{ modulesPath, lib, pkgs, ... }:
{
  imports = [
    ./hardware-configuration.nix
    ./nginx.nix
    ];
     boot = {
      loader.grub = {
        enable = true;
        device = "/dev/vda";
      };
    }; 
     users.users.root.openssh.authorizedKeys.keys = 
          [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ];

       # enable flakes
      nix = {
        package = pkgs.nixFlakes;
        extraOptions = ''
          experimental-features = nix-command flakes
        '';
        settings = {
          keep-outputs = true;
          keep-derivations = true;
        };
      };
     
      services.openssh = {
        enable = true;
        passwordAuthentication = false;
        # ports = [5522];
      };
      networking = {
        hostName =  "yn-bkk"; # use Digital Ocean metadata server
      };
      networking.firewall = {
        enable = false;
      #   allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ];
      #   allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ];
      };
      services.ntfy-sh = {
        enable = true;
        settings = {
          base-url = "https://n.urbit.men";
          listen-http = ":8090";
        };
      };
  system.stateVersion = "24.05"; # Did you read the comment?
}