{ config, lib, pkgs, ... }:
let
  # Adapted from https://nixos.wiki/wiki/Overlays
  overlaysCompat = pkgs.writeTextFile {
    name = "overlays-compat";
    destination = "/overlays.nix";
    text = ''
      self: super:
      with super.lib;
      let
        # Load the system config and get the `nixpkgs.overlays` option
        # This fails gracefully if getFlake is not available
        overlays = if builtins.hasAttr "getFlake" builtins
          then (builtins.getFlake "/var/src/config").nixosConfigurations.${config.networking.hostName}.config.nixpkgs.overlays
          else [ ];
      in
        # Apply all overlays to the input of the current "main" overlay
        foldl' (flip extends) (_: super) overlays self
    '';
  };
in
{
  sops.secrets.binary-cache-secret-key = { };
  sops.secrets.nix-netrc = {
    group = "wheel";
    mode = "0440";
  };

  nix = {
    # nix with flake support
    package = pkgs.nixUnstable;

    nixPath = [
      "nixpkgs-overlays=${overlaysCompat}"
    ];
    # Make sudoers trusted nix users
    trustedUsers = [ "@wheel" ];

    binaryCaches = [
      "https://nix-cache.sbruder.de/"
    ];
    binaryCachePublicKeys = [
      "nix-cache.sbruder.de-1:bU13eF6IMMW2hgO7StgB6JCAoZPeAQ27NAzV0kru1XM="
    ];

    # On-the-fly optimisation of nix store
    autoOptimiseStore = true;
    extraOptions = ''
      # Binary cache upload
      secret-key-files = ${config.sops.secrets.binary-cache-secret-key.path}
      netrc-file = ${config.sops.secrets.nix-netrc.path}

      experimental-features = nix-command flakes
    '' + lib.optionalString config.sbruder.full ''
      # Keep output of derivations with gc root
      keep-outputs = true
      keep-derivations = true
    '';

    # Make nix build in background less noticeable
    daemonNiceLevel = 10;
    daemonIONiceLevel = 5; # 0-7
  };
}