.hostKeys = [
    {
      path = "${state-dir}/ssh/ssh_host_rsa_key";
      type = "rsa";
      bits = 4096;
    }
    {
      path = "${state-dir}/ssh/ssh_host_ed25519_key";
      type = "ed25519";
      bits = 4096;
    }
  ];

  environment.etc = {
    "ssh/ssh_host_rsa_key" = {
      source = "${state-dir}/ssh/ssh_host_rsa_key";
      user = "root";
      group = "root";
      mode = "0400";
    };
    "ssh/ssh_host_rsa_key.pub" = {
      source = "${state-dir}/ssh/ssh_host_rsa_key.pub";
      user = "root";
      group = "root";
      mode = "0444";
    };
    "ssh/ssh_host_ed25519_key" = {
      source = "${state-dir}/ssh/ssh_host_ed25519_key";
      user = "root";
      group = "root";
      mode = "0400";
    };
    "ssh/ssh_host_ed25519_key.pub" = {
      source = "${state-dir}/ssh/ssh_host_ed25519_key.pub";
      user = "root";
      group = "root";
      mode = "0444";
    };
    nixos.source = "/etc/nixos-live";
    "host-config.nix".source = "${state-dir}/host/host-config.nix";
    adjtime.source = "${state-dir}/host/adjtime";
    NIXOS.source = "${state-dir}/host/NIXOS";
  };

  security.sudo.extraConfig = ''
    # Due to rollback, sudo will lecture after every reboot
    Defaults lecture = never
  '';
}