{
  ...
}:
{
  imports = [
    # we inherit from desktop
    ./desktop.nix
  ];

  virtualisation = {
    docker = {
      enable = true;
      daemon.settings.dns = [
        "1.1.1.1"
        "1.0.0.1"
      ];
    };
  };

  programs.steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
    localNetworkGameTransfers.openFirewall = true;
  };

  services.openssh = {
    enable = true;
    openFirewall = true;
  };

  services.sunshine = {
    enable = true;
    autoStart = true;
    capSysAdmin = true;
    openFirewall = true;
    settings = {
      adapter_name = "/dev/dri/renderD128"; # primary card should be located here
      encoder = "vaapi"; # or "qsv" is quicksync is better supported
      av1_mode = 2;
      audio_sink = "alsa_output.pci-0000_29_00.0.hdmi-stereo";
      # no need for encryption since we are going through a secure network anyway
      lan_encryption_mode = 0;
      wan_encryption_mode = 0;
      origin_web_ui_allowed = "wan"; # allow access everywhere
      sunshine_name = "Wolfram"; # todo: change
    };
  };

  # override desktop configuration, because we do run SSH
  # on remote-servers.
  age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}