{
    config,
    ...
}: let
    inherit (config.myOptions.other.system) username;
in {
    nixpkgs = {
        # fuck broadcom
        config.allowUnfree = true;
    };

    users.users.${username} = {
        extraGroups = [ "docker" ];
    };

    services.caddy = let 
        redirToFlake = ''
            redir https://git.jacekpoz.pl/jacekpoz/niksos
        '';
    in {
        enable = true;
        virtualHosts = {
            "test.jacekpoz.pl".extraConfig = ''
                reverse_proxy * localhost:3001
            '';

            "f.jacekpoz.pl".extraConfig = ''
                root * /srv/files
                file_server
            '';

            "flake.jacekpoz.pl".extraConfig = redirToFlake;
            "flake.jpoz.pl".extraConfig = redirToFlake;
        };
    };

    virtualisation = {
        podman = {
            enable = true;
            dockerCompat = true;
        };
        oci-containers.backend = "podman";
    };

    networking.firewall.allowedTCPPorts = [ 80 443 22 ];

    myOptions = {
        other.home-manager.enable = true;
        programs = {
            git = {
                enable = true;
                defaultBranch = "master";
            };
            starship.enable = true;
            zsh.enable = true;
            btop.enable = true;
            neovim.enable = true;
        };
        services = {
            ssh = {
                agent.enable = false;
                daemon.enable = true;
            };
            syncthing.enable = true;
        };
    };

    system.stateVersion = "23.11";
}