{
  config,
  lib,
  pkgs,
  ...
}:
let
  keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7"
  ];
in
{

  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  networking.nameservers = [
    "9.9.9.9"
    "1.1.1.1"
  ];

  boot.kernelPackages = pkgs.linuxPackages_latest;

  nix.settings.trusted-users = [ "administration" ];

  networking.domain = "test.htw.stura-dresden.de";

  time.timeZone = "Europe/Berlin";

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = lib.mkForce "de";
    useXkbConfig = true; # use xkb.options in tty.
  };

  users.users = {
    administration = {
      isNormalUser = true;
      extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
      openssh.authorizedKeys.keys = keys;
    };
    root = {
      openssh.authorizedKeys.keys = keys;
    };
  };

  environment.systemPackages = with pkgs; [
    tmux
    git
    htop
    neovim
  ];

  services.openssh.enable = true;

  security.acme.acceptTerms = true;
  security.acme.defaults.email = "cert@stura.htw-dresden.de";
}