{ config, lib, pkgs, ... }:
let
  # Taken from https://nixos.wiki/wiki/Overlays
  overlaysCompat = pkgs.writeTextFile {
    name = "overlays-compat";
    destination = "/overlays.nix";
    text = ''
      self: super:
      with super.lib;
      let
        # Load the system config and get the `nixpkgs.overlays` option
        overlays = (import <nixpkgs/nixos> { }).config.nixpkgs.overlays;
      in
        # Apply all overlays to the input of the current "main" overlay
        foldl' (flip extends) (_: super) overlays self
    '';
  };
in
{
  sops.secrets.binary-cache-secret-key = { };
  sops.secrets.nix-netrc = {
    group = "wheel";
    mode = "0440";
  };

  nix = {
    # nix with flake support
    package = pkgs.nixUnstable;

    nixPath = [
      "/var/src" # pinned nixpkgs and configuration
      "nixpkgs=/var/src/nixpkgs" # for nix run
      "nixpkgs-overlays=${overlaysCompat}"
    ];
    # Make sudoers trusted nix users
    trustedUsers = [ "@wheel" ];

    binaryCaches = [
      "https://nix-cache.sbruder.de/"
    ];
    binaryCachePublicKeys = [
      "nix-cache.sbruder.de-1:bU13eF6IMMW2hgO7StgB6JCAoZPeAQ27NAzV0kru1XM="
    ];

    # On-the-fly optimisation of nix store
    autoOptimiseStore = true;
    extraOptions = ''
      # Binary cache upload
      secret-key-files = ${config.sops.secrets.binary-cache-secret-key.path}
      netrc-file = ${config.sops.secrets.nix-netrc.path}

      experimental-features = nix-command flakes
    '' + lib.optionalString config.sbruder.full ''
      # Keep output of derivations with gc root
      keep-outputs = true
      keep-derivations = true
    '';

    # Make nix build in background less noticeable
    daemonNiceLevel = 10;
    daemonIONiceLevel = 5; # 0-7
  };

  nixpkgs.overlays = [
    (import ../pkgs)
    (final: prev: {
      unstable = import (import ../nix/sources.nix).nixpkgs-unstable {
        config = config.nixpkgs.config;
        overlays = config.nixpkgs.overlays;
      };
    })
  ];
}