{ config, pkgs, lib, ... }:

# Note: This implementation currently only allows eno1 (first interface) with dhcp.
let
  ip = "10.1.2.2";
  gateway = "10.1.2.1";
  netmask = "255.255.255.0";
  hostname = config.networking.hostName;
  primaryInterface = "eno1";
in {
  boot.initrd.network = {
    enable = true;
    ssh = {
      enable = true;
      port = 2222;
      authorizedKeys = with lib;
        concatLists (mapAttrsToList (name: user:
          if elem "wheel" user.extraGroups then
            user.openssh.authorizedKeys.keys
          else
            [ ]) config.users.users);
      hostRSAKey = /boot/dropbear_rsa_host_key;
      hostECDSAKey = /boot/dropbear_ecdsa_host_key;
      # Key generation with dropbearkey -t <type> -f <output-keyfile>
    };
    postCommands = ''
      echo 'cryptsetup-askpass' >> /root/.profile
    '';
  };

  boot.kernelParams = [
    "ip=${ip}::${gateway}:${netmask}:${hostname}:${primaryInterface}:none"
  ]; # see https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt

  boot.initrd.postMountCommands = ''
    ip link set ${primaryInterface} down
  '';
}