{ pkgs, ... }: {
  imports = [
    ./hardware-configuration.nix
    ./networking.nix # generated at runtime by nixos-infect
    ../../users
    ../../modules/base/nixos.nix

    ../../modules/akkoma
    ../../modules/akkoma/nginx.nix
    ../../modules/coredns
    ../../modules/code-server/nginx.nix
    ../../modules/drone/nginx.nix
    ../../modules/gitea/nginx.nix
    ../../modules/home-assistant/nginx.nix
    ../../modules/ipfs/gateway.nix
    ../../modules/matrix/nginx.nix
    ../../modules/minecraft/proxy.nix
    ../../modules/sops
  ];

  boot.tmp.cleanOnBoot = true;

  # Set your time zone.
  time.timeZone = "America/Toronto";

  networking = {
    hostName = "socrates";
    firewall = {
      allowPing = true;
      allowedTCPPorts = [ 80 443 ];
      trustedInterfaces = [ "tailscale0" ];
      checkReversePath = "loose";
    };
  };

  nix = {
    settings.trusted-users = [ "@wheel" "root" ];
  };

  security = {
    sudo.wheelNeedsPassword = false;
    acme.acceptTerms = true;
    acme.defaults.email = "walkah@walkah.net";
  };

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
  ];

  environment.systemPackages = with pkgs; [ ipfs-migrator ];

  walkah.coredns = {
    enable = true;
    addr = "100.103.57.96";
  };

  services = {
    nginx = {
      enable = true;
      recommendedTlsSettings = true;
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
    };
    openssh = { enable = true; };
    prometheus = {
      enable = true;
      port = 9090;
      listenAddress = "100.103.57.96";
      exporters = {
        node = {
          enable = true;
          enabledCollectors = [ "systemd" ];
          openFirewall = true;
          port = 9100;
          listenAddress = "100.103.57.96";
        };
      };
    };
    tailscale = { enable = true; };
  };
}