{ inputs, pkgs, lib, config, ... }:
let
  inherit (builtins) readFile;
  inherit (config.users) users;
in
{
imports = [
  ../../members/julm.nix
];

nix.trustedUsers = [
  users."julm".name
];

users = {
  mutableUsers = false;
  users = {
    root = {
      openssh.authorizedKeys.keys =
        users."julm".openssh.authorizedKeys.keys ++
        [ (readFile (inputs.secrets + "/hosts/losurdo/ssh/root.ssh-ed25519.pub")) ];
      hashedPassword = "!";
    };
  };
  groups = {
    wheel.members = [
      users."julm".name
    ];
  };
};

networking.nftables.ruleset = ''
  add rule inet filter fw2net tcp dport {25,465} skuid ${users.julm.name} counter accept comment "SMTP"
  add rule inet filter fw2net tcp dport 43 skuid ${users.julm.name} counter accept comment "Whois"
  add rule inet filter fw2net tcp dport 563 skuid ${users.julm.name} counter accept comment "NNTPS"
  add rule inet filter fw2net tcp dport 6697 skuid ${users.julm.name} counter accept comment "IRCS"
  add rule inet filter fw2net tcp dport 11371 skuid ${users.julm.name} counter accept comment "HKP"
'';
}