{ config, lib, pkgs, ... }:
{
  imports = [
    ./hardware-configuration.nix
    ../../modules
    ../../users/simon

    ./services/co2_exporter.nix
    ./services/languagetool.nix
    ./services/media-backup.nix
    ./services/media.nix
    ./services/torrent.nix
  ];

  sbruder = {
    wireguard.home.enable = true;
    nginx.hardening.enable = true;
    restic.system = {
      enable = true;
      uploadLimit = 1500;
      extraPaths = [
        "/data"
      ];
      extraExcludes = [
        "/data/media/video"
        "/data/misc"
        "/data/torrent"
      ];
      prune = true;
    };
    unfree.allowSoftware = true;
  };

  services.nginx = {
    enable = true;

    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys";

  services.syncthing.enable = true;

  services.udisks2.enable = true; # does not have gui, but often deals with removable storage

  networking.hostName = "fuuko";

  system.stateVersion = "20.09";
}