{ config, pkgs, ... }:

let

  # parameters = import ./parameters.nix { };

  # GID = 888;
  # user = "rtorrent";
  # passwordHash = "$y$j9T$dA94KVg1/jYLqclQQbTDk.$cnfxBWUN8P4shr8Kkipv5bU/RCtQNoAwYFDZ0X/BYs5";

  timeZone = "Europe/Rome";
  defaultLocale = "en_US.UTF-8";
in
{

  proxmox.enable = true;

  download-pod = {
    enable = true;
    proxy.enable = true;
  };

  # Extra packages
  # environment.systemPackages = with pkgs; [ ];

  services = {
    openssh.enable = true;
    # tailscale = {
    #   enable = false;
    #   useRoutingFeatures = "both";
    #   extraUpFlags = [ "--exit-node=${parameters.tailscaleExitNodeIP}" ];
    #   authKeyFile = builtins.toFile "authKey" ''${parameters.tailscaleAuthKey}'';
    # };
  };

  time.timeZone = timeZone;

  users = {

    # If set to false, the contents of the user and group files will simply
    # be replaced on system activation.
    # This also holds for the user passwords.
    # All changed passwords will be reset according
    # to the `users.users` configuration on activation.
    mutableUsers = false;

    users.root = {
      hashedPassword = "!";
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
      ];
    };

    users.pazpi = {
      isNormalUser = true;
      hashedPassword = "$y$j9T$oWLCV1hnGPyOGabMfAS3p1$/iwouRZGwQXcv6IHnLuT3I9.pmeXNpcHxq.b8xfitr1";
      shell = pkgs.bash;
      extraGroups = [ "wheel" ];
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
      ];
    };

  };

  system.stateVersion = "24.05";
}