# MANUAL: On client machines generate signing keys:
#   nix-store --generate-binary-cache-key some-name /persist/manual/nix/nix-cache-key.sec /persist/manual/nix/nix-cache-key.pub
#
# Trust other machines and add the substituters:
#   nix.binaryCachePublicKeys = [ "some-name:AzNW1MOlkNEsUAXS1jIFZ1QCFKXjV+Y/LrF37quAZ1A=" ];
#   nix.binaryCaches = [ "https://test.example/nix-cache" ];

{
  config,
  lib,
  pkgs,
  ...
}:
{
  imports = [
    ./hardware-configuration.nix
    ./vm_disk.nix
  ];

  config = {
    # Generate with `head -c4 /dev/urandom | od -A none -t x4`
    networking.hostId = "6fbf418b";

    networking.hostName = "hydra"; # Define your hostname.

    time.timeZone = "America/New_York";
    i18n.defaultLocale = "en_US.UTF-8";

    me.boot.enable = true;
    me.boot.secure = false;
    me.mountPersistence = true;
    boot.loader.timeout = lib.mkForce 0; # We can always generate a new ISO if we need to access other boot options.

    me.optimizations = {
      enable = true;
      arch = "znver4";
      # build_arch = "x86-64-v3";
      system_features = [
        "gccarch-znver4"
        "gccarch-skylake"
        "gccarch-kabylake"
        # "gccarch-alderlake" missing WAITPKG
        "gccarch-x86-64-v3"
        "gccarch-x86-64-v4"
        "benchmark"
        "big-parallel"
        "kvm"
        "nixos-test"
      ];
    };

    # Mount tmpfs at /tmp
    boot.tmp.useTmpfs = true;

    # Enable TRIM
    # services.fstrim.enable = lib.mkDefault true;

    # nix.optimise.automatic = true;
    # nix.optimise.dates = [ "03:45" ];
    # nix.optimise.persistent = true;

    me.image_based_appliance.enable = lib.mkForce false;

    environment.systemPackages = with pkgs; [
      htop
    ];

    # nix.sshServe.enable = true;
    # nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ];

    me.build_in_ram.enable = true;
    me.dont_use_substituters.enable = true;
    me.minimal_base.enable = true;
    me.nix_worker.enable = true;
  };
}