{
  config,
  pkgs,
  lib,
  ...
}:
{

  imports = [

    ./hardware-configuration

    ./syncthing.nix

    ./network-tinc.nix
    ./network-tinc_retiolum.nix
    ./network-wireguard-wg0.nix
    ./network-wireguard-wg1.nix

    ./37c3.nix
    ./topology.nix

    ./ssh-chungus.nix
    ./ssh-cherry.nix

    ./ferdium.nix

  ];

  time.timeZone = lib.mkForce "Asia/Bangkok";
  #time.timeZone = lib.mkForce "Asia/Tokyo";

  #clan.core.facts.services =
  #  let
  #    promptKey = key:
  #      {
  #        ${key} = {
  #          secret."${key}" = { };
  #          generator = {
  #            prompt = key;
  #            path = with pkgs; [ gnused ];
  #            script = ''
  #              echo "$prompt_value" | sed -n '1 p' > $secrets/${key}
  #            '';
  #          };
  #        };
  #      };
  #  in
  #  (promptKey "pushover.user_key") //
  #  (promptKey "pushover.api_key");

  components.virtualisation.enable = true;

  components.gui.enable = true;
  components.mainUser.enable = true;
  components.media.enable = true;
  components.media.tts-client.enable = false;
  components.network.enable = true;
  components.network.wifi.enable = true;
  components.terminal.enable = true;

  telemetry.enable = true;
  telemetry.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi

  home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ];
  # todo: move to homemanager
  home-manager.users.mainUser.bugwarrior.config = {
    general = {
      targets = [
        "terranix"
        "my_github"
        "logseq"
        #"trello" # todo make it work
      ];
      log_level = "INFO";
      static_fields = [ "priority" ];
      merge_annotations = false;
    };
    trello = {
      service = "trello";
      token = "@oracle:eval:${pkgs.pass}/bin/pass show bugwarrior/trello/token";
      add_tags = "bugwarrior_pull,trello";
    };
    logseq = {
      service = "logseq";
      add_tags = "bugwarrior_pull,logseq";
      description_template = "{{logseqtitle}}";
    };
    terranix = {
      service = "github";
      login = "mrVanDalo";
      token = "@oracle:eval:${pkgs.pass}/bin/pass show development/github/mrVanDalo/bugwarriorAccessToken";
      username = "mrVanDalo";
      default_priority = "";
      description_template = "{{githubtitle}} {{githuburl}}";
      add_tags = "bugwarrior_pull,github";
      project_template = "terranix";
      involved_issues = true;
      query = "org:terranix is:open";
      include_user_issues = false;
      include_user_repos = false;
    };
    # todo: add gmail
    # todo: add trello
    my_github = {
      service = "github";
      login = "mrVanDalo";
      token = "@oracle:eval:${pkgs.pass}/bin/pass development/github/mrVanDalo/bugwarriorAccessToken";
      username = "mrVanDalo";
      description_template = "{{githubtitle}} {{githuburl}}";
      add_tags = "bugwarrior_pull,github";
      include_user_issues = true;
      include_user_repos = true;
      exclude_repos = [
        "azubi"
        "csv-to-qif"
        "stepp0r"
        "nix-shell-mix"
      ];
    };
  };

  users.users.mainUser.extraGroups = [ "pipewire" ];

  services.nginx.enable = true;

  networking.hostName = "cherry";

  # make sure battery is charged in a way to live for a long time
  services.power-profiles-daemon.enable = false;
  services.tlp = {
    enable = true;
    settings = {
      CPU_BOOST_ON_BAT = 0;
      CPU_SCALING_GOVERNOR_ON_BATTERY = "powersave";
      START_CHARGE_THRESH_BAT0 = 30;
      STOP_CHARGE_THRESH_BAT0 = 85;
      RUNTIME_PM_ON_BAT = "auto";
    };
  };

  security.wrappers = {
    pmount = {
      source = "${pkgs.pmount}/bin/pmount";
      setuid = true;
      owner = "root";
      group = "root";
    };
    pumount = {
      source = "${pkgs.pmount}/bin/pumount";
      setuid = true;
      owner = "root";
      group = "root";
    };
  };

  services.printing.enable = true;

  # for congress and streaming
  hardware.graphics.enable = true;

  system.stateVersion = "23.11";

}