{
  pkgs,
  lib,
  fp,
  ...
}:

{
  imports = [
    (fp /users)
    (fp /modules/snakeoil-certs.nix)

    ./networking.nix
    ./nix.nix
    ./vm.nix
    ./flake-input-exporter.nix

    ./services/acme.nix
    ./services/auto-upgrade.nix
    ./services/dbus.nix
    ./services/fwupd.nix
    ./services/irqbalance.nix
    ./services/journald-upload.nix
    ./services/logrotate.nix
    ./services/nginx.nix
    ./services/openssh.nix
    ./services/polkit.nix
    ./services/postfix.nix
    ./services/prometheus-node-exporter.nix
    ./services/prometheus-systemd-exporter.nix
    ./services/promtail.nix
    ./services/roowho2.nix
    ./services/smartd.nix
    ./services/thermald.nix
    ./services/uptimed.nix
    ./services/userborn.nix
    ./services/userdbd.nix
  ];

  boot.tmp.cleanOnBoot = lib.mkDefault true;
  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;

  time.timeZone = "Europe/Oslo";

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "no";
  };

  environment.enableAllTerminfo = true;

  environment.systemPackages = with pkgs; [
    # Debug dns outside resolvectl
    dig

    # Debug and find files
    file

    # Check computer specs
    lshw

    # Scan for open ports with netstat
    net-tools

    # Grep for files quickly
    ripgrep

    # Copy files over the network
    rsync

    # Access various state, often in /var/lib
    sqlite-interactive

    # Debug software which won't debug itself
    strace

    # Download files from the internet
    wget
  ];

  # Clone/push nix config and friends
  programs.git.enable = true;

  # Gitea gpg, oysteikt sops, etc.
  programs.gnupg.agent.enable = true;

  # Monitor the wellbeing of the machines
  programs.htop.enable = true;

  # Keep sessions running during work over SSH
  programs.tmux.enable = true;

  # Same reasoning as tmux
  programs.screen.enable = true;

  # Edit files on the system without resorting to joe(1)
  programs.nano.enable = true;
  # Same reasoning as nano
  programs.vim.enable = true;

  # Some people like this shell for some reason
  programs.zsh.enable = true;

  # .bash_profile already works, but lets also use .bashrc like literally every other distro
  # https://man.archlinux.org/man/core/bash/bash.1.en#INVOCATION
  # home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
  # btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
  programs.bash.shellInit = ''
    if [ -n "''${BASH_VERSION:-}" ]; then
      if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
       [[ -f ~/.bashrc ]] && . ~/.bashrc
      fi
    fi
  '';

  # security.lockKernelModules = true;
  security.protectKernelImage = true;
  security.sudo.execWheelOnly = true;
  security.sudo.extraConfig = ''
    Defaults lecture = never
  '';

  # These are servers, sleep is for the weak
  systemd.sleep.extraConfig = lib.mkDefault ''
    AllowSuspend=no
    AllowHibernation=no
  '';

  fonts.fontconfig.enable = lib.mkDefault false;

  users.mutableUsers = lib.mkDefault false;

  users.groups."drift".name = "drift";

  # Trusted users on the nix builder machines
  users.groups."nix-builder-users".name = "nix-builder-users";
}