{ config, lib, pkgs, ... }:

{
  boot.initrd.kernelModules = [ "r8169" ]; # add network card driver
  boot.kernelParams = ["ip=:::::enp6s0:dhcp"]; # enable dhcp on primary network interface
  boot.initrd.network = {
    enable = true;
    ssh = {
      enable = true;
      port = 2222;
      # TODO: Modify system config so that this works
#     authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
      authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
      hostKeys = [ /run/keys/ecdsa_host ];
    };
    # TODO: curl some webhook here to alert?
    #       possibly quite hard to do, we only have limited wget or netcat available
    # how this all works:
    #       when someone logs in via ssh, they are prompted to unlock the zfs volume
    #       afterwards zfs is killed in order for the boot to progress
    #       timeout of 120s still applies afaik
    postCommands = ''
      zpool import zroot
      zpool import dpool
      echo "zfs load-key -a; killall zfs && exit" >> /root/.profile
    '';
  };
}