{ config, lib, pkgs, inputs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./disko-config.nix
    ../server.nix
  ];

  networking = {
    hostId = "08ac2f14";
    domain = "mesh.vimium.net";
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22    # SSH
      ];
    };
  };

  users = {
    users = {
      root = {
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
        ];
      };
    };
  };

  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

  security.acme.defaults = {
    email = "hostmaster@vimium.com";
    group = "nginx";
    webroot = "/var/lib/acme/acme-challenge";
  };

  modules = {
    services = {
      borgmatic = {
        enable = true;
        directories = [
          "/var/lib"
        ];
        repoPath = "ssh://kg2mpt28@kg2mpt28.repo.borgbase.com/./repo";
      };
      mail.enable = true;
    };
  };

  system.stateVersion = "22.11";
}