{ config, pkgs, ... }:
{
  imports = [ ./hardware-configuration/work.nix ];

  environment.systemPackages = with pkgs; [
    slack
    git-review
    hexchat
    obsidian
    apacheHttpd
    moonlight-qt
    brightnessctl
    hugo
  ];

  hardware.bluetooth.enable = true;
  hardware.bluetooth.powerOnBoot = true;

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "work"; # Define your hostname.
  networking.networkmanager.enable = true;

  time.timeZone = "Europe/Amsterdam";

  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "nl_NL.UTF-8";
    LC_IDENTIFICATION = "nl_NL.UTF-8";
    LC_MEASUREMENT = "nl_NL.UTF-8";
    LC_MONETARY = "nl_NL.UTF-8";
    LC_NAME = "nl_NL.UTF-8";
    LC_NUMERIC = "nl_NL.UTF-8";
    LC_PAPER = "nl_NL.UTF-8";
    LC_TELEPHONE = "nl_NL.UTF-8";
    LC_TIME = "nl_NL.UTF-8";
  };

  services = {
    openssh.enable = true;
    openvpn.servers = {
      ghostnet = {
        config = ''
          client
          remote 185.57.9.6 1194
          cert ${config.age.secrets.ghostnet-cert.path}
          key ${config.age.secrets.ghostnet-key.path}
          ca ${config.age.secrets.ghostnet-ca.path}
          auth-user-pass ${config.age.secrets.ghostnet-auth-user-pass.path}
          reneg-sec 0
          cipher AES-256-CBC
          comp-lzo adaptive
          dev tun
          proto udp
          remote-cert-tls server
          tls-auth ${config.age.secrets.ghostnet-tls-auth.path} 1
          nobind
          auth-nocache
          script-security 2
          persist-key
          persist-tun
          user nm-openvpn
          group nm-openvpn
        '';
        updateResolvConf = false;
      };
      systems = {
        config = ''
          client
          remote 'vpn-v2.one.com'
          cert '${config.age.secrets.systems-cert.path}'
          key '${config.age.secrets.systems-key.path}'
          ca '${config.age.secrets.systems-ca.path}'
          cipher AES-128-CBC
          comp-lzo adaptive
          dev tun
          proto udp
          port 1200
          remote-cert-tls server
          tls-auth '${config.age.secrets.systems-tls-auth.path}' 1
          nobind
          auth-nocache
          script-security 2
          persist-key
          persist-tun
          user nm-openvpn
          group nm-openvpn
        '';
        updateResolvConf = false;
      };
    };

    xserver.xkb = {
      layout = "us";
      variant = "";
    };
  };

  users.users.jras = {
    isNormalUser = true;
    description = "Jasper Ras";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [ git helix ];
  };

  system.stateVersion = "24.05"; # Do NOT change before reading configuration.nix
}