{ self, ... } @ inputs: {
  imports = [
    ./hardware-configuration.nix
    ../../users/root
    ../../users/erwin
  ];

  eboskma = {
    users.erwin.enable = true;
    nix-common = {
      enable = true;
      remote-builders = true;
    };
    services = {
      wireguard = {
        server = {
          enable = true;
          externalInterface = "eth0";
          internalInterface = "wg0";
          internalIPs = [ "10.1.0.0/24" ];
          privateKeyFile = "/run/secrets/wireguard_key";
          peers = [
            # horus
            # {
            #   publicKey = "";
            #   persistentKeepalive = 25;
            #   allowedIPs = [
            #     "10.1.0.0/24"
            #     "10.0.0.0/24"
            #   ];
            # }
            # iphone
            {
              publicKey = "SlJSLRMaqoujNsTkzQRZlNLBGB0Q/tt3b8KijFEaH2s=";
              persistentKeepalive = 25;
              allowedIPs = [
                "10.1.0.0/24"
                "10.0.0.0/24"
              ];
            }
          ];
        };
      };
    };
  };

  boot.isContainer = true;

  time.timeZone = "Europe/Amsterdam";

  system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;

  environment.noXlibs = true;

  services.openssh.enable = true;

  proxmoxLXC = {
    privileged = true;
  };

  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets = {
    wireguard_key = { };
  };

  system.stateVersion = "22.05";
}