{ nix-config, pkgs, inputs, ... }:{

  imports = with nix-config.nixosModules; [
    ./hardware-configuration.nix
    ./disko-config.nix

    forgejo
  ];

  nixpkgs = {
    config = {
      allowUnfree = true;
    };
    overlays = builtins.attrValues nix-config.overlays ++ [
      inputs.nh.overlays.default
    ];
  };

  nix = {
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      substituters = [
        "https://nix-community.cachix.org"
        "https://cache.garnix.io"
      ];
      trusted-public-keys = [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
      ];
    };

    channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
  };

  fileSystems = {
    "/mnt/git-storage" = {
      device = "/dev/sdb";
      fsType = "ext4";
    };
  };


  sops = {
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    defaultSopsFile = ./secrets.yaml;
    secrets = {
      forgejo-emenel = {};
    };
  };

  # Set your time zone.
  time.timeZone = "America/Toronto";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_CA.UTF-8";

  boot.tmp.cleanOnBoot = true;
  boot.loader.grub.enable = true;
  zramSwap.enable = true;
  networking.hostName = "services-nixos";
  networking.domain = "";
  networking.useDHCP = true;
  networking.firewall.enable = false;
  services.openssh.enable = true;

  environment.systemPackages = with pkgs; [
    wget
    home-manager
    curl
    git-lfs
    rsync
    gnupg
    util-linux
    git
  ];

  users.users.emenel = {
    openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbzcaEyzlGJkDL8EMcVmrAWRlyYtilTjpIR2VGxkMHo'' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvtBCUQEi7r6mXdaULEaMMvGH1IWZBX9tXpjbIECar2'' ];

    isNormalUser = true;
    description = "emenel";
    extraGroups = [
      "networkmanager"
      "network"
      "wheel"
      "uinput"
      "forgejo"
    ];
    packages = with pkgs; [
      git
    ];
  };

  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };

  programs.nh = {
    enable = true;
    clean = {
      enable = true;
      dates = "daily";
      extraArgs = "--keep 4";
    };
    flake = "/home/emenel/source/nixos-config";
    package = pkgs.nh;
  };

  services.caddy = {
    enable = true;
    email = "matt@emenel.ca";
  };



  system.stateVersion = "25.05"; # Did you read the comment?


}