{ pkgs, ... }:
{
  imports = [
    ./prometheus-node-exporter.nix
    ./nginx.nix
    ../../users/colmena-deploy
    ../../users/yuri
  ];

  time.timeZone = "Europe/Berlin";

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    keyMap = "de-latin1";
  };

  security.sudo.wheelNeedsPassword = false;

  nix.settings = {
    trusted-users = [ "colmena-deploy" ];
    auto-optimise-store = true;
    experimental-features = [ "nix-command" "flakes" ];
  };

  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 30d";
  };

  environment.systemPackages = with pkgs; [
    htop
    parted
    tmux
    nano
  ];

  services.openssh = {
    enable = true;
    openFirewall = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin = "no";
    };
  };

  security.acme = {
    defaults.email = "acme@grzb.de";
    acceptTerms = true;
    preliminarySelfsigned = true;
  };

  services.fstrim.enable = true;
}