{
  pkgs,
  ...
}: {
  imports = [
    ./hardware-configuration.nix
    ./k3s.nix
  ];
  environment.systemPackages = with pkgs; [
    vim
    git
    docker-compose
  ];
  programs.nix-index.enableBashIntegration = false;
  programs.nix-index.enableZshIntegration = false;
  programs.nix-index-database.comma.enable = true;
  time.timeZone = "America/Chicago";

  virtualisation.docker = {
    enable = true;
    daemon.settings = {
      data-root = "/eth2/docker";
    };
  };
  # Enable flakes and unfree packages
  nix.settings = {
    auto-optimise-store = true;
    substituters = ["https://cache.nixos.org"];
    experimental-features = ["nix-command" "flakes"];
  };
  nix.gc = {
    automatic = true;
    dates = "00:00";
    options = "--delete-older-than 14d";
  };
  networking = {
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22
        9000
        30001
        30303
        30304
      ];
      logRefusedConnections = true;
    };
  };
  services = {
    tailscale.enable = true;
    openssh = {
      enable = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "prohibit-password";
      };
    };
    fail2ban.enable = true;
  };
  users.users = {
    root = {
      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];
    };
    e = {
      isNormalUser = true;
      extraGroups = [
        "wheel"
        "docker"
      ];
      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];
    };
    hd = {
      isNormalUser = true;
      extraGroups = [
        "docker"
      ];
    };
    charon = {
      isNormalUser = true;
      extraGroups = [
        "docker"
      ];
    };
  };
  security.sudo.wheelNeedsPassword = false;
  system.stateVersion = "23.11";
}