{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [
    ./hardware-configuration.nix
  ];

  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.supportedFilesystems = [ "bcachefs" ];
  boot.kernelPackages = pkgs.linuxPackages_latest;

  time.timeZone = "Europe/Paris";

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "fr";
  };
  services.dbus.packages = with pkgs; [ dconf ];

  nixpkgs.config.allowUnfree = true;

  programs.zsh.enable = true;

  environment.systemPackages = with pkgs; [
    wget
    brightnessctl
    nix-search-cli
    git
    btop
    ranger
    dnsmasq
    screen
  ];

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  services.openssh.enable = true;
  services.netbird.enable = true;

  boot.kernelModules = [
    "kvm-intel"
    "kvm-amd"
  ];
  programs.virt-manager.enable = true;
  virtualisation.libvirtd.enable = true;

  security.acme = {
    acceptTerms = true;
    defaults.email = "root@katvayor.net";
  };
  kat-proxies = {
    enable = true;
    internal-webroot = pkgs.runCommand "manah" { } ''
      mkdir -p $out/.kat-manah/
      ln -nsf ${./error} $out/.kat-manah/error
    '';
  };

  services.weechat = {
    enable = true;
    binary = "${pkgs.weechat}/bin/weechat-headless";
  };

  networking.firewall = {
    allowedTCPPorts = [ 9000 9500 53 ];
    allowedUDPPorts = [ 67 ];
  };
  system.stateVersion = "23.11";
}