{ config, lib, pkgs, ... }:
let
  nixKey = "/var/lib/nix/binary-cache-key" ;
in {
  # it's already default
  lix.enable = false;
  init.services.nix-key-setup = {
    description = "Generate a nix build signing key";
    startType = "oneshot";
    startCommand = [ (pkgs.writeScript "nix-key-setup" ''
      test -f ${nixKey} && test -f ${nixKey}.pub && exit 0 || true
      mkdir -p "$(dirname "${nixKey}")"
      ${config.nix.package}/bin/nix-store --generate-binary-cache-key ${config.networking.hostName} ${nixKey} ${nixKey}.pub
    '') ];
    dependencies = [ "FILESYSTEMS" ];
    before = [ "nix-daemon" ];
  };

  environment.systemPackages = with pkgs; [
    freebsd.truss
  ];
}