{ pkgs, ... }:
let
  prepare-host-script = pkgs.writeShellScriptBin "prepare-host.sh"
    ''
      echo "Removing machine-id"
      rm -f /etc/machine-id || true

      echo "Removing SSH host keys"
      rm -f /etc/ssh/ssh_host_* || true

      echo "Restarting SSH"
      systemctl restart sshd

      echo "Removing temporary files"
      rm -rf /tmp/* || true

      echo "Removing logs"
      journalctl --rotate || true
      journalctl --vacuum-time=1s || true

      echo "Removing cache"
      rm -rf /var/cache/* || true

      echo "Generate age key"
      rm -rf /var/lib/sops-nix || true
      mkdir -p /var/lib/sops-nix
      ${pkgs.age}/bin/age-keygen -o /var/lib/sops-nix/key.txt
    '';
in
{
  environment.systemPackages = [ prepare-host-script ];
  users.motd = "Prepare host by running 'prepare-host.sh'.";
}