{ config, lib, pkgs, ... }:

with lib;
let
  primary-ip = "10.0.0.20";

in {
  config = {
    networking = {
      useDHCP = false;

      defaultGateway = {
        address = "10.0.0.1";
        interface = "intif0";
      };

      interfaces.intif0 = {
        ipv4.addresses = [{
          address = primary-ip;
          prefixLength = 22;
        }];
      };
    };

    fudo.secrets = {
      secret-group = "fudo-secrets";
      secret-users = [ "niten" ];
      secret-paths = [ "/state/secrets" ];
    };

    systemd.tmpfiles.rules = [
      "L /root/.gnupg - - - - /state/root/gnupg"
      "L /root/.ssh/id_rsa - - - - /state/root/ssh/id_rsa"
      "L /root/.ssh/id_rsa.pub - - - - /state/root/ssh/id_rsa.pub"
      "L /root/.ssh/known_hosts - - - - /state/root/ssh/known_hosts"
    ];

    environment = {
      systemPackages = with pkgs; [
        nixopsUnstable
      ];

      etc = {
        nixos.source = "/state/nixos";
        adjtime.source = "/state/etc/adjtime";
        NIXOS.source = "/state/etc/NIXOS";
      };
    };

    system.stateVersion = "21.05";

    security.sudo.extraConfig = ''
      # Due to tmpfs home, it'll always lecture otherwise
      Defaults lecture = never
    '';

    services = {
      openssh = {
        hostKeys = [
          {
            path = "/state/ssh/ssh_host_ed25519_key";
            type = "ed25519";
          }
          {
            path = "/state/ssh/ssh_host_rsa_key";
            type = "rsa";
            bits = 4096;
          }
        ];
      };
    };
  };
}