{ modulesPath, pkgs, lib, inputs, ... }: {
  imports = [
    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    inputs.sops-nix.nixosModules.sops
  ];

  time.timeZone = "Europe/Berlin";

  # we want at least a possibility to download stuff, monitor activity and sudo
  environment.systemPackages = with pkgs; [
    wget
    htop
    sudo
  ];

  # because getting a nix shell is super annoying otherwise
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  # zsh because I like it :3
  programs.zsh.enable = true;

  # default user with sudo
  users.users.clara = {
    isNormalUser = true;
    initialPassword = "123456";
    extraGroups = [ "sudo" "wheel" ];
    shell = pkgs.zsh;
  };

  # localization stuff
  console.keyMap = "de";
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "de_DE.UTF-8";
    LC_IDENTIFICATION = "de_DE.UTF-8";
    LC_MEASUREMENT = "de_DE.UTF-8";
    LC_MONETARY = "de_DE.UTF-8";
    LC_NAME = "de_DE.UTF-8";
    LC_NUMERIC = "de_DE.UTF-8";
    LC_PAPER = "de_DE.UTF-8";
    LC_TELEPHONE = "de_DE.UTF-8";
    LC_TIME = "de_DE.UTF-8";
  };

  # Enable networking
  networking = {
    networkmanager.enable = true;

    # configure firewall
    firewall = {
      enable = true;
      allowedTCPPorts = [ 22 ];
    };

    # enable routing of wireguard reachable subnet via wgbr
    interfaces.wgbr.ipv4.routes = lib.mkDefault [
      {
        address = "10.8.0.0";
        prefixLength = 16;
        via = "10.8.1.1";
      }
    ];
  };

  # enable ssh access
  services.openssh = {
    enable = true;
    ports = [ 22 ];
    settings = {
      PasswordAuthentication = true;
      AllowUsers = [ "clara" "root" ];
      UseDns = true;
      X11Forwarding = false;
      PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
    };
  };


  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.05"; # Did you read the comment?
}