{ self, ... }:
{ modulesPath, ... }:
{
  imports = [
    (modulesPath + "/virtualisation/lxc-container.nix")

    ./backup.nix
    ../../users/root
    ../../users/erwin
  ];

  eboskma = {
    users.erwin = {
      enable = true;
      server = true;
    };
    services = {
      minio.enable = true;
    };
    nix-common = {
      enable = true;
      remote-builders = true;
    };
    tailscale.enable = true;
  };

  time.timeZone = "Europe/Amsterdam";

  system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;

  networking = {
    hostName = "minio";
    useDHCP = false;
    useHostResolvConf = false;
    networkmanager.enable = false;
    useNetworkd = true;
    nftables.enable = true;

    firewall.trustedInterfaces = [ "tailscale0" ];
  };

  systemd.network = {
    enable = true;

    wait-online.anyInterface = true;

    networks = {
      "40-eth0" = {
        matchConfig = {
          Name = "eth0";
        };

        networkConfig = {
          Address = "10.0.0.204/24";
          Gateway = "10.0.0.1";
          DNS = "10.0.0.206";
          DHCP = "no";
        };
      };
    };
  };

  security = {
    sudo-rs = {
      enable = true;
      execWheelOnly = true;
      wheelNeedsPassword = false;
    };
    sudo.enable = false;
  };

  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets = {
    minio-root-credentials = { };
    minio_backup_ssh_key = { };
    minio_backup_pass = { };
  };

  system.stateVersion = "24.05";
}