{
  networking.hostName = "nix-www";
  users.users.root.openssh.authorizedKeys.keys = [
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2''
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2''
  ];

  nix = {
    settings = {
      substituters = [
        "https://cache.nixos.org/"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
      ];
      experimental-features = [
        "nix-command"
        "flakes"
      ];
    };
    gc = {
      automatic = true;
      dates = "daily";
      options = "--delete-older-than 7d";
    };
    optimise.automatic = true;
  };

  system = {
    stateVersion = "24.11";
    # enable auto updates
    autoUpgrade = {
      enable = true;
      allowReboot = true;
      dates = "daily";
      flake = "git+https://git.berlin.ccc.de/cccb-website-team/nix-config.git";
    };
  };

  services.openssh = {
    enable = true;
    openFirewall = true;
    settings = {
      PermitRootLogin = "without-password";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
  };

  networking.firewall = {
    enable = true;
    # checkReversePath = "loose";
  };

  programs = {
    zsh.enable = true;
    htop.enable = true;
    iotop.enable = true;
    git.enable = true;
    nano = {
      enable = true;
      syntaxHighlight = true;
    };
  };
}