{ hostName, inputs, lib, pkgs, ... }:

{
  boot.kernelParams = [
    # No server/router runs any untrusted user code
    "mitigations=off"
    # Prevents automatic creation of interface bond0 by the kernel
    "bonding.max_bonds=0"
  ];
  boot.tmp.useTmpfs = true;
  # Includes wireguard
  boot.kernelPackages = pkgs.zfsUnstable.latestCompatibleLinuxPackages;
  # Keep building
  boot.zfs.enableUnstable = true;

  # no persistent logs
  services.journald.extraConfig = ''
    RuntimeMaxUse=32M
    Storage=volatile
  '';

  nix = {
    package = pkgs.nixFlakes;
    extraOptions = "experimental-features = nix-command flakes";
    registry = {
      nixpkgs.flake = inputs.nixpkgs;
    };

    settings = {
      substituters = lib.mkBefore [ "https://hydra.hq.c3d2.de" ];
      trusted-public-keys = [
        "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=%"
      ];
    };
  };

  documentation = {
    enable = lib.mkForce false;
    nixos.enable = lib.mkForce false;
  };

  environment.systemPackages = with pkgs; [
    bmon
    bridge-utils
    conntrack-tools
    dhcpcd
    dhcpdump
    dig
    ethtool
    git
    iftop
    iperf
    iptables
    iptraf-ng
    iputils
    mtr
    psmisc
    screen
    speedtest-cli
    tcpdump
    tmux
    traceroute
    vim
    wget
  ];

  networking.hostName = hostName;

  programs = {
    fzf.keybindings = true;
    git = {
      enable = true;
      config = {
        alias = {
          co = "checkout";
          lg = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold y
   ow)%d%C(reset)'";
          remote = "remote -v";
          st = "status";
          undo = "reset --soft HEAD^";
        };
        pull.rebase = true;
        rebase.autoStash = true;
      };
    };
  };

  users.users.root.initialHashedPassword = "";

  system.stateVersion = "20.09";
}