{
  config,
  pkgs,
  ...
}: {
  imports = [
    ./hardware-configuration.nix
    ../../modules/services/nextcloud-instance.nix
  ];

  # Secret management
  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
  sops.secrets."nextcloud-admin-pass" = {
    sopsFile = ../../secrets/harbor/nextcloud.yaml;
    key = "admin-pass";
  };

  # Configure nix and garbage collection
  nix = {
    settings = {
      experimental-features = ["nix-command" "flakes"];
      auto-optimise-store = true;
    };
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
  };

  users.users.jonas = {
    isNormalUser = true;
    description = "Jonas";
    extraGroups = ["wheel"];
    openssh.authorizedKeys.keys = [
      (builtins.readFile ../../static/keys/my_pub.asc)
    ];
  };
  users.defaultUserShell = pkgs.zsh;

  programs.zsh.enable = true;

  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;
  };

  services.nextcloud-instance.enable = true;
  services.nextcloud-instance.ssl = false;
  services.nextcloud-instance.adminPasswordFile = config.sops.secret.nextcloud-admin-pass.path;
  services.nextcloud-instance.instanceFQDN = "nextcloud.jroeger.de";

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.11"; # Did you read the comment?

  boot.loader.grub.device = "/dev/sda";

  # Set your time zone.
  time.timeZone = "Europe/Berlin";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "de_DE.UTF-8";
    LC_IDENTIFICATION = "de_DE.UTF-8";
    LC_MEASUREMENT = "de_DE.UTF-8";
    LC_MONETARY = "de_DE.UTF-8";
    LC_NAME = "de_DE.UTF-8";
    LC_NUMERIC = "de_DE.UTF-8";
    LC_PAPER = "de_DE.UTF-8";
    LC_TELEPHONE = "de_DE.UTF-8";
    LC_TIME = "de_DE.UTF-8";
  };
  console.keyMap = "de";

  networking.hostName = "harbor";
  networking.domain = "jroeger.de";

  # Enable networking
  networking.networkmanager.enable = true;

  networking.firewall.enable = false;
}