{
  config,
  pkgs,
  lib,
  ...
}:
let
  shadowshocks-port = 8388;
  p = import ../parameters.nix;
in
{

  age.secrets = {
    shadowshocks-password.file = ../../secrets/shadowshocks-password.age;
    tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
  };

  my = {

    networking = {
      tailscale = {
        enable = true;
        magicDNSDomain = p.domains.tsDns;
        authKeyFile = config.age.secrets.tailscale-authKey.path;
      };
    };

    utils = {
      commons.enable = true;
      commons.gc.enable = true;
      lxc-standard.enable = true;
    };

    virtualisation.proxmox.enable = true;
  };

  services.shadowsocks = {
    enable = true;
    passwordFile = config.age.secrets.shadowshocks-password.path;
    port = shadowshocks-port;
  };

  # open shadownsocks port
  networking.firewall.allowedTCPPorts = [ shadowshocks-port ];

  system.stateVersion = "24.11";
}