{
  lib,
  ...
}:

{
  imports = [
    ./hardware-configuration.nix
    ./coturn.nix
    ./gitea.nix
    ./headscale.nix
    ./kanidm.nix
    ./matrix.nix
    ./outline.nix
    ./photoprism.nix
    ../server.nix
  ];

  nixpkgs = {
    hostPlatform = "x86_64-linux";
  };

  networking = {
    hostId = "08bf6db3";
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22 # SSH
      ];
    };
  };

  users = {
    users = {
      jellyfin = {
        isSystemUser = true;
        group = "jellyfin";
        shell = "/bin/sh";
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin"
        ];
      };
      root = {
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
        ];
      };
    };
    groups = {
      jellyfin = { };
    };
  };

  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

  modules = {
    services = {
      borgmatic = {
        enable = true;
        directories = [
          "/home"
          "/var/lib"
          "/var/www"
        ];
        repoPath = "ssh://p91y8oh7@p91y8oh7.repo.borgbase.com/./repo";
      };
      nginx.enable = true;
      postgresql.enable = true;
    };
  };

  system.stateVersion = "22.11";
}