{ config, lib, pkgs, ... }:

{
  imports = [
    ./common.nix
  ];

  documentation.enable = false;

  security = {
    acme.acceptTerms = true;
    auditd.enable = true;
    audit = {
      enable = true;
      rules = [
        "-a exit,always -F arch=b64 -S execve"
      ];
    };
  };

  modules.networking.tailscale = {
    enable = true;
    restrictSSH = false;
  };
}