{
  lib,
  config,
  pkgs,
  ...
}:
with lib;
{
  imports = [
    ./users
    ./root.nix
  ];
  options.kat = {
    wireguardPubKey = mkOption {
      type = types.str;
    };
    path = mkOption {
      readOnly = true;
      type = types.path;
    };
    anywhere = lib.mkOption {
      type = lib.types.package;
      readOnly = true;
    };
  };
  config = {
    kat = {
      path = ./.;
      anywhere = pkgs.writeShellApplication {
        name = "anywhere-deploy_${name}.sh";
        runtimeInputs = [ pkgs.nixos-anywhere ];
        # --kexec ${nodes.kat-kexec.config.system.build.kexecTarball}/${nodes.kat-kexec.config.system.kexec-installer.name}-${pkgs.stdenv.hostPlatform.system}.tar.gz
        text = ''
          nixos-anywhere --store-paths ${config.system.build.diskoScriptNoDeps} ${config.system.build.toplevel} ${config.deployment.targetHost}
        '';
      };
    };

    boot = {
      tmp.useTmpfs = true;
      supportedFilesystems.bcachefs = mkDefault true;
      kernelPackages = pkgs.linuxPackages_latest;
    };

    networking = {
      useNetworkd = true;
      nftables.enable = true;
    };
    systemd.network.enable = true;

    nix = {
      nixPath = [
        "nixpkgs=${builtins.storePath pkgs.path}"
        "nixos=${builtins.storePath pkgs.path}"
      ];
      channel.enable = false;
      settings.nix-path = config.nix.nixPath;
      package = pkgs.lix;
    };

    time.timeZone = mkDefault "Europe/Paris";
    i18n.defaultLocale = "en_US.UTF-8";
    console = {
      font = "Lat2-Terminus16";
      keyMap = mkDefault "fr";
    };

    environment.systemPackages = with pkgs; [
      tree
      ranger
      ripgrep
      wget
      git
      lazygit
      btop
      screen
      nix-search-cli
      nix-output-monitor
    ];

    services = {
      resolved.enable = !config.boot.isContainer;
      openssh.settings = {
        ClientAliveInterval = 60;
        ClientAliveCountMax = 1;
      };
    };
  };
}