{ config, pkgs, lib, ... }: {

  imports = [

    ../../components

    ./hardware-configuration.nix
    ../../system/server
    ./disko-config.nix
    ./disko-syncoid.nix
    ./packages.nix

    ./network-wireguard.nix
    ./network-tinc.nix
    ./network-tinc-retiolum.nix # make sure no service is open for this vpn!

    ./hass.nix
    ./hass-zigbee2mqtt.nix
    ./hass-mqtt.nix
    #./hass-wifi.nix

    #./mail-fetcher.nix

    #./borg.nix
    ./taskwarrior-autotag.nix

    ./media-share.nix
    ./media-audiobookshelf.nix
    #./media-tdarr.nix
    ./media-jellyfin.nix
    ./media-youtube.nix
    ./media-castget.nix
    ./media-curl.nix

    # logging
    ./loki.nix
    ./loki-promtail.nix
    ./prometheus.nix
    ./grafana.nix
    ./telegraf.nix
    ./telegraf-smart.nix

    #./home-display.nix

    ./rbackup.nix
    ./sync-torrent.nix
    ./sync-script.nix
    ./syncthing.nix

    ./services-s3.nix

    #./kiosk.nix
    ./trilium.nix
    ./gitea.nix
    #./atuin.nix

    ./cache.nix

  ];

  components.gui.enable = false;
  components.mainUser.enable = true;
  components.media.tts-server.enable = false;
  components.network.enable = true;
  components.network.wifi.enable = false;
  components.terminal.enable = true;

  services.printing.enable = false;

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)

  boot.supportedFilesystems = [ "zfs" ];
  # head -c4 /dev/urandom | od -A none -t x4
  networking.hostId = "e439b116";
  services.zfs.autoSnapshot.enable = true;

  #virtualisation.containers.storage.settings = {
  #  # fixes: Error: 'overlay' is not supported over zfs, a mount_program is required: backing file system is unsupported for this graph driver
  #  storage.options.mount_program = "${pkgs.fuse-overlayfs}/bin/fuse-overlayfs";
  #};
  virtualisation.podman.extraPackages = [ pkgs.zfs ]; # make sure /var/lib/containers/storage is a zfs dataset

  sops.defaultSopsFile = ../../secrets/chungus.yaml;

  networking.hostName = "chungus";

  users.users.root.shell = pkgs.zsh;

  # todo : rename to component.init.ssh
  # todo : make tor optional
  configuration.init-ssh = {
    enable = "enabled";
    kernelModules = [ "e1000e" ];
  };

  hardware.opengl = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver # LIBVA_DRIVER_NAME=iHD
      vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
      vaapiVdpau
      libvdpau-va-gl
    ];
  };

  # just enable lan
  #networking.dhcpcd.allowInterfaces = [ "enp0s25" ];

  # nix-shell -p speedtest_cli --run speedtest
  #configuration.fireqos = {
  #  enable = false;
  #  interface = "enp0s25";
  #  input = 200000;
  #  output = 2000;
  #  balance = false;
  #};


}