{ config, lib, pkgs, options, ... }:
let inherit (builtins.extraBuiltins) pass;
in
{
  imports =
    [ ./system/zfs.nix
      ./system/shorewall.nix
    ];

  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you should.
  system.stateVersion = "19.09"; # Did you read the comment?

  # Clean /tmp automatically on boot.
  boot.cleanTmpDir = true;

  networking = {
    hostName = "mermet";
    domain   = "sourcephile.fr";
  };

  users = {
    mutableUsers = false;
    users = {
      root = rec {
        initialPassword = password;
        password        = pass "servers/mermet/login/root";
        openssh.authorizedKeys.keys = [
          (pass "members/julm/ssh.pub")
        ];
      };
    };
    groups = {
    };
  };

  environment = {
    systemPackages = with pkgs; [
      cryptsetup
      fio
      git
      gptfdisk
      lm_sensors
      smartctl-tbw
    ];
  };
}