{
  modulesPath,
  lib,
  pkgs,
  ...
}:
{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    (modulesPath + "/profiles/qemu-guest.nix")
    ./disk-config.nix
    ../common/global
  ];
  boot.loader.grub = {
    # no need to set devices, disko will add all devices that have a EF02 partition to the list already
    # devices = [ ];
    efiSupport = true;
    efiInstallAsRemovable = true;
  };
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
    extraConfig = ''
      Match user git
        AllowTcpForwarding no
	AllowAgentForwarding no
	PasswordAuthentication no
	PermitTTY no
	X11Forwarding no
    '';
  };

  networking.hostName = "antares";

  virtualisation.podman = {
    enable = true;
    dockerCompat = true;
    autoPrune = {
      enable = true;
      dates = "weekly";
      flags = [
        "--filter=until=24h"
	"--filter=label!=important"
      ];
    };
    defaultNetwork.settings.dns_enabled = true;

  };

  services.gitweb = {
    projectroot = "/srv/git";
    gitwebTheme = true;
    extraConfig = ''
      our $site_name = 'git.dkaiser.de';
      $omit_owner = true;
      $projects_list_description_width = 25;
    '';
  };

  services.nginx = {
    enable = true;

    gitweb = {
      enable = true;
      location = "";
      virtualHost = "git.dkaiser.de";
    };
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    virtualHosts."git.dkaiser.de" = {
      forceSSL = true;
      enableACME = true;
    };

    virtualHosts."dkaiser.de" = {
      forceSSL = true;
      enableACME = true;
      root = "/var/www/dkaiser.de";
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "dominik-kaiser@mailbox.org";
    };
  };

  environment.systemPackages = map lib.lowPrio [
    pkgs.curl
    pkgs.gitMinimal
    pkgs.podman-compose
  ];

  users.users.dk = {
    isNormalUser = true;
    description = "Dominik Kaiser";
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtL2eG098LhkFPR4N5e44XMq60uvCUCOuKMYs5zjg6f"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAyqscjK+LsOvAMbIyDtIoWAZwTeDLv9Mu9WAlDUPLyL"
    ];
  };
  users.users.git = {
    isSystemUser = true;
    group = "git";
    home = "/srv/git";
    shell = "${pkgs.git}/bin/git-shell";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtL2eG098LhkFPR4N5e44XMq60uvCUCOuKMYs5zjg6f"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzU5XXItAaMCLOLGvhWpd/i45v++68Ooo3rBpztS/kC"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAyqscjK+LsOvAMbIyDtIoWAZwTeDLv9Mu9WAlDUPLyL"
    ];
  };
  users.users.mcserver = {
    isSystemUser = true;
    group = "mcserver";
    home = "/srv/mcserver";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtL2eG098LhkFPR4N5e44XMq60uvCUCOuKMYs5zjg6f"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAyqscjK+LsOvAMbIyDtIoWAZwTeDLv9Mu9WAlDUPLyL"
    ];
  };

  services.gitDaemon = {
    enable = true;
    user = "git";
    basePath = "/srv/git";
    exportAll = true;
  };

  users.groups.git = {};
  users.groups.mcserver = {};

  networking.firewall.allowedTCPPorts = [ 80 443 9418 53 ];
  networking.firewall.allowedUDPPorts = [ 53 ];


  systemd.tmpfiles.rules = [
    "d /srv/git 755 git git - -"
  ];

  system.stateVersion = "24.05";
}