{
  config,
  modulesPath,
  pkgs,
  ...
}:

{
  imports = [
    (modulesPath + "/virtualisation/proxmox-lxc.nix")
  ];

  systemd.suppressedSystemUnits = [
    "dev-mqueue.mount"
    "sys-kernel-debug.mount"
    "sys-fs-fuse-connections.mount"
  ];

  nix = {
    optimise = {
      automatic = true;
      dates = "weekly";
    };
    settings = {
      auto-optimise-store = true;
      sandbox = false;
      # Allow remote updates
      trusted-users = [
        "root"
        "@wheel"
      ];
      experimental-features = [
        "nix-command"
        "flakes"
      ];
    };
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 14d";
    };
  };

  nixpkgs.hostPlatform = "x86_64-linux";

  environment.systemPackages = with pkgs; [
    vim
    git
  ];

  proxmoxLXC = {
    manageNetwork = false;
    manageHostName = false;
    privileged = false;
  };

  users.users.root = {
    packages = with pkgs; [
      kitty # for terminfo
      fastfetch # for shits and giggles
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICW1+Ml8R9x1LCJaZ8bIZ1qIV4HCuZ6x7DziFW+0Nn5T xengi@kanae_2022-12-09"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmb+mJfo84IagUaRoDEqY9ROjjQUOQ7tMclpN6NDPrX xengi@kota_2022-01-16"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyklb7dvEHH0VBEMmTUQFKHN6ekBQqkDKj09+EilUIQ xengi@lucy_2018-09-08"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjv9W8WXq9QGkgmANNPQR24/I1Pm1ghxNIHftEI+jlZ xengi@mayu_2021-06-11"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhyfD+8jMl6FDSADb11sfAsJk0KNoVzjjiDRZjUOtmf xengi@nana_2019-08-16"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPtGqhV7io3mhIoZho4Yf7eCo0sUZvjT2NziM2PkXSo xengi@nyu_2017-10-11"
    ];
  };

  networking = {
    domain = "berlin.ccc.de";
    nameservers = [
      "2606:4700:4700::1111#one.one.one.one"
      "2620:fe::fe#dns.quad9.net"
      "1.1.1.1#one.one.one.one"
      "9.9.9.9#dns.quad9.net"
    ];
    useDHCP = false;
    useNetworkd = true;
    dhcpcd.enable = false;
    nftables.enable = true;
    tempAddresses = "disabled";
    firewall.enable = true;
  };

  time.timeZone = "Europe/Berlin";
  i18n.defaultLocale = "en_GB.UTF-8";
  console.font = "Lat2-Terminus16";

  services = {
    fstrim.enable = false; # Let Proxmox host handle fstrim
    # Cache DNS lookups to improve performance
    resolved = {
      enable = true;
      dnssec = "allow-downgrade";
      dnsovertls = "true";
      extraConfig = ''
        Cache=true
        CacheFromLocalhost=true
      '';
    };
  };

  programs = {
    mtr.enable = true;
    vim = {
      enable = true;
      defaultEditor = true;
    };
    htop = {
      enable = true;
    };
    tmux = {
      enable = true;
      terminal = "screen-256color";
      shortcut = "a";
      newSession = true;
      clock24 = true;
    };
    ssh.startAgent = true;
  };

  security = {
    acme = {
      acceptTerms = true;
      defaults = {
        validMinDays = 14;
        renewInterval = "daily";
        email = "acme@xengi.de";
        group = "nginx";
      };
    };
  };
}