{ config, pkgs, lib, ... }:

{
  nixpkgs.overlays = lib.singleton
  (self: super:
    { maxwell-notify = self.callPackage ./custom/packages/maxwell-notify.nix
        { homeserver = "https://${config.var.hostname}/_matrix/client/r0";
          roomId     = "!FsUSHSNMPMVTFFcvJo:maxwell.ydns.eu";
          authToken  = config.secrets.passwords.matrix;
        };
      haskellPackages = super.haskellPackages.extend (hself: hsuper:
        { namecoin-update =  hself.callCabal2nix "namecoin-update" (builtins.fetchTarball {
            url = "https://hackage.haskell.org/package/namecoin-update-0.2.3.0/namecoin-update-0.2.3.0.tar.gz";
          }) {};
        });
    });

  environment.systemPackages = with pkgs; [
    # utilities
    iftop curl tree neovim
    nix-script openssl
    jq ack sshfs abduco

    # backup
    bup git nfs-utils

    # admin
    dnsutils
    matrix-synapse
    maxwell-notify
    smartmontools
  ];

  # OpenSSL 3.0.7 patch
  system.replaceRuntimeDependencies = lib.singleton {
    original = pkgs.openssl_3.out;
    replacement = (pkgs.openssl_3.overrideAttrs (old: {
      patches = old.patches ++ [
        (pkgs.fetchpatch {
          name = "CVE-2022-3602.patch";
          url = "https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3.patch";
          sha256 = "sha256-+CrWEz6JIbO3n33RyzJ+l+3zlJ7AhyrTcvF9BDgOj+U=";
        })
        (pkgs.fetchpatch {
          name = "CVE-2022-3786.patch";
          url = "https://github.com/openssl/openssl/commit/c42165b5706e42f67ef8ef4c351a9a4c5d21639a.patch";
          sha256 = "sha256-ZjsyOdgaRi1w16/BNlGFRokOEzfUeYFf3z90ezConF0=";
        })
      ];
    })).out;
  };

}