{ nixosModules, modulesPath, lib, config, pkgs, ... }: {
  imports = with nixosModules; [
    "${modulesPath}/virtualisation/amazon-image.nix"
    nettika
  ];

  boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";

  nix = {
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
    settings.trusted-users = [ "@wheel" ];
  };

  networking = {
    hostName = "astral";
    domain = "recipes.leaf.ninja";
    firewall.allowedTCPPorts = [ 80 443 ];
    networkmanager.enable = true;
  };

  users.defaultUserShell = pkgs.fish;

  security.sudo.wheelNeedsPassword = false;

  environment.variables.EDITOR = "nano";

  services.caddy = {
    enable = true;
    virtualHosts = {
      "${config.networking.domain}".extraConfig = ''
        reverse_proxy localhost:8008
        header Strict-Transport-Security "max-age=63072000; includeSubDomains;"
      '';
    };
  };

  programs.fish.enable = true;

  programs.git = {
    enable = true;
    lfs.enable = true;
    config = {
      init.defaultBranch = "master";
      user = {
        email = "git@nettika.cat";
        name = "Nettika";
      };
      credential.helper = "store";
    };
  };

  programs.nano = {
    enable = true;
    nanorc = ''
      set autoindent
      set linenumbers
    '';
  };

  documentation.man.generateCaches = false;

  promptEmoji = "✴️";

  time.timeZone = "America/Los_Angeles";

  system.stateVersion = "23.05";
}