{ config, lib, pkgs, ... }:

with lib;
let
  reboot-if-necessary = pkgs.writeScriptBin "reboot-if-necessary" ''
    #!${pkgs.stdenv.shell}

    set -ne

    if [ $# -ne 1 ]; then
      echo "FAILED: no sync file provided."
      exit 1
    fi

    WALL=${pkgs.utillinux}/bin/wall

    if [ -f $1 ]; then
      $WALL "$1 exists, rebooting system"
      ${pkgs.systemd}/bin/reboot
    else
      $WALL "$1 does not exist, aborting reboot."
    fi

    exit 0
  '';

  test-config = pkgs.writeScriptBin "fudo-test-config" ''
    #!${pkgs.stdenv.shell}

    set -ne

    if [ $# -gt 1 ]; then
      echo "usage: $0 [timeout]"
      exit 1
    elif [ $# -eq 1 ]; then
      TIMEOUT=$1
    else
      TIMEOUT=15m
    fi

    SYNCFILE=$TMP/sync-$(date +"%Y%m%d-%H%M%N")
    touch $SYNCFILE
    ${pkgs.utillinux}/bin/wall "Launching config. System will restart in $TIMEOUT if $SYNCFILE still exists."
    systemd-run --on-active=$TIMEOUT ${reboot-if-necessary} $SYNCFILE
    nixos-rebuild test

    exit 0
  '';

in {
  config = mkIf (config.fudo.common.profile == "server") {
    environment = {
      systemPackages = with pkgs; [
        ldns
        ldns.examples
        test-config
        reboot-if-necessary
      ];

      noXlibs = true;
    };

    security = {
      hideProcessInformation = true;
    };

    networking = {
      networkmanager.enable = mkForce false;
    };

    boot.tmpOnTmpfs = true;

    services.xserver.enable = false;

    programs = {
      gnupg.agent = {
        enable = true;
        enableSSHSupport = true;
      };
    };
  };
}