{ config, lib, pkgs, ... }:

{
  imports = [];
  boot.supportedFilesystems = [ "zfs" ];
  boot.initrd.network = {
    # This will use udhcp to get an ip address.
    # Make sure you have added the kernel module for your network driver to `boot.initrd.availableKernelModules`, 
    # so your initrd can load it!
    # Static ip addresses might be configured using the ip argument in kernel command line:
    # https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt
    enable = true;
    ssh = {
       enable = true;
       # To prevent ssh from freaking out because a different host key is used,
       # a different port for dropbear is useful (assuming the same host has also a normal sshd running)
       port = 2222;
       # dropbear uses key format different from openssh; can be generated by using:
       # $ nix-shell -p dropbear --command "dropbearkey -t ecdsa -f /tmp/initrd-ssh-key"
       # WARNINg: this key will be in the NixOS store and the initrd and thus maybe on cleartext storage.
       hostECDSAKey = ../dropbear/host-ecdsa-key;
       # public ssh key used for login
       authorizedKeys = [
         # julm
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD5FtR++UPEg/5wFeyb2JSS09idTaDb4tMIRf1yxCsyIJEp5LQMif/fIptDeHoYc55lwy8vnWWN9PJpb6PS8YSaLLFV5tn8esR8Ml+evNCAD52Tdu1kPRXGLCSF5kSVnbAMoxqiNi8vRRKXwAzGgXmIUzDAE4QTsq3EwZM6cBnDx5O79wBIZ9va2TObL52qv+Vpi+QyINuslKKc+Osu92pdwceIGZUcwA6Y8aH6lavaTyDUQdSjMRMTAiXSPRjmHf1q+V7wENXT/TKXuuahN8NnJShX3Qf9hwNEIU46SOENsrRFQ5eYahAmqUIK4GbsERS2KRDxbvSOl7rKh2sauBxyKfkW/gxQ4LAyywxuumpI0pO7XmdINCGWdXS9gD216lcGuH/TC0KboiOVExh65eRIOeEFTec0VJQEqqnFul7u8YNPmbBpLnM+SQ3TAkdQmfasKgPIazFNCAnC8I9hKlGYpLk/Dgi/sVbwFeoOUQcaTBRnWKUCedX4v4kmPIHuHSNPV2C/0770gH2iJ1N1XEO3YDGiixuHHiLlCV8Ko950CoTh1PwDNCd3Qy/jR/QhE2waVPliFwl2+H6IkIxkUO8A9ktLCJUeaZJN3snoV+9hvpT1E2TrEccsTVx5BaGAJCUkvO2XYlEsNceIIitkrbhidjZvfZ4/czGUKoN1wSSpMw== GnuPG pub=F2E027182397AC0775714F2AD15AF7F467E8299B sub=7819E44BAEEDE91683811BB00E1AAADBE227DDAA"
       ];
    };
    # this will automatically load the zfs password prompt on login
    # and kill the other prompt so boot can continue
    postCommands = ''
      #zpool import rpool
      echo "zfs load-key -a; killall zfs" >> /root/.profile
    '';
  };

  # The 32-bit host id of the machine, formatted as 8 hexadecimal characters.
  # You should try to make this id unique among your machines.
  # Manually generated with : head -c4 /dev/urandom | od -A none -t x4 | cut -d ' ' -f 2
  networking.hostId = "69c40b03";

  # noop, the recommended elevator with zfs.
  # shell_on_fail allows to force import manually in the case of zfs import failure.
  boot.kernelParams = [
    "elevator=noop"
    "zfs.zfs_arc_max=262144000" # 250Mo
  ];

  # FIXME: Uncomment [on a working system] to ensure extra safeguards are active that zfs uses to protect zfs pools:
  #boot.zfs.forceImportAll = false;
  #boot.zfs.forceImportRoot = false;

  boot.zfs.enableUnstable = true;
  boot.zfs.requestEncryptionCredentials = true;

  # Enables periodic scrubbing of ZFS pools.
  services.zfs.autoScrub.enable = true;

  /*
  # Enable the (OpenSolaris-compatible) ZFS auto-snapshotting service.
  services.zfs.autoSnapshot = {
    enable   = true;
    frequent = ;
    hourly   = ;
    daily    = ;
    weekly   = ;
    monthly  = ;
  };
  */

}