{
  pkgs,
  lib,
  config,
  ...
}:
let
  lock = value: {
    Value = value;
    Status = "locked";
  };
in
{
  system.stateVersion = "24.11";
  networking.hostName = "c3terminal";
  time.timeZone = "Europe/Berlin";
  facter.reportPath = ./facter.json;

  users.users.c3terminal = {
    isNormalUser = true;
    password = "test";
    extraGroups = [
      "wheel"
      "networkmanager"
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB8oyMzoom.minPercentpS2hK3gQXyHIIVS6oilgMpemLmfhKKJ6RBMwUh jopejoe1_2@joens.email"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3pKtvhOOjG1pGJq7cVHS5uWy5IP8y1Ra/ENpmJcqOe jopejoe1@zap"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEcNAVRN66mfKmaCpxs++0094Eh4mqXkUwDPZPkIIBB jopejoe1@joens.email"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZDUoC+1lNR2JTY1Q+vhXpuLmKMdVl2OMFLVbQ3cGkw jopejoe1@kuraokami"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm2igbJ+Ke+dJO3r7wp5ZTreHqC39Sjctca119Bl2yc jopejoe1@zap"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHns90pKP8pDOKM7ziCiG7ZjO3kFvScnbq7uBlUWG5H n0th1ng"
    ];
  };

  home-manager.users.c3terminal = {
    home = {
      username = config.users.users.c3terminal.name;
      homeDirectory = config.users.users.c3terminal.home;
      stateVersion = config.system.stateVersion;
    };
    programs = {
      firefox = {
        enable = true;
        package = pkgs.firefox-esr;
        policies = {
          SupportMenu = {
            Title = "Config";
            URL = "https://git.hamburg.ccc.de/jopejoe1/c3terminal";
          };
          BlockAboutConfig = true;
          Preferences = {
            "browser.ssb.enabled" = lock true;
            "ui.osk.detected_physical_keyboard" = lock false;
            "browser.gesture.pinch.in" = lock false;
            "browser.gesture.pinch.out" = lock false;
            "zoom.maxPercent" = lock 100;
            "zoom.minPercent" = lock 100;
          };
        };
      };
    };
  };

  users.users.demo = {
    isNormalUser = true;
    password = "test";
  };

  users.users.root = {
    password = "test";
    shell = lib.mkForce (lib.getExe pkgs.bash);
    extraGroups = [
      "wheel"
      "networkmanager"
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB8oyMpS2hK3gQXyHIIVS6oilgMpemLmfhKKJ6RBMwUh jopejoe1_2@joens.email"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3pKtvhOOjG1pGJq7cVHS5uWy5IP8y1Ra/ENpmJcqOe jopejoe1@zap"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEcNAVRN66mfKmaCpxs++0094Eh4mqXkUwDPZPkIIBB jopejoe1@joens.email"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZDUoC+1lNR2JTY1Q+vhXpuLmKMdVl2OMFLVbQ3cGkw jopejoe1@kuraokami"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm2igbJ+Ke+dJO3r7wp5ZTreHqC39Sjctca119Bl2yc jopejoe1@zap"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHns90pKP8pDOKM7ziCiG7ZjO3kFvScnbq7uBlUWG5H n0th1ng"
    ];
  };

  boot = {
    loader = {
      grub = {
        enable = true;
      };
      efi = {
        canTouchEfiVariables = true;
      };
    };
  };

  services = {
    openssh = {
      enable = true;
      settings = {
        PermitRootLogin = "no";
      };
    };
  };

  programs.sway = {
    enable = true;
    wrapperFeatures.gtk = true;
  };

  nix = {
    settings = {
      substituters = lib.mkForce [
        "https://cache.nixos.org"
        "https://nix-community.cachix.org"
      ];
      trusted-public-keys = lib.mkForce [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      sandbox = true;
      require-sigs = true;
      max-jobs = "auto";
      allowed-users = [ "*" ];
      trusted-users = [
        "root"
      ];
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      use-xdg-base-directories = true;
    };
    package = pkgs.lix;
  };

  disko.devices = {
    disk = {
      main = {
        type = "disk";
        device = "/dev/disk/by-id/wwn-0x502b2a201d1c1b1a";
        content = {
          type = "gpt";
          partitions = {
            boot = {
              size = "1M";
              type = "EF02"; # for grub MBR
            };
            ESP = {
              size = "512M";
              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [ "umask=0077" ];
              };
            };
            root = {
              size = "100%";
              content = {
                type = "filesystem";
                format = "ext4";
                mountpoint = "/";
              };
            };
          };
        };
      };
    };
  };
}