{
  config,
  lib,
  pkgs,
  ...
}:
let
  keys = [
    #goeranh
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7"

    # vater
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODo6gQkqpQFDUlxCpejpAdmht5tNRLYNcF0Ojb6SrRw"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcsI9+VIbNpno2t03iGO8o+yuK+/HmohWss6y7bAei6 disc@pve-l"

    # mathis
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlBh+rMAznfD0Hjas0v3D0kTiR5vWcKgd7iTPbU6MZ+ mathis@mathis-ThinkPad-L13-Yoga-Gen-2"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBw33Mh8C3MyR5sIBfw1wsYbVOBSQ9Mq2LcxbcBZcTo/ mathis@T480-Fedora"

    # tan
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSwdCtJZNZzrVa6m4I3OBZHGgWYhEBCBdnCR5rSJimz ocxe@nix"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsTV0nN3IQbPU6nlR/YJ9OpylluevLeba1SzQTPemsD ocxe@nix"
  ];
in
{

  networking.nameservers = [
    "141.56.1.1"
    "141.56.1.2"
  ];

  boot.kernelPackages = pkgs.linuxPackages_latest;

  nix = {
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      # trusted-users = [ "administration" ];
      auto-optimise-store = true;
    };
    optimise.automatic = true;
    gc = {
      automatic = true;
      options = "--delete-older-than 42d";
    };
  };

  networking.domain = "htw.stura-dresden.de";

  time.timeZone = "Europe/Berlin";

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = lib.mkForce "de";
    useXkbConfig = true; # use xkb.options in tty.
  };

  ####	Wir verwenden die fuer NixOS ueblichen Empfehlung fuer Nginx.
  services.nginx.recommendedOptimisation = true;
  services.nginx.recommendedGzipSettings = true;
  services.nginx.recommendedProxySettings = true;
####    Mit der Anwendung Nginx soll die (ausschließliche) Verwendung von https (http mit TLS), statt http ermoeglicht werden.
  services.nginx.recommendedTlsSettings = true;


  users.users = {
    # erstmal nur mit root
    # administration = {
    #   isNormalUser = true;
    #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    #   openssh.authorizedKeys.keys = keys;
    # };
    root = {
      openssh.authorizedKeys.keys = keys;
    };
  };

  environment.systemPackages = with pkgs; [
    tmux
    git
    htop
    neovim
  ];

  services.openssh.enable = true;

  security.acme.acceptTerms = true;
  security.acme.defaults.email = "cert@stura.htw-dresden.de";
}