{
  config,
  lib,
  ...
}:
with lib; let
  cfg = config.machine;
in {
  config.machine = rec {
    hostName = "Ophanim";
    domain = "ophanim.de";
    administrators = [
      {
        name = "derped";
        id = 1337;
      }
    ];
    mailAccounts = [
      {
        name = "derped";
        aliases = ["postmaster" "baensch"];
      }
    ];
    allowUnfree = true;
    conffiles = [
      "etcvars"
      "security"
      "zsh"
    ];
    pkgs = [
      "base"
      "server"
    ];
    services = [
      "acme"
      "gitea"
      #      "hydra"
      "mailserver"
      "mariaDB"
      "nextcloud"
      "nginx"
      "openssh"
    ];
    vHosts = let
      base = domain;
    in [
      {
        domain = base;
        service = "simple";
      }
      #      { domain = "builder.${base}"; service = "hydra"; }
      #      { domain = "cache.${base}"; service = "cache"; }
      {
        domain = "storage.${base}";
        service = "nextcloud";
      }
      {
        domain = "mail.${base}";
        service = "mail";
      }
      {
        domain = "git.${base}";
        service = "gitea";
      }
    ];
    firewall = {
      enable = true;
      allowPing = false;
      allowedUDPPorts = [22 80 443 7776];
      allowedTCPPorts = [80 443 7776];
    };
  };
}