{ modulesPath, nixosModules, agenix, pkgs, config, ... }: {
  imports = [
    "${modulesPath}/virtualisation/amazon-image.nix"
    nixosModules.nettika
    nixosModules.promptmoji
    agenix.nixosModules.default
  ];

  nixpkgs.config.allowUnfree = true;

  nix.settings = {
    experimental-features = [ "nix-command" "flakes" ];
    trusted-users = [ "@wheel" ];
  };

  security.sudo.wheelNeedsPassword = false;

  environment.variables.EDITOR = "nano";

  networking = {
    hostName = "quasar";
    networkmanager.enable = true;
    firewall.allowedTCPPorts = [ 80 443 ];
  };

  environment.systemPackages = [ pkgs.htop ];

  age.secrets = {
    matrix-synapse-secrets.file = ./secrets/matrix-synapse-secrets.age;
  };

  services.postgresql = { enable = true; };

  services.caddy = {
    enable = true;
    virtualHosts = {
      "consortium.chat".extraConfig = ''
        reverse_proxy localhost:8008
        header Strict-Transport-Security "max-age=63072000; includeSubDomains"
      '';
      "matrix.consortium.chat".extraConfig = ''
        reverse_proxy /_matrix/* localhost:8008
        reverse_proxy /_synapse/client/* localhost:8008
      '';
      "admin.consortium.chat".extraConfig = ''
        root * ${pkgs.synapse-admin}
        file_server
      '';
    };
  };

  services.matrix-synapse = {
    enable = true;
    settings = {
      server_name = "consortium.chat";
      serve_server_wellknown = true;
    };
    extraConfigFiles = [ config.age.secrets.matrix-synapse-secrets.path ];
  };

  programs.git = {
    enable = true;
    lfs.enable = true;
    config = {
      init.defaultBranch = "master";
      user = {
        email = "git@nettika.cat";
        name = "Nettika";
      };
      credential.helper = "store";
    };
  };

  programs.nano = {
    enable = true;
    nanorc = ''
      set autoindent
      set linenumbers
    '';
  };

  programs.fish.enable = true;

  promptSymbol = "🌟";

  time.timeZone = "America/Los_Angeles";

  system.stateVersion = "24.05";
}