{ pkgs, ... }:
{
  imports = [
    ./hardware-configuration.nix
    ./fileserver.nix
    ./backup.nix
    ./network.nix
    ./openwebui.nix
    ./acme.nix
    ./nginx.nix
    ./mail.nix
    ./wyoming.nix
  ];

  boot.tmp.useTmpfs = false;

  sops.secrets.pccs.sopsFile = ../../../.secrets/sgx/pccs.yaml;
  sops.secrets.backup-pw.sopsFile = ../../../.secrets/sgx/backup-s3.yaml;

  environment.systemPackages = with pkgs; [
    claude-code
  ];

  services.tailscale.enable = true;

  metacfg = {
    services.nginxBase.enable = true;
    services.acmeBase.enable = true;
    system.noSleep = {
      enable = true;
      disableGdmAutoSuspend = true;
      ignoreLidSwitch = true;
    };
    emailOnFailure.enable = true;
    base.enable = true;
    gui.enable = true;
    nix-ld.enable = true;
    nix.enable = true;
    podman.enable = true;
    secureboot.enable = true;
    user.extraGroups = [
      "docker"
      "libvirtd"
    ];
    tools = {
      direnv.enable = true;
    };
  };

  virtualisation = {
    docker.enable = false;
    libvirtd.enable = true;
    podman.dockerCompat = true;
  };

  #systemd.services.libvirt-guests.after = [ "network-online.target" ];
  services.cratedocs-mcp = {
    enable = true;
    openFirewall = true;
  };

  system.autoUpgrade = {
    enable = true;
    operation = "switch";
    allowReboot = true;
  };

  system.stateVersion = "23.11";
}