{ pkgs, modulesPath, lib, ... }: 
{
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
  ];

  #modules.hetzner.wan = {
    #enable = true;
    #macAddress = "96:00:02:1f:45:20"; # changeme
    #ipAddresses = [
      #"91.107.221.11/32"
      #"2a01:4f8:c17:c51f::1/64"
    #];
  #};
  #networking.useDHCP = lib.mkDefault true;
  systemd.services."NetworkManager-wait-oline".enable = false;
  networking = {
    nameservers = [ "9.9.9.9" "149.112.112.112" ];
    hostName = "katzen-cafe";
    networkmanager = {
      enable = true;
      unmanaged = [ "interface-name:ve-phtanumb+" "interface-name:ve-katzenwiki" "interface-name:ve-nextcloud" ];
    };

    firewall.allowedTCPPorts = [ 22 80 443 2222];
    firewall.checkReversePath = false;
    # firewall.allowedUDPPorts = [ 25568 25569 ];

    nat = {
      enable = true;
      internalInterfaces = [ "ve-phtanumb+" "ve-katzenwiki" "ve-nextcloud" ];
      externalInterface = "enp1s0";
    };


    interfaces."enp1s0" = {
      ipv6.addresses = [{
        address = "2a01:4f8:c17:c51f::";
        prefixLength = 64;
      }];
      ipv4.addresses = [{
        address = "91.107.221.11";
        prefixLength = 32;
      }];
    };
    defaultGateway6 = {
      address = "fe80::1";
      interface = "enp1s0";
    };
    defaultGateway = {
      address = "172.31.1.1";
      interface = "enp1s0";
    };
  };

  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = [ "console=tty" ];
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    initrd = {
      availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" "sr_mod" ];
      kernelModules = [ "virtio_gpu" ];
    };
  };

  #networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
  #networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };

  users.users.april = {
   isNormalUser = true;
   packages = with pkgs; [ git ];
   createHome = true;
   extraGroups = [ "docker" ];
   openssh.authorizedKeys.keys = [
    #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
   ];
  };
  services.cron.systemCronJobs = [
    "0 0 * * *  april  cd /home/april && ./build.sh"
  ];
  services.cron.enable = true;

  services.openssh = {
    enable = true;
    settings.PermitRootLogin = "prohibit-password";
  };

  environment.systemPackages = with pkgs; [
    vim wget neofetch btop
  ];

  fileSystems."/" = { 
    device = "/dev/sda1";
    fsType = "ext4";
  };

  fileSystems."/boot" = { 
    device = "/dev/sda3";
    fsType = "vfat";
  };

  swapDevices = [ { 
    device = "/dev/sda2"; 
  } ];
}