{
  config,
  modulesPath,
  lib,
  pkgs,
  ...
}@args:
{
  imports = [
    ./bootstrap.nix
  ];

  users.mutableUsers = false;

  users.users.git = {
    isNormalUser = true;
    home = "/var/git";
    createHome = true;
    description = "Git repository hosting user";
    packages = [ pkgs.git ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPtvI9cG6YLKUWY3R4vg/ky2wAV0izTAkMgWiOS8Tzr him@jakezerrer.com"
    ];
  };

  sops = {
    defaultSopsFile = ./secrets/secrets.yaml;
    defaultSopsFormat = "yaml";

    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

    secrets = { };
  };

  networking.firewall = {
    allowedTCPPorts = lib.mkForce [
      22
      80
      443
    ];
  };
}