{ pkgs, lib, ... }:
{
  imports = [
    ./prometheus-node-exporter.nix
    ./nginx.nix
    ../users/colmena-deploy
    ../users/yuri
  ];

  time.timeZone = "Europe/Berlin";

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    keyMap = "de-latin1";
  };

  security.sudo.wheelNeedsPassword = false;

  nix.settings = {
    trusted-users = [ "colmena-deploy" ];
    auto-optimise-store = true;
    experimental-features = [ "nix-command" "flakes" ];
  };

  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 30d";
  };

  environment.systemPackages = with pkgs; [
    htop
    parted
    tmux
    nano
  ];

  services.openssh = {
    enable = true;
    openFirewall = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin = lib.mkForce "no";
    };
  };

  security.acme = {
    defaults.email = "acme@grzb.de";
    acceptTerms = true;
    preliminarySelfsigned = true;
  };

  # Print the ed25519 public ssh host key to console when booting
  systemd.units."print-public-ssh-host-key.service" = {
    enable = true;
    text = ''
      [Unit]
      Description=print-public-ssh-host-key.service
      Before=getty@tty1.service
      After=sshd.service

      [Service]
      Type=oneshot
      ExecStart=/run/current-system/sw/bin/bash -c "/run/current-system/sw/bin/echo -e \"----- ED25519 PUBLIC SSH HOST KEY -----\
                \n$(/run/current-system/sw/bin/cut -d ' ' -f 1-2 /etc/ssh/ssh_host_ed25519_key.pub)\""
      RemainAfterExit=no
      StandardOutput=tty
    '';
    wantedBy = [ "multi-user.target" ];
  };

  services.fstrim.enable = true;
}