{ config, modulesPath, pkgs, lib, ... }:
{
  imports = [
    (modulesPath + "/virtualisation/proxmox-lxc.nix")
    ./matrix.nix
  ];
  nix.settings = { sandbox = false; };
  proxmoxLXC = {
    manageNetwork = false;
    privileged = true;
  };

  # Disable /sys/kernel/debug mount which fails in LXC
  systemd.mounts = [{
    where = "/sys/kernel/debug";
    enable = false;
  }];

  services.fstrim.enable = false; # Let Proxmox host handle fstrim
  networking.firewall.enable = false;
  services.openssh = {
    enable = true;
    openFirewall = true;
    settings = {
        PermitRootLogin = "yes";
        PasswordAuthentication = true;
        PermitEmptyPasswords = "yes";
    };
  };

  users.users.w0bm = {
    isNormalUser = true;
    extraGroups = ["wheel"];
  };

  system.stateVersion = "25.11";
}