{ self, lib, minimal, globals, ... }:
{

  imports = [
    ./hardware-configuration.nix

    "${self}/modules/nixos/optional/systemd-networkd-server.nix"
    "${self}/modules/nixos/optional/nix-topology-self.nix"
  ];

  topology.self.interfaces."eth1" = { };

  boot = {
    loader.systemd-boot.enable = true;
    loader.efi.canTouchEfiVariables = true;
  };

  networking.hosts = {
    ${globals.networks.home-lan.hosts.hintbooth.ipv4} = [ "server.hintbooth.${globals.domains.main}" ];
    ${globals.networks.home-lan.hosts.hintbooth.ipv6} = [ "server.hintbooth.${globals.domains.main}" ];
  };

  swarselsystems = {
    info = "ASRock J4105-ITX, 32GB RAM";
    flakePath = "/root/.dotfiles";
    isImpermanence = false;
    isSecureBoot = false;
    isCrypted = false;
    isBtrfs = false;
    isLinux = true;
    isNixos = true;
    proxyHost = "twothreetunnel";
    server = {
      wireguard.interfaces = {
        wgProxy = {
          isClient = true;
          serverName = "twothreetunnel";
        };
        wgHome = {
          isClient = true;
          serverName = "hintbooth";
        };
      };
      restic = {
        bucketName = "SwarselWinters";
        paths = [
          "/Vault/data/paperless"
          "/Vault/data/koillection"
          "/Vault/data/postgresql"
          "/Vault/data/firefly-iii"
          "/Vault/data/radicale"
          "/Vault/data/matrix-synapse"
          "/Vault/Eternor/Paperless"
          "/Vault/Eternor/Bilder"
          "/Vault/Eternor/Immich"
        ];
      };
      garage = {
        data_dir = {
          capacity = "200G";
          path = "/Vault/data/garage/data";
        };
      };
    };
  };

} // lib.optionalAttrs (!minimal) {

  swarselprofiles = {
    server = true;
  };

  swarselmodules.server = {
    diskEncryption = lib.mkForce false;
    # nginx = true; # for php stuff
    # acme = false; # cert handled by proxy
    # wireguard = true;

    # nfs = true;
    # kavita = true;
    # restic = true;
    # jellyfin = true;
    # navidrome = true;
    # spotifyd = true;
    # mpd = true;
    # postgresql = true;
    # matrix = true;
    # nextcloud = true;
    # immich = true;
    # paperless = true;
    # transmission = true;
    # syncthing = true;
    # grafana = true;
    # freshrss = true;
    # kanidm = true;
    # firefly-iii = true;
    # koillection = true;
    # radicale = true;
    # atuin = true;
    # forgejo = true;
    # ankisync = true;
    # homebox = true;
    # opkssh = true;
  };

  networking.nftables.firewall.zones.untrusted.interfaces = [ "lan" "enp3s0" ];

}