{lib, config, pkgs, ...}: {
  lyn.sops.enable = true;
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nixpkgs.config.allowUnfree = true;
  nix.package = config.pkgsInstances.unstable.lix;
  environment.variables.EDITOR = "nvim";
  
  # TODO
  time.timeZone = "Europe/Berlin";

  # Firewall base config:
  networking.firewall.enable = lib.mkDefault true;
  networking.firewall.allowPing = true;
  # SSH:
  services.openssh = {
	enable = true;
	settings = {
		X11Forwarding = true;
		PermitRootLogin = "yes";
		PasswordAuthentication = false;
		KbdInteractiveAuthentication = false;
	};
	openFirewall = true;
  };

  # Disable password checking for wheel group users so we can rely on ssh keys.
  # WARNING: This has an security impact!
  security.sudo.wheelNeedsPassword = false;

   environment.systemPackages = with pkgs; [
    git
    vim
    neovim 
    wget
    curl
    htop
  ];

  nix.gc = {
    automatic = true;
    persistent = true;
    options = "--delete-older-than 8d";
  };
}