{ pkgs, lib, ... }:
{
  imports = [
    ./hardware-configuration.nix
    ./rspamd.nix
    # ./goaccess.nix
    ./nextcloud.nix
    ./backup.nix
    ./users.nix
    ./kicker.nix
    ./mailserver.nix
    ./acme.nix
    ./forgejo.nix
    ./nginx.nix
    ./network.nix
  ];

  metacfg = {
    base.enable = true;
    nix.enable = true;
    podman.enable = true;
    secureboot.enable = false;
  };

  security = {
    tpm2.enable = lib.mkDefault true;
    tpm2.abrmd.enable = lib.mkDefault true;
  };

  system.autoUpgrade = {
    enable = true;
    dates = "04:00";
    operation = "switch";
    allowReboot = true;
    flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
  };

  nix.gc = {
    dates = "daily";
    options = "--delete-older-than 7d";
  };

  programs.git.config.safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";

  environment.systemPackages = with pkgs; [
    age
    apacheHttpd # for mkpasswd
    efibootmgr
    fgallery
    git
    htop
    mdadm
    rrsync
    tpm2-pkcs11
    tpm2-pkcs11.out
    tpm2-tools
    zola
  ];

  sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];

  services.openssh = {
    enable = true;
    hostKeys = [
      {
        path = "/var/lib/secrets/ssh_host_ed25519_key";
        type = "ed25519";
      }
      {
        path = "/var/lib/secrets/ssh_host_rsa_key";
        type = "rsa";
        bits = 4096;
      }
    ];
  };

  systemd.services = {
    check_boot = {
      serviceConfig = {
        Type = "oneshot";
        Environment = "PATH=/run/current-system/sw/bin";
        ExecStart = toString (
          pkgs.writeShellScript "check_boot.sh" ''
            CURRENT=$(df /boot | grep /boot | awk '{ print $5}' | sed 's/%//g')
            THRESHOLD=85

            if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
                ${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
            Your /boot partition remaining free space is critically low. Used: $CURRENT%
            EOF
            fi
          ''
        );
      };
      wantedBy = [ "default.target" ];
    };
  };

  systemd.timers = {
    check_boot = {
      timerConfig = {
        OnCalendar = "daily";
      };
      wantedBy = [ "timers.target" ];
    };
  };

  systemd.services = {
    check_root = {
      serviceConfig = {
        Type = "oneshot";
        Environment = "PATH=/run/current-system/sw/bin";
        ExecStart = toString (
          pkgs.writeShellScript "check_root.sh" ''
            CURRENT=$(df / | grep / | awk '{ print $5}' | sed 's/%//g')
            THRESHOLD=85

            if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
                ${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
            Your root partition remaining free space is critically low. Used: $CURRENT%
            EOF
            fi
          ''
        );
      };
      wantedBy = [ "default.target" ];
    };
  };

  systemd.timers = {
    check_root = {
      timerConfig = {
        OnCalendar = "daily";
      };
      wantedBy = [ "timers.target" ];
    };
  };

  system.stateVersion = "23.05";
}