{ inputs, config, ... }:
let
  sshKeys = import ../ssh_keys.nix;
in
{
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets.wg_private = {};

  imports =
    [ # Include the results of the hardware scan.
      #./hardware-configuration.nix
      ../modules/malobeo_user.nix
      ../modules/sshd.nix
      ../modules/minimal_tools.nix
      ../modules/autoupdate.nix
      inputs.self.nixosModules.malobeo.initssh
      inputs.self.nixosModules.malobeo.disko
    ];

  malobeo.autoUpdate = {
    enable = true;
    url = "https://hydra.dynamicdiscord.de";
    project = "malobeo";
    jobset = "infrastructure";
    cacheurl = "https://cache.dynamicdiscord.de";
  };

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  malobeo.disks = {
    enable = true;
    hostId = "a3c3101f";
    root = {
      disk0 = "disk/by-id/ata-SAMSUNG_MZ7LN256HCHP-000L7_S20HNAAH200381";
    };
    storage = {
      disks = ["disk/by-id/wwn-0x50014ee265b53b60" "disk/by-id/wwn-0x50014ee2bb0a194a"];
      mirror = true;
    };
  };

  malobeo.initssh = {
    enable = true;
    authorizedKeys = sshKeys.admins;
    ethernetDrivers = ["r8169"];
  };

  services.malobeo.vpn = {
    enable = true;
    name = "vpn";
    privateKeyFile = config.sops.secrets.wg_private.path;
  };

  services.tor = {
    enable = true;
    client.enable = true;
  };

  # needed for printing drivers
  nixpkgs.config.allowUnfree = true; 

  services.acpid.enable = true;

  networking.hostName = "fanny";
  networking.networkmanager.enable = true;

  virtualisation.vmVariant.virtualisation.graphics = false;

  time.timeZone = "Europe/Berlin";
  system.stateVersion = "23.05"; # Do.. Not.. Change..
}