{ config, pkgs, ... }:
{
  config = {
    boot = {
      kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
      initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
      loader = {
        grub.enable = false;
        generic-extlinux-compatible.enable = true;
      };
    };

    fileSystems = {
      "/" = {
        device = "/dev/disk/by-label/NIXOS_SD";
        fsType = "ext4";
        options = [ "noatime" ];
      };
    };

    hardware.raspberry-pi."4" = {
      bluetooth.enable = false;
    };

    # todo: module for dis stuff (maybe)
    networking.firewall.allowedTCPPorts = [ 80 443 22 ];

    services.samba = {
      enable = true;
      openFirewall = true;
      shares = {
        media = {
          path = "/media";
          writeable = "yes";
          public = "yes";
          browsable = "yes";
          "create mask" = "0777";
          "directory mask" = "0777";
        };
      };
    };

    services.nginx = {
      enable = true;
      additionalModules = [ pkgs.nginxModules.fancyindex ];
      virtualHosts.media = {
        default = true;
        # addSSL = true;
        # enableACME = true;

        root = "/media";

        serverName = "_";

        locations = {
          "/" = {
            tryFiles = "$uri $uri/ =404";
            extraConfig = ''
              fancyindex on;
              fancyindex_name_length 256;
              fancyindex_exact_size off;
            '';
          };
        };
      };
    };

    # security.acme = {
    #   acceptTerms = true;
    #   defaults.email = "krizej@protonmail.com";
    # };

    chuj = {
      system = {
        user = "krizej";
        host = "rpi";
        platform = "aarch64-linux";
      };

      # home manger on a server xd
      home-manager.enable = true;

      stuff = {
        git.enable = true;
        vim.enable = true;
        ssh = {
          enable = true;
          authKeys = [
            "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXxtwm+YoSIXfT9OJtU3O/EHf1Lg4IwoLe0CO2/Oapl7efTNZO5qVCh7aG0T5Hy4RD5CmVpxZVei44NM1dpNf3c+5976eH1BKgMmklA4EwAVc3o259YfJoOowBvyzBqO4CZWJmuUUjZwaQ152gPh1iCVe8bcR25S7cCTRN/6qU+rGn2zsbkV/GKdtJmhS5OLic5iXMdL56B7+hqFdL5NxPcWpnaSilIPus2xhI4u29I/FrM8RcR3Uzkqyx385js5MqhkVP3SVc7V8hSKEO8LRzmBYuBKkBPW9gmCUHKyxhSxZOvcretUFB87W/P/HDw3I4tk4naQPiPnASj6NvqTRMuhErIvXd1w+3MEEsfnXLeyq7CIhO01+d3/JEl7br5HOLZO+64IjSWYY7N0a0zhMjf147yEJ+JBOwXzN6px7y2rLI9CLY6jMs+Ye63nl7ALqN9dLJiaqxOMqTxrSNdRqWEj+FnFTd6sTb5eOZH7yabF/EApwdV3TGRGEaaZGS/GE= krizej@krizej-pc"
          ];
        };
        fish = {
          enable = true;
          extraAliases = {
            "rebuild" = "sudo nixos-rebuild switch --flake ~/nix#rpi -v";
          };
        };
      };
    };
  };
}