{ config, pkgs, ... }:

{
  imports = [ ./hardware ];     # bindet die auto-generierte HW-Datei ein

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.kernelModules = [ "overlay" "vmd" ];

  networking.hostName = "nix-nas";
  networking.hostId = "39373132";  # via: head -c4 /etc/machine-id | od -An -tx4

  users.users.nicole = {
    isNormalUser = true;
    hashedPassword = "sha512-$6$p73d5mOLoSuJGOol$KRlszaPXZK9/frADlfR3kAr/57DD5f4.CPTGNNX80QWEWFE5y.bM1WiZwmRHiAlrws3q/zCDQ6AqeSyCUX.8U/";
    extraGroups = [ "wheel" "docker" "libvirtd" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAsiKDWCwyf1usprg3K6Zk0xE9S4DX6+Bc4+nIOZGmf drezil@Manticore"
    ];
  };

  system.stateVersion = "25.05";   # ← einmalig festnageln
  security.sudo.wheelNeedsPassword = false;
  services.openssh.enable = true;
  services.zfs.autoScrub.enable = true;   # Snapshots & Details kommen später

  # Wir pinnen den Kernel, bis ZFS 2.3.x für 6.13 bereit ist
  boot.kernelPackages = pkgs.linuxPackages_6_12;

  environment.systemPackages = with pkgs; [ git vim ];

}