{ config, pkgs, ... }:

{
  imports = [ ];

  nix = {
    package = pkgs.nixFlakes;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };

  networking = {
    hostName = "tlaternet";

    usePredictableInterfaceNames = false;
    useDHCP = false;
    interfaces.eth0.useDHCP = true;

    firewall.allowedTCPPorts = [ 80 443 2222 2221 25565 ];
  };

  time.timeZone = "Europe/London";

  users.users.tlater = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keyFiles = [ ../keys/tlater.pub ];
  };

  services.openssh = {
    enable = true;
    allowSFTP = false;
    passwordAuthentication = false;
    permitRootLogin = "no";
    ports = [ 2222 ];
    startWhenNeeded = true;
  };

  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;
    clientMaxBodySize = "10G";
  };

  security.acme = {
    email = "tm@tlater.net";
    acceptTerms = true;
  };

  virtualisation.oci-containers.backend = "podman";

  system.stateVersion = "20.09";
}