{ config, lib, pkgs, ... }:

with lib; {
  config = {
    environment.etc = {
      nixos.source = "/state/nixos";
      adjtime.source = "/state/etc/adjtime";
      NIXOS.source = "/state/etc/NIXOS";
      machine-id.source = "/state/etc/machine-id";
      "host-config.nix".source = "/state/etc/host-config.nix";
    };

    system.stateVersion = "20.09";

    boot.initrd.postDeviceCommands = lib.mkAfter ''
      ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
    '';

    security.sudo.extraConfig = ''
      # rollback results in sudo lectures after each reboot
      Defaults lecture = never
    '';

    systemd.tmpfiles.rules = [
      "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
      "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
    ];

    services = {
      openssh = {
        hostKeys = [
          {
            path = "/state/ssh/ssh_host_ed25519_key";
            type = "ed25519";
          }
          {
            path = "/state/ssh/ssh_host_rsa_key";
            type = "rsa";
            bits = 4096;
          }
        ];
      };
    };
  };
}