{ hostName, inputs, lib, pkgs, ... }:

{
  boot.kernelParams = [
    # No server/router runs any untrusted user code
    "mitigations=off"
    # Prevents automatic creation of interface bond0 by the kernel
    "bonding.max_bonds=0"
  ];
  boot.tmpOnTmpfs = true;
  # Includes wireguard
  boot.kernelPackages = pkgs.linuxPackages_5_17;
  # Keep building
  boot.zfs.enableUnstable = true;

  # no persistent logs
  services.journald.extraConfig = ''
    RuntimeMaxUse=32M
    Storage=volatile
  '';

  nix = {
    package = pkgs.nixFlakes;
    extraOptions = "experimental-features = nix-command flakes";
    registry = {
      nixpkgs.flake = inputs.nixpkgs;
    };

    binaryCachePublicKeys = [
      "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=%"
    ];
    binaryCaches = lib.mkBefore [ "https://hydra.hq.c3d2.de" ];
  };

  documentation = {
    enable = false;
    nixos.enable = false;
  };

  environment.systemPackages = with pkgs; [
    bmon
    bridge-utils
    conntrack-tools
    dhcpcd
    ethtool
    git
    iftop
    iperf
    iptables
    iptraf-ng
    iputils
    mtr
    psmisc
    screen
    speedtest-cli
    tcpdump
    traceroute
    vim
    wget
  ];

  networking.hostName = hostName;

  users.users.root.initialHashedPassword = "";

  system.stateVersion = "20.09";
}