{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [
    ./hardware-configuration.nix
    ./disks.nix
  ];

  boot = {
    loader.grub = {
      enable = true;
      efiSupport = true;
      efiInstallAsRemovable = true;
    };
    supportedFilesystems = [ "bcachefs" ];
    kernelPackages = pkgs.linuxPackages_latest;
  };

  time.timeZone = "Europe/Paris";

  networking = {
    useNetworkd = true;
    useDHCP = false;
  };
  systemd.network = {
    enable = true;
    networks."10-ens3" = {
      name = "ens3";
      address = [
        "51.83.69.54/32"
        "2001:41d0:305:2100::5c52/56"
      ];
      routes = [
        { Destination = "51.83.68.1/32"; }
        {
          Destination = "213.186.33.99/32";
          Gateway = "51.83.68.1";
        }
        { Gateway = "51.83.68.1"; }
        { Gateway = "2001:41d0:305:2100::1"; }
      ];
      dns = [ "213.186.33.99" ];
    };
  };

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "fr";
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "root@katvayor.net";
  };
  kat-proxies = {
    enable = true;
    internal-webroot = pkgs.runCommand "watcher" { } ''
      mkdir -p $out/.kat-watcher/
      ln -nsf ${./error} $out/.kat-watcher/error
    '';
  };

  services.dbus.packages = with pkgs; [ dconf ];

  programs.zsh.enable = true;

  environment.systemPackages = with pkgs; [
    wget
    nix-search-cli
    git
    btop
    ranger
    screen
  ];

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  services.openssh.enable = true;

  services.netbird.enable = true;
  networking = {
    nftables.enable = true;
    firewall.allowedTCPPorts = [ 22 ];
  };

  system.stateVersion = "23.11";
}