{ pubkeys, ... }:
{
  imports = [
    ./hardware-configuration.nix
  ];

  modules = {
    services.tailscale = {
      enable = true;
      tags = [
        "server"
        "backup"
      ];
      extraFlags = [ "--accept-dns=false" ]; # Want to disable that since *server* can't access the private dns... for now
    };
    services = {
      rsync-daemon = {
        enable = true;
        port = 9523;
        openFirewall = true;
        address = "100.64.0.6";
        modules = [
          {
            name = "image-backup";
            comment = "ftp export area";
            mode = "write";
          }
          {
            name = "brontes-backup";
            comment = "brontes's backup space";
            mode = "write";
          }
        ];
      };
    };
  };

  boot.initrd.systemd.tpm2.enable = false;

  system.stateVersion = "24.11";
}