{
  config,
  pkgs,
  modulesPath,
  lib,
  factsGenerator,
  ...
}:

{
  system.stateVersion = "23.11";

  imports = [
    ./disko-config.nix
    ./hardware-configuration.nix
    ./hetzner.nix
  ];

  services.smartd.enable = true;

  # root password
  clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; };
  users.users.root.hashedPasswordFile =
    config.clan.core.facts.services.rootPassword.secret."password.root.pam".path;

  # todo : use component for that
  services.openssh.settings.PermitRootLogin = "prohibit-password";
  services.openssh.settings.PasswordAuthentication = false;

  boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)

  boot.supportedFilesystems = [ "zfs" ];
  clan.core.facts.services.zfs = factsGenerator.zfs { };
  networking.hostId = config.clan.core.facts.services.zfs.public."zfs.hostId".value;

  services.zfs = {
    autoSnapshot.enable = true;
    autoScrub.enable = true;
  };

}