{ self, caddy-with-plugins, ... }:
{ modulesPath, pkgs, ... }: {
  imports = [
    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ../../users/root
    ../../users/erwin
  ];

  eboskma = {
    users.erwin = {
      enable = true;
      server = true;
    };
    nix-common = {
      enable = true;
      remote-builders = true;
    };
    nginx-proxy-manager.enable = false;
    caddy-proxy = {
      enable = true;
      package = caddy-with-plugins.lib.caddyWithPackages {
        inherit (pkgs) caddy buildGoModule;
        plugins = [ "github.com/caddy-dns/cloudflare@74f004e1c1ab9056288f0baf3cd4b0039d6c77f3" ];
        vendorSha256 = "7TWLOeEHn/cmpCXWuwLQrWpezrW6qcCERscutzYjpN0=";
      };
    };
  };

  boot.isContainer = true;

  time.timeZone = "Europe/Amsterdam";

  system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;

  # networking = {
  #   hostName = "proxy";
  #   useDHCP = false;

  #   interfaces = {
  #     eth0 = {
  #       ipv4.addresses = [
  #         {
  #           address = "10.0.0.251";
  #           prefixLength = 24;
  #         }
  #       ];
  #     };
  #   };

  #   defaultGateway = "10.0.0.1";
  #   nameservers = [ "10.0.0.254" ];
  # };

  proxmoxLXC = {
    privileged = true;
  };

  services.tailscale.enable = true;

  security.sudo.execWheelOnly = true;

  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets = {
    caddy-env = { };
  };

  system.stateVersion = "21.11";
}