{ lib, config, ... }:
let
  inherit (config.users) users;
in
{
  imports = [
    ../../../users/julm.nix
  ];

  users.users.julm = {
    hashedPassword = lib.readFile julm/hashedPassword.clear;
    openssh.authorizedKeys.keys = map lib.readFile [
      ../../../users/julm/ssh/mob.pub
      ../../../users/julm/ssh/losurdo.pub
    ];
    extraGroups = [
      "adbusers"
      "dialout"
      "lp"
      "networkmanager"
      "scanner"
      "tor"
      "wheel"
    ];
  };

  users.users.root.openssh.authorizedKeys.keys =
      users."julm".openssh.authorizedKeys.keys;

  nix.settings.trusted-users = [
    users."julm".name
  ];

  services.sanoid.datasets = {
    "das1/julm/backup" = {
      use_template = [ "prune" ];
      recursive = true;
    };
    "das1/julm/perso" = {
      use_template = [ "snap" ];
      recursive = true;
    };
    "das1/julm/public" = {
      use_template = [ "snap" ];
      recursive = true;
    };
  };

  networking.nftables.ruleset = ''
    table inet filter {
      chain output-net-julm {
        tcp dport {smtp, submissions} counter accept comment "SMTP"
        tcp dport nicname counter accept comment "Whois"
        tcp dport imaps counter accept comment "IMAPS"
        tcp dport ircs-u counter accept comment "IRCS"
        tcp dport 2222 counter accept comment "SSH(boot)"
        tcp dport xmpp-client counter accept comment "XMPP"
        tcp dport hkp counter accept comment "HKP"
        tcp dport {9009,9010,9011,9012,9013} counter accept comment "croc"
        udp dport 33434-33523 counter accept comment "traceroute"
        udp dport 60000-61000 counter accept comment "Mosh"
      }
      chain output-net {
        skuid ${users.julm.name} jump output-net-julm
      }
    }
  '';
}