{ globalData, ... }:

{
  imports = [
    ./hardware-configuration
    ./configs
    ./users
  ];

  local.yubikey.enable = true;

  services.radicale = {
    enable = true;
    settings = {
      auth = {
        # htpasswd -B -c /etc/radicale/users
        type = "htpasswd";
        htpasswd_filename = "/etc/radicale/users";
        htpasswd_encryption = "bcrypt";
      };
    };
    rights = {
      root = {
        user = ".+";
        collection = "";
        permissions = "R";
      };
      principal = {
        user = ".+";
        collection = "{user}";
        permissions = "RW";
      };
      calendars = {
        user = ".+";
        collection = "{user}/[^/]+";
        permissions = "rw";
      };
    };
  };

  ################################################################################
  # Programs
  ################################################################################
  local.programs.browsers.tor-browser = {
    enable = true;
    container = {
      enable = true;
      externalInterface = "wg0";
      sshAuthorizedKeys = globalData.publicKeys.users.jan;
    };
  };

  ################################################################################
  # Services
  ################################################################################
  local.services.i2pd.enable = true;

  local.services.octoprint.enable = true;

  virtualisation.docker.enable = true;
  # Torrent client
  services.transmission.enable = true;
}