diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix
index 3c24242..72ad163 100644
--- a/nixos/roles/default.nix
+++ b/nixos/roles/default.nix
@@ -1,4 +1,52 @@
-{ ... } : {
+{pkgs, config, lib, ...} : {
+
+imports = [ ./admins.nix ];
+nix = {
+  extraOptions = ''
+    experimental-features = nix-command flakes
+    builders-use-substitutes = true
+  '';
+};
+
+networking = {
+  firewall = { # these shoud be default, but better make sure!
+    enable = true;
+    allowPing = true;
+  };
+  nftables.enable = true;
+  useDHCP = false; # We don't speak DHCP and even if we would, we should enable it per interface
+  # hosts = # TODO write something to autogenerate ip adresses!
+};
+
+users = {
+  mutableUsers = false;
+};
 
 sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+environment = {
+  systemPackages = builtins.attrValues {
+    inherit (pkgs)
+      htop lsof tmux btop;
+  };
+};
+
+services = {
+  journald.extraConfig = "SystemMaxUse=5G";
+
+  nginx = {
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+  };
+};
+>>>>>>> 2b0eec7 (added actual hardware identifiers & atual network config)
 }