{ config, lib, pkgs, ... }:
{
  imports = [
    ./hardware-configuration.nix
  ];

  networking.hostName = "lyra";

  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };

  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
  };

  networking = {
    networkmanager.enable = true;

    firewall = {
      allowedTCPPorts = [
        2222
      ];
    };
  };

  services = {
    openssh = {
      enable = true;

      ports = [2222];
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
        AllowUsers = ["foxora"];
        UseDns = false; # enables rDNS lookup
        X11Forwarding = false;
      };
    };
  };

  virtualisation.containers.enable = true;
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
    };
  };

  users.users.foxora = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];

    packages = with pkgs; [
      tree
    ];

    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4d6Pt4fFTP0/ZfesNL+MX+j/OqoMRBOh61gqHNWpnH aurora@nixarawrui"
    ];
  };

  programs = {
    nh = {
      enable = true;
      clean.enable = true;
      clean.extraArgs = "--keep-since 14d --keep 8";
      flake = "/etc/nixos";
    };
  };

  environment = {
    systemPackages = with pkgs; [
      neovim
      git
      wget
    ];

    variables = {
      EDITOR = "nvim";
    };
  };

  system.stateVersion = "25.11";
}