{ config, pkgs, lib, ... }:
{
  # Bootloader
  boot.loader.grub.enable      = true;
  boot.loader.grub.device      = "/dev/sda";
  boot.loader.grub.useOSProber = true;
  imports = [
    ./hardware-configuration.nix
    ../../../profiles/sshd.nix
    #../../../profiles/oci/podman.nix

    #./yt-dlp-archive.nix

    #../../../profiles/vpn-pbsds/headscale.nix # opens port 3478 # TODO: move outside of home net?

    ../../../users/pbsds
    ../../../users/jornane

    ../../../profiles/mounts/freon-nfs.nix
    ../../../profiles/mounts/reidun-nfs.nix
    ../../../profiles/mounts/meconium-zfs.nix
    #../../../profiles/mounts/fridge-nfs.nix # TODO: fix

    ../../../profiles/shell.nix

    #../../../profiles/services/tmate-server.nix # opens port 42244 # TODO: move outside of home net

    ../../../profiles/http # enables nginx+acme, defines mkDomain
    ../../../profiles/http/index
    ../../../profiles/http/services/cinny.nix
    ../../../profiles/http/services/element.nix
    ../../../profiles/http/services/flexget.nix
    #../../../profiles/http/services/gitea.nix
    #../../../profiles/http/services/hydra.nix
    ../../../profiles/http/services/invidious.nix
    #../../../profiles/http/services/rss-bridge.nix # TODO: move out of home net
    #../../../profiles/http/services/jellyfin.nix
    ../../../profiles/http/services/plex.nix
    #../../../profiles/http/services/tautulli.nix # will run a first-time-setup where admin account is made
    ../../../profiles/http/services/libreddit.nix
    #../../../profiles/http/services/mattermost.nix
    #../../../profiles/http/services/navidrome.nix
    #../../../profiles/http/services/netdata.nix # put behind firewall
    #../../../profiles/http/services/nitter.nix
    #../../../profiles/http/services/ntopng.nix
    #../../../profiles/http/services/microbin.nix # TODO: move out of home net
    #../../../profiles/http/services/owncast.nix
    #../../../profiles/http/services/paperless.nix
    ../../../profiles/http/services/polaris.nix
    #../../../profiles/http/services/resilio.nix
    ../../../profiles/http/services/roundcube.nix
    #../../../profiles/http/services/snappymail.nix # WIP
    ../../../profiles/http/services/thelounge.nix
    ../../../profiles/http/services/vaultwarden.nix
    ../../../profiles/http/services/webdav-zotero.nix
    #../../../profiles/http/services/garage/gunktrunk.nix
    #../../../profiles/http/services/convos.nix
    #../../../profiles/http/services/cryptpad.nix
    #../../../profiles/http/services/galene.nix
    #../../../profiles/http/services/graphana.nix
    #../../../profiles/http/services/hedgedoc.nix # TODO: move out of home net
    #../../../profiles/http/services/home-assistant.nix
    #../../../profiles/http/services/jitsi-meet.nix
    #../../../profiles/http/services/kukkee
    #../../../profiles/http/services/matrix-synapse.nix
    #../../../profiles/http/services/shlink.nix
    #../../../profiles/http/services/sourcegraph.nix
    #../../../profiles/http/services/censordodge.nix
    #../../../profiles/http/services/openspeedtest.nix

    /**/
    # TODO: move to brumle
    ../../../profiles/http/docs
    ../../../profiles/http/docs/pdoc.nix
    ../../../profiles/http/docs/python-docs.nix
    #../../../profiles/http/docs/nixpkgs.nix # TODO: fix
    ../../../profiles/http/docs/home-manager.nix
    #../../../profiles/http/docs/linux-docs.nix # TODO: fix
    ../../../profiles/http/docs/programs.nix
    ../../../profiles/http/docs/yagcd.nix
    /**/

    # TODO: make flake inputs
    #../../../profiles/http/sites/linktree-pbsds.nix # github bby!! TODO: remove
    ../../../profiles/http/sites/refleksjon-no.nix
    ../../../profiles/http/sites/roroslyd-no.nix
    ../../../profiles/http/sites/kuklefse.nix

    #../../../profiles/http/services/trivial-gradios

    #../../../profiles/code-remote # TODO: move into web? services?
    ../../../profiles/domeneshop-dyndns.nix
    ../../../profiles/known-hosts.nix
    /* ../../../profiles/autossh-reverse-tunnels */
    #../../../profiles/xrdp
  ];
  services.domeneshop-updater.targets = [
    #"pbsds.net" # github bby!! TODO: remove
    "olavtr.pbsds.net"
    "kuklef.se"
  ];

  nix.settings.max-jobs = 1; # this host do be stinky

  networking.hostId = "e1ffd469"; # needed for zfs: head -c 8 /etc/machine-id

  #networking.wireguard.interfaces."wg0".ips = [ "172.22.48.3/24" ]; # fyrkat

  sops.secrets.flexget.sopsFile = ./secrets.yaml;

  # TODO: remove? Move to where relevant?
  nixpkgs.overlays = [
    /** /
    (final: prev: {
      mapcrafter          = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
      mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
    })
    /**/
  ];

  # Networking
  networking.networkmanager.enable = true;
  #networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  #networking.iwd.enable = true # # alternative wireless backend, doesn't support eduroam
  networking.interfaces.eno1.ipv4.addresses = [
    { address = "192.168.1.9"; prefixLength = 24; }
  ];
  networking.nameservers = [
    "192.168.1.254"
    "8.8.8.8"
    "1.1.1.1"
  ];
  networking.defaultGateway = {
    address = "192.168.1.254";
    interface = "eno1";
  };
  #networking.useDHCP = true;
  #TODO: avahi? resolved? https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/base.nix#L15-L18

  # TODO: remove? Move?
  programs.dconf.enable = true;
}