{ config, lib, pkgs, ... }:

with import <stockholm/lib>;
{
  imports = [
    {
      users.users =
        mapAttrs (_: h: { hashedPassword = h; })
                 (import <secrets/hashedPasswords.nix>);
    }
    ./editor/vim.nix
    ./binary-cache/nixos.nix
    ./minimal.nix
  ];

  # users are super important
  users.users = {
    root = {
        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
    };
    makefu = {
      uid = 9001;
      group = "users";
      home = "/home/makefu";
      createHome = true;
      useDefaultShell = true;
      extraGroups = [ "wheel" ];
        openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
    };
  };

  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;

  nixpkgs.config.allowUnfreePredicate =  (pkg: pkgs.lib.hasPrefix "unrar-" pkg.name);
  krebs = {
    enable = true;

    dns.providers.lan  = "hosts";
    search-domain = "r";
    build.user = config.krebs.users.makefu;
  };




  boot.tmpOnTmpfs = true;
  systemd.tmpfiles.rules = [
    "d /tmp 1777 root root - -"
  ];

  environment.systemPackages = with pkgs; [
      jq
      git
      gnumake
      rxvt_unicode.terminfo
      htop
  ];

  programs.bash.enableCompletion = true;

  environment.shellAliases = {
    # TODO: see .aliases
    lsl = "ls -lAtr";
    dmesg = "journalctl -kb | cat";
    psg = "ps -ef | grep";
    nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
    grep = "grep --color=auto";
  };

  nixpkgs.config.packageOverrides = pkgs: {
    nano = pkgs.runCommand "empty" {} "mkdir -p $out";
    tinc = pkgs.tinc_pre;
  };


  nix.extraOptions = ''
    auto-optimise-store = true
  '';

  security.wrappers.sendmail = {
    source = "${pkgs.exim}/bin/sendmail";
    setuid = true;
  };
  services.journald.extraConfig = ''
    SystemMaxUse=1G
    RuntimeMaxUse=128M
    '';

}