{ lib, modulesPath, user, ... }:

{
  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
    (modulesPath + "/virtualisation/digital-ocean-config.nix")
    #./hardware-configuration.nix
    # Remember to update for new instances
    #./networking.nix # generated at runtime by nixos-infect

    # root gets managed by digital-ocean-config for us
    # but we want to override some things and let user login
    ./modules/ssh.nix
    #./modules/headscale.nix
    ./modules/tailscale.nix

    #./hosts/jichan.org
    #./hosts/tegakituesday.com
  ];

  networking = {
    # May cause some issues
    #networkmanager.enable = lib.mkForce false;
    firewall = {
      enable = true;
      allowedTCPPorts = [ 80 443 ];
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "elnu@elnu.com";
  };

  services.nginx = {
    enable = true;
    virtualHosts."default" = {
      default = true;
      serverName = null;
      # https://stackoverflow.com/a/42802777
      locations."/".return = "444";
    };
  };

  #services.do-agent.enable = true;
}