{
  lib,
  pkgs,
  config,
  self,
  ...
}:
{
  networking = {
    wireless = {
      #enable = true;
      networks = { };
    };
    nameservers = [ "192.168.88.251" ];
    networkmanager.enable = true;
  };

  time.timeZone = "Europe/Berlin";

  boot.initrd.systemd.enableTpm2 = false;

  users.mutableUsers = false;

  services.nix-serve = {
    enable = true;
    openFirewall = true;
    secretKeyFile = "${./init/cache.pem}";
  };

  nix = {
    settings = {
      substituters = [
        "https://cache.nixos.org"
        "https://nix-community.cachix.org"
        "http://192.168.88.251:5000"
        "http://192.168.88.252:5000"
        "http://192.168.88.253:5000"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "binarycache.example.com:fbOZkjmYt+dpxlSZbhNNT0WOAApJ1ZLvBBfQkTsBMis="
      ];
      trusted-users = [ "root" ];
      sandbox = true;
      require-sigs = true;
      max-jobs = "auto";
      auto-optimise-store = true;
      allowed-users = [ "*" ];
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      warn-dirty = true;
      use-xdg-base-directories = true;
      keep-going = true;
      builders-use-substitutes = true;
    };
    distributedBuilds = true;
    package = pkgs.nixVersions.unstable;
    registry = lib.mkForce (
      (lib.mapAttrs (_: flake: { inherit flake; })) (
        (lib.filterAttrs (_: lib.isType "flake")) self.inputs
      )
      // {
        self.flake = self;
      }
    );
    nixPath = lib.mkForce [ "/etc/nix/path" ];
  };

  nixpkgs = {
    config = {
      allowUnfree = true;
      nvidia.acceptLicense = true;
    };
  };

  environment.etc = lib.mapAttrs' (name: value: {
    name = "nix/path/${name}";
    value.source = value.flake;
  }) config.nix.registry;

  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;
    backupFileExtension = "backup";
  };

  systemd.services.nix-daemon.serviceConfig.LimitNOFILE = lib.mkForce 1048576000;

  system.autoUpgrade = {
    enable = true;
    dates = "hourly";
    randomizedDelaySec = "10min";
    flake = "git+https://git.missing.ninja/lf3/server-conf.git";
  };

  networking.hosts = {
    "192.168.88.251" =
      (builtins.attrNames self.nixosConfigurations.mio-mio-mate.config.services.nginx.virtualHosts)
      ++ [
        "dns"
        "ldap.it3"
        self.nixosConfigurations.mio-mio-mate.config.networking.hostName
      ];
    "192.168.88.252" = [ self.nixosConfigurations.club-mate.config.networking.hostName ];
    "192.168.88.253" = [
      self.nixosConfigurations.flora-mate.config.networking.hostName
      "ap"
      "minecraft"
      "minecraft.it3"
    ];
    "192.168.88.1" = [ "router" "router.it3" ];
  };

  programs = {
    fish = {
      enable = true;
    };
  };

  services.openssh = {
    enable = true;
    banner = "Hackers are in Your System!!!\n";
    settings = {
      PasswordAuthentication = false;
      PermitRootLogin = "prohibit-password";
    };
  };
  documentation = {
    enable = false;
    doc.enable = false;
    dev.enable = false;
    info.enable = false;
    nixos = {
      enable = false;
      includeAllModules = false;
      options.warningsAreErrors = false;
    };
    man = {
      enable = false;
      generateCaches = false;
    };
  };
}