{ modulesPath, nixosModules, agenix, lib, pkgs, ... }: {
  imports = [
    "${modulesPath}/virtualisation/amazon-image.nix"
    nixosModules.nano
    nixosModules.nettika
    nixosModules.promptmoji
    agenix.nixosModules.default
    ./forgejo.nix
    ./links.nix
    ./vaultwarden.nix
  ];

  boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";

  nix = {
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
    settings = {
      trusted-users = [ "@wheel" ];
      experimental-features = [ "nix-command" "flakes" ];
    };
  };

  networking = {
    hostName = "astral";
    firewall.allowedTCPPorts = [ 80 443 ];
  };

  users.defaultUserShell = pkgs.fish;

  security.sudo.wheelNeedsPassword = false;

  services.caddy = {
    enable = true;
    virtualHosts = {
      "astral.leaf.ninja".extraConfig = ''
        respond "astral is online"
        header Strict-Transport-Security: "max-age=63072000; includeSubDomains"
      '';
    };
  };

  services.postgresql.enable = true;

  programs.fish.enable = true;

  documentation.man.generateCaches = false;

  promptSymbol = "👻";

  time.timeZone = "America/Los_Angeles";

  system.stateVersion = "23.05";
}