{ lib, user, ... }:

{
  imports = [
    ./hardware-configuration.nix
    # Remember to update for new instances
    ./networking.nix # generated at runtime by nixos-infect

    ./modules/ssh.nix
    ./modules/headscale.nix
    ./modules/tailscale.nix

    ./hosts/jichan.org
    ./hosts/tegakituesday.com
  ];

  networking = {
    # May cause some issues
    networkmanager.enable = lib.mkForce false;
    firewall = {
      enable = true;
      allowedTCPPorts = [ 80 443 ];
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "elnu@elnu.com";
  };

  services.nginx = {
    enable = true;
    virtualHosts."default" = {
      default = true;
      serverName = null;
      # https://stackoverflow.com/a/42802777
      locations."/".return = "444";
    };
  };

  services.do-agent.enable = true;
}