{
  pkgs,
  lib,
  ...
}: let
  vars = import ../../vars.nix;
in {
  imports = [../common/global/locale.nix];
  # NixOS wants to enable GRUB by default
  boot.loader.grub.enable = false;
  # Enables the generation of /boot/extlinux/extlinux.conf
  boot.loader.generic-extlinux-compatible.enable = true;

  # !!! Set to specific linux kernel version
  boot.kernelPackages = pkgs.linuxPackages;

  # Disable ZFS on kernel 6
  boot.supportedFilesystems = lib.mkForce [
    "vfat"
    "xfs"
    "cifs"
    "ntfs"
  ];

  # !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
  # If X.org behaves weirdly (I only saw the cursor) then try increasing this to 256M.
  # On a Raspberry Pi 4 with 4 GB, you should either disable this parameter or increase to at least 64M if you want the USB ports to work.
  boot.kernelParams = ["cma=256M"];

  # File systems configuration for using the installer's partition layout
  fileSystems = {
    # Prior to 19.09, the boot partition was hosted on the smaller first partition
    # Starting with 19.09, the /boot folder is on the main bigger partition.
    # The following is to be used only with older images.
    /*
    "/boot" = {
    device = "/dev/disk/by-label/NIXOS_BOOT";
    fsType = "vfat";
    };
    */
    "/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
    };
  };

  # !!! Adding a swap file is optional, but strongly recommended!
  swapDevices = [
    {
      device = "/swapfile";
      size = 1024;
    }
  ];

  # systemPackages
  environment.systemPackages = with pkgs; [
    neovim
    curl
    wget
  ];

  services.openssh = {
    enable = true;
    settings.PermitRootLogin = "yes";
  };

  services.restic.server = {
    enable = true;
    dataDir = "/mnt/backups";
    extraFlags = ["--no-auth"];
  };

  services.tailscale = {
    enable = true;
    useRoutingFeatures = "server";
  };

  virtualisation.docker.enable = true;

  networking.firewall.enable = false;

  # Networking
  networking.useDHCP = true;

  # forwarding
  boot.kernel.sysctl = {
    "net.ipv4.conf.all.forwarding" = true;
    "net.ipv6.conf.all.forwarding" = true;
    "net.ipv4.tcp_ecn" = true;
  };

  # put your own configuration here, for example ssh keys:
  users.mutableUsers = true;
  users.users.nixos = {
    isNormalUser = true;
    password = "changeme";
    extraGroups = ["wheel" "docker"];
    openssh.authorizedKeys.keys = [
      #Adalbert
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJd6Gut34abkwlZ4tZVBO4Qt7CkIpPm/Z8R6JCisjnYy openpgp:0xBD0CFCA0"

      #Ludwig
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"

      #Franz
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIINCjLoirHMos7c9lRatWtSYAk68xbUGc8vPU0wFxIzj openpgp:0x7430326E"
    ];
  };
  users.users.admin = {
    isNormalUser = true;
    extraGroups = ["wheel"]; # Enable ‘sudo’ for the user.
    hashedPassword = "blablabla"; # generate with `mkpasswd`
  };
  nix.settings.trusted-users = ["admin" "ghoscht" "nixos"];

  system.stateVersion = "23.11";
}