{
  config,
  lib,
  pkgs,
  this,
  ...
}:
with lib;
let
  cfg = config.nixfiles.modules.profiles.headless;
in
{
  options.nixfiles.modules.profiles.headless.enable = mkEnableOption "headless profile" // {
    default = this.isHeadless;
  };

  config = mkIf cfg.enable {
    nixfiles.modules = {
      openssh.server.enable = true;
      endlessh-go.enable = true;

      fail2ban.enable = true;

      node-exporter.enable = true;
      promtail.enable = false; # FIXME High RAM usage.
    };

    hm.home.file = {
      ".hushlogin".text = "";
      ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null";
    };

    # Pin version to prevent any surprises. Try keeping this up-to-date[1] with
    # the latest LTS release + hardened patches (just in case).
    #
    # [1]: https://kernel.org
    boot.kernelPackages = pkgs.linuxPackages_6_6_hardened;

    nix = {
      gc = {
        automatic = true;
        dates = "weekly";
        options = "--delete-older-than 30d";
      };

      optimise = {
        automatic = true;
        dates = [ "daily" ];
      };
    };

    environment.systemPackages = with pkgs; [
      alacritty.terminfo
      foot.terminfo
    ];

    services.udisks2.enable = false;

    xdg.sounds.enable = false;
  };
}