{ secrets, ... }:
{
  imports = [
    ./firewall
    ./pki.nix
    ./resolved.nix
    ./tailscale.nix
  ];

  networking = {
    nftables.enable = true;

    nameservers = [
      "45.90.28.0#${secrets.nextdns_id}.dns.nextdns.io"
      "2a07:a8c0::#${secrets.nextdns_id}.dns.nextdns.io"
      "45.90.30.0#${secrets.nextdns_id}.dns.nextdns.io"
      "2a07:a8c1::#${secrets.nextdns_id}.dns.nextdns.io"
    ];

    timeServers = [
      "0.nixos.pool.ntp.org"
      "1.nixos.pool.ntp.org"
      "2.nixos.pool.ntp.org"
      "3.nixos.pool.ntp.org"
    ];
  };
}