{ ... }: let
  sources = import ../npins;
  pkgs = import sources.nixpkgs {};
  modulesPath = "${sources.nixpkgs}/nixos/modules";
in {
  boot = {
    initrd = {
      availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
      kernelModules = [ "nvme" ];
    };
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {
      grub.device = "/dev/sda";
      timeout = 30;
    };
    tmp.cleanOnBoot = true;
  };
  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
  networking = {
    domain = "contaboserver.net";
    firewall = {
      enable = true;
      allowedTCPPorts = [80 443];
      allowedUDPPorts = [80 443];
    };
    hostName = "vmi2998419";
    useNetworkd = true;
    usePredictableInterfaceNames = true;
  };
  nix = {
    channel.enable = false;
    settings = {
      experimental-features = "flakes nix-command";
      trusted-users = ["@wheel"];
    };
  };
  nixpkgs = {
    config.allowUnfree = false;
    flake.source = sources.nixpkgs;
    hostPlatform = "x86_64-linux";
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "mtgmonket@gmail.com";
  };
  services = {
    cgit."git.galaxious.de" = {
      enable = true;
      gitHttpBackend.enable = false;
      scanPath = "/var/lib/git";
    };
    nginx = {
      enable = true;
      virtualHosts."git.galaxious.de" = {
        enableACME = true;
        forceSSL = true;
      };
    };
    openssh.enable = true;
  };
  systemd.network = {
    enable = true;
    networks."40-wan" = {
      address = [ "2a02:c207:2299:8419::1/64" "109.199.104.83/20" ];
      dns = [ "2020:fe::10" "9.9.9.10" ];
      matchConfig.Name = "enx0050565f4fff";
      routes = [  { Gateway = "109.199.96.1"; GatewayOnLink = true; } { Gateway = "fe80::1"; } ];
    };
  };
  system.stateVersion = "25.11";
  users = {
    groups.git = {};
    mutableUsers = false;
    users = {
      git = {
        isSystemUser = true;
        createHome = true;
        group = "git";
        home = "/var/lib/git";
        openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo" ];
        shell = "${pkgs.git}/bin/git-shell";
      };
      root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo" ];
    };
  };
  zramSwap.enable = true;
}