{
  lib,
  pkgs,
  self,
  ...
}:
{

  imports = [
    ./default.nix
    "${self}/modules/motd.nix"
  ];

  #Virtualization settings
  virtualisation.docker.enable = true;

  boot.kernelPackages = pkgs.linuxPackages_latest;

  boot.kernel.sysctl = {
    "net.ipv4.tcp_fastopen" = 3;
    "net.ipv4.tcp_tw_reuse" = 1;
  };

  networking = {
    firewall = {
      enable = false;
      allowPing = true;
      logRefusedConnections = false;
    };
    useNetworkd = lib.mkDefault true;
  };

  # Use systemd-resolved for DoT support.
  services.resolved = {
    enable = true;
    dnssec = "false";
    extraConfig = ''
      DNSOverTLS=yes
    '';
  };

  # Used by systemd-resolved, not directly by resolv.conf.
  networking.nameservers = [
    "8.8.8.8#dns.google"
    "1.0.0.1#cloudflare-dns.com"
  ];

  services.openssh.enable = true;
  services.openssh.settings.PasswordAuthentication = false;
  services.openssh.settings.PermitRootLogin = "no";

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
  ];

  networking.firewall.allowedTCPPorts = [ 22 ];
}