{config, ...}: {
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  nix.settings.experimental-features = ["nix-command" "flakes"];
  networking.hostName = "adonis";
  networking.firewall.logRefusedPackets = true;

  customOps.owner = "toufy";
  customOps.domain = "toufy.me";

  sops.secrets."ssh/authorizedKeys/owner" = {};

  users.users.root.openssh.authorizedKeys.keyFiles = [
    config.sops.secrets."ssh/authorizedKeys/owner".path
  ];

  services.openssh = {
    enable = true;
    ports = [22];
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      AllowUsers = null;
      UseDns = true;
      X11Forwarding = false;
      PermitRootLogin = "prohibit-password";
    };
  };
}