{ pkgs, inputs, ... }:
{
  nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  time.timeZone = "UTC";
  i18n.defaultLocale = "en_US.UTF-8";

  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 22 80 443 ];
    allowedUDPPorts = [ ];
    allowPing = false;
    logRefusedConnections = false;
  };
  services.fail2ban.enable = true;

  documentation = {
    enable = false;
    info.enable = false;
    man.enable = false;
    nixos.enable = false;
  };

  sound.enable = false;

  environment.systemPackages = with pkgs; [
    git
    curl
    wget
  ];

  programs.neovim.enable = true;

  services.openssh = {
    enable = true;
    allowSFTP = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
  };
}