_: {
  imports = [
    ./hardware-configuration.nix
    ./storage.nix
    ./networking.nix
    ./services
  ];

  custom.machine = {
    type = "server";
    capabilities = [
      "cli"
    ];
  };

  networking.nameservers = [
    "1.1.1.1"
    "9.9.9.9"
  ];

  networking = {
    hostName = "fili";
    networkmanager.enable = true;
  };

  nix.settings = {
    # users that can interact with nix
    trusted-users = [
      "jana"
      "root"
    ];
  };

  boot.initrd = {
    supportedFilesystems = [ "nfs" ];
    kernelModules = [ "nfs" ];
  };

  # use systemd-boot as bootloader
  boot.loader.systemd-boot.enable = true;

  # secrets
  sops.age.keyFile = "/sops/sops-key.txt";
  sops.defaultSopsFormat = "dotenv";

  users.extraUsers.jana.extraGroups = [
    "storage"
    "syncthing"
    "jellyfin"
    "media"
    "nginx"
  ];
}