{
  modulesPath,
  pubkeys,
  ...
}:
{
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
    ./disk-config.nix
    ./adguard.nix
  ];

  swapDevices = [
    { device = "/dev/disk/by-uuid/cc568199-7a9b-4aa2-83f8-2a63982ff4f1"; }
  ];

  age.secrets = {
    navidrome.file = ../../secrets/navidrome.age;
    adguard-dns-list = {
      file = ../../secrets/adguard-dns-list.age;
      mode = "444";
    };
  };

  boot.loader.grub = {
    efiSupport = true;
    efiInstallAsRemovable = true;
  };

  modules = {
    container = {
      kitchenowl = {
        enable = true;
        openFirewall = true;
        version = "v0.5.2";
      };
      nginxproxymanager = {
        enable = true;
      };
    };

    server = {
      paperless = {
        enable = true;
        openPort = true;
        settings = {
          PAPERLESS_URL = "https://paperless.ccnlc.eu";
          PAPERLESS_OCR_USER_ARGS = {
            invalidate_digital_signatures = true;
          };
        };
      };

      navidrome = {
        enable = true;
        library = {
          path = "/mnt/music";
          type = "nfs";
          source = {
            ip = "192.168.178.21";
            path = "/mnt/Fort/data/music";
          };
        };
        settings = {
          Address = "0.0.0.0";
          Port = 4533;
        };
      };
    };

    services = {
      tailscale = {
        enable = true;
        isExitNode = true;
        tags = [ "server" ];
      };

      rsync-backup = {
        enable = true;
        modules = [
          {
            sources = [ "/var/lib/paperless" ];
            target = {
              location = "paperless-backup";
              type = "rsyncd";
              host = "nihilus";
            };
            incremental.enable = true;
          }
          {
            sources = [ "/var/lib/immich" ];
            target = {
              location = "immich-backup";
              type = "rsyncd";
              host = "nihilus";
            };
            incremental.enable = true;
          }
          {
            sources = [ "/mnt/music" ];
            target = {
              location = "music-backup";
              type = "rsyncd";
              host = "nihilus";
            };
            incremental.enable = true;
          }
          {
            sources = [ "/mnt/shows" ];
            target = {
              location = "shows-backup";
              type = "rsyncd";
              host = "nihilus";
            };
            incremental.enable = true;
          }
          {
            sources = [ "/mnt/movies" ];
            target = {
              location = "movies";
              type = "rsyncd";
              host = "nihilus";
            };
            incremental.enable = true;
          }
        ];
      };
    };
  };

  services = {
    openssh.enable = true;

    jellyfin = {
      enable = true;
      openFirewall = true;
    };

    immich = {
      enable = true;
      openFirewall = true;
      host = "0.0.0.0";
    };
  };

  #  security.acme = {
  #certs = {
  #"ccnlc.eu" = {
  #dnsProvider = "ovh";
  #dnsResolver = "9.9.9.9";
  #extraDomainNames = [ "*.ccnlc.eu" ];
  #environmentFile = "/var/secrets/ovh-ccnlc";
  #};
  #};
  #};

  fileSystems = {
    "/mnt/shows" = {
      device = "192.168.178.21:/mnt/Fort/data/shows";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "ro"
      ];
    };

    "/mnt/movies" = {
      device = "192.168.178.21:/mnt/Fort/data/movies";
      fsType = "nfs";
      options = [
        "x-systemd.automount"
        "ro"
      ];
    };
  };

  users.users.root.openssh.authorizedKeys.keys = [ pubkeys.ny ];

  system.stateVersion = "23.11";
}