{ inputs, outputs, lib, config, pkgs, ... }: {
  imports = [
    ./hardware-configuration.nix
    ../common/users/m3tam3re
    ../common/base
    ./services
  ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  services.openssh.enable = true;
  services.openssh.settings.PasswordAuthentication = false;
  networking = {
    hostName = "m3-r1";
    firewall.enable = true;
    firewall.allowedTCPPortRanges = [{
      from = 3000;
      to = 3100;
    }];
    firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
    firewall.allowedUDPPorts = [ 53 51820 41641 ];
    firewall.allowedUDPPortRanges = [{
      from = 3478;
      to = 3481;
    }];
  };
  programs.fish.enable = true;
  age = {
    secrets = {
      mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
      mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
      openai.file = ../../secrets/openai.age;
      tailscale-key.file = ../../secrets/tailscale-key.age;

      vaultwarden-env = {
        file = ../../secrets/vaultwarden-env.age;
        mode = "770";
      };
      n8n-env = {
        file = ../../secrets/n8n-m3r1.age;
        mode = "770";
      };

      traefik-env = {
        file = ../../secrets/traefik-env.age;
        mode = "770";
        owner = "traefik";
      };

      searx-environmentFile = {
        file = ../../secrets/searx-environmentFile.age;
        mode = "770";
        owner = "searx";
      };

      littlelink-m3tam3re-env = {
        file = ../../secrets/littlelink-m3tam3re-env.age;
        mode = "770";
      };
    };
    identityPaths = [ "/root/.ssh/lkk-nix-1" ];
  };

  nix = {
    extraOptions = ''
      experimental-features = nix-command
      keep-outputs = true
      keep-derivations = true
    '';

    settings = {
      experimental-features = "nix-command flakes";
      trusted-users = [ "root" "m3tam3re" ];
    };
    gc = {
      automatic = true;
      options = "--delete-older-than 30d";
    };
    optimise.automatic = true;
    registry = (lib.mapAttrs (_: flake: { inherit flake; }))
      ((lib.filterAttrs (_: lib.isType "flake")) inputs);
    nixPath = [ "/etc/nix/path" ];
  };

  environment.etc = lib.mapAttrs' (name: value: {
    name = "nix/path/${name}";
    value.source = value.flake;
  }) config.nix.registry;

  systemd.extraConfig = ''
    DefaultTimeoutStopSec=10s
  '';
  nixpkgs = {
    overlays = [
      outputs.overlays.additions
      outputs.overlays.modifications
      outputs.overlays.stable-packages
    ];
    config = { allowUnfree = true; };
  };

  system.stateVersion = "23.05"; # Did you read the comment?
}