{ lib, config, ... }:
let
  inherit (config.users) users;
in
{
  imports = [
    ../../../users/julm.nix
  ];

  users.users.julm = {
    hashedPassword = lib.readFile julm/hashedPassword.clear;
    openssh.authorizedKeys.keys = map lib.readFile [
      ../../../users/julm/ssh/mob.pub
      ../../../users/julm/ssh/losurdo.pub
    ];
    extraGroups = [
      "tor"
      "wheel"
    ];
  };

  users.users.root.openssh.authorizedKeys.keys =
    map lib.readFile [
      ../../../users/julm/ssh/gnupg.pub
      ../../../users/julm/ssh/losurdo.pub
      ../../../users/julm/ssh/oignon.pub
    ];

  nix.settings.trusted-users = [
    users."julm".name
  ];

  services.sanoid.datasets = {
    "rpool/home/julm/mail" = {
      use_template = [ "snap" ];
      # Not until https://github.com/jimsalterjrs/sanoid/pull/342#issuecomment-980494511 has been fixed
      #hourly = 12;
      daily = 7;
    };
    "rpool/home/julm/log" = {
      use_template = [ "snap" ];
      # Not until https://github.com/jimsalterjrs/sanoid/pull/342#issuecomment-980494511 has been fixed
      #hourly = 12;
      daily = 7;
      monthly = 1;
    };
    "rpool/backup/losurdo/home/julm/work" = {
      use_template = [ "prune" ];
      daily = 31;
    };
  };

  networking.nftables.ruleset = ''
    table inet filter {
      chain output-net-julm {
        tcp dport {smtp, submissions} counter accept comment "SMTP"
        tcp dport nicname counter accept comment "Whois"
        tcp dport imaps counter accept comment "IMAPS"
        tcp dport ircs-u counter accept comment "IRCS"
        tcp dport 2222 counter accept comment "SSH(boot)"
        tcp dport xmpp-client counter accept comment "XMPP"
        tcp dport hkp counter accept comment "HKP"
        tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"
        udp dport 33434-33523 counter accept comment "traceroute"
        udp dport 60000-61000 counter accept comment "Mosh"
      }
      chain output-net {
        skuid ${users.julm.name} jump output-net-julm
      }
    }
  '';
}