{ config, pkgs, lib, ... }:

with lib;

let

  configure_network = pkgs.writeScriptBin "configure-network" ''
    ifdisplay=""
    while true; do
      ifdisplay_new=$(ipconfig -t 10 all)
      ipconfig_status=$?

      # Only show network config if something changes
      if [[ "$ifdisplay" != "$ifdisplay_new" ]]; then
        ifdisplay=$ifdisplay_new
        echo
        echo "$ifdisplay"
        echo
      fi

      # Wait a little before checking again
      if [[ $ipconfig_status == 0 ]]; then
        sleep 5
      fi
    done
  '';

in {

  boot.initrd.network.enable = true;
  boot.initrd.network.ssh = {
    enable = true;
    port = 1022;
    #shell = "/bin/cryptsetup-askpass";
    authorizedKeys = config.users.users.clerie.openssh.authorizedKeys.keys;
    hostKeys = [
      "/var/src/secrets/initrd/ssh_host_ed25519_key"
    ];
  };

  boot.initrd.extraFiles."/root/.ash_history".source = pkgs.writeText ".ash_history" ''
    cryptsetup-askpass
  '';

  boot.initrd.kernelModules = [
    "igc" # integrated rj45 network interface
    "cdc_ether" # external 5G modem via usb
  ];

  boot.initrd.extraUtilsCommands = ''
    copy_bin_and_libs ${configure_network}/bin/configure-network
  '';

  boot.initrd.network.postCommands = mkBefore ''
    configure-network &
  '';

  boot.initrd.postMountCommands = mkBefore ''
    pkill -x configure-network

    # Override the previously set interfaces with the ones that really exist
    ifaces=$(ip -o link show | grep "link/ether" | cut -d: -f2 | xargs -n 1)
  '';

  boot.initrd.network.wireguard = {
    enable = true;
    ipv6s = [ "2a01:4f8:c0c:15f1::8110/128" ];
    ipv4s = [ "10.20.30.110/32" ];
    privateKeyFile = "/var/src/secrets/wireguard/wg-initrd";
  };

}