{pkgs, config, lib, ...} : {

imports = [
  ./admins.nix
  ./nix_keys.nix
  ../modules/impermanence.nix
  ];
nix = {
  extraOptions = ''
    experimental-features = nix-command flakes
    builders-use-substitutes = true
  '';
};

networking = {
  firewall = { # these shoud be default, but better make sure!
    enable = true;
    allowPing = true;
  };
  nftables.enable = true;
  useDHCP = false; # We don't speak DHCP and even if we would, we should enable it per interface
  # hosts = # TODO write something to autogenerate ip adresses!
};

users = {
  mutableUsers = false;
};

impermanence.enable = true;

sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}