{ pkgs, lib, config, ... }:
let
  inherit (builtins.extraBuiltins) pass-chomp;
  inherit (config.users) users;
in
{
imports = [
  ../../members/julm.nix
];

nix.trustedUsers = [
  users."julm".name
];

networking.nftables.ruleset = ''
  add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
  add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
  add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
  add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
  add rule inet filter fw2net tcp dport {9009,9010,9011,9012,9013} skuid ${users.julm.name} counter accept comment "croc"
'';

users = {
  mutableUsers = false;
  users = {
    root = {
      openssh.authorizedKeys.keys =
        users."julm".openssh.authorizedKeys.keys;
      hashedPassword = "!";
    };
    julm = {
      hashedPassword = pass-chomp "machines/losurdo/login/julm/hashedPassword";
    };
  };
  groups = {
    wheel = {
      members = [
        users."julm".name
      ];
    };
  };
};

security.gnupg.secrets."/root/.ssh/id_ed25519" = {};
}