{ pkgs, ... }: {
  imports = [
    ./hardware-configuration.nix
    ../common/users/m3tam3re
    ../common/base
    ./services
  ];

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only

  services.openssh.enable = true;
  services.openssh.passwordAuthentication = false;
  networking = {
    hostName = "lkk-nix-1";
    firewall.enable = true;
    firewall.allowedTCPPortRanges = [{
      from = 3000;
      to = 3100;
    }];
    firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
    firewall.allowedUDPPorts = [ 53 51820 ];
    firewall.allowedUDPPortRanges = [{
      from = 3478;
      to = 3481;
    }];
  };

  age = {
    secrets = {
      mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
      mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;

      billbee-api-key = {
        file = ../../secrets/billbee-api-key.age;
        mode = "770";
        owner = "n8n";
      };

      traefik-env = {
        file = ../../secrets/traefik-env.age;
        mode = "770";
        owner = "traefik";
      };
      searx-environmentFile = {
        file = ../../secrets/searx-environmentFile.age;
        mode = "770";
        owner = "searx";
      };
      wg-easy-environmentFile = {
        file = ../../secrets/wg-easy-environmentFile.age;
        mode = "770";
      };
      briefkasten-env = {
        file = ../../secrets/briefkasten-env.age;
        mode = "770";
      };
      littlelink-lanakk-env = {
        file = ../../secrets/littlelink-lanakk-env.age;
        mode = "770";
      };
    };
    identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ];
  };

  nix = {
    gc = {
      automatic = true;
      options = "--delete-older-than 30d";
    };
    optimise.automatic = true;
  };
  system.stateVersion = "22.11"; # Did you read the comment?
}