{
  pkgs,
  config,
  ...
}:
{

  imports = [
    ./hardware.nix
    ./jellyfin.nix
    ./wireguard.nix
    ./nextcloud.nix
    ./gotosocial.nix
    ./forgejo.nix
  ];

  services.nginx = {
    enable = true;
    clientMaxBodySize = "40m";

    virtualHosts."dalaran.fr" = {
      default = true;
      enableACME = true;
      forceSSL = true;
    };
  };

  environment.systemPackages = with pkgs; [
    helix
    git
  ];

  # System secrets
  age.secrets = {
    wg0Private.file = ../../secrets/camelot-wg0.age;
    wg1Private.file = ../../secrets/camelot-wg1.age;

    nextcloudAdminPassword = {
      file = ../../secrets/nextcloud-admin.age;
      owner = config.users.users.nextcloud.name;
      group = config.users.users.nextcloud.group;
    };

    gtsEnv = {
      file = ../../secrets/gts-env.age;
      owner = config.users.users.gotosocial.name;
      group = config.users.users.gotosocial.group;
    };

    keycloakDbPassword.file = ../../secrets/keycloak-db.age;
  };

  my.server.blog.enable = true;
  my.server.papermc.enable = true;
  my.server.sso = {
    enable = true;
    dbPasswordFile = config.age.secrets.keycloakDbPassword.path;
  };

  my.users = {
    dala = {
      description = "Dala";
      groups = [ "wheel" ];
      uid = 1000;
      shell = pkgs.bash;
    };
  };
}