{ pkgs, config, ... }:
{
  nixpkgs.config.allowUnfree = true; #because im a gigachad 

  # boot, networking, locale, stateVersion
  boot.loader.systemd-boot.enable     = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  fileSystems."/boot".options = [ "umask=0077" ];

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  networking = {
    firewall.enable = false;
    firewall.trustedInterfaces = [
	    "tailscale0"
    ];
    nameservers   = [ "192.168.4.3" "1.1.1.1" ];
    useDHCP       = true;
    firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
  };

  services.resolved = {
    enable      = true;
    dnssec      = "true";
    domains     = [ "~." ];
    fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ];
    dnsovertls  = "true";
  };

  environment.variables.EDITOR = "vim";

  time.timeZone     = "America/New_York";
  i18n.defaultLocale = "en_US.UTF-8";

  system.stateVersion = "24.11";
}