{
  config,
  lib,
  pkgs,
  this,
  ...
}:
let
  cfg = config.nixfiles.modules.profiles.headless;
in
{
  imports = lib.modulesIn ./. |> lib.attrValues;

  options.nixfiles.modules.profiles.headless.enable = lib.mkEnableOption "headless profile" // {
    default = this.isHeadless;
  };

  config = lib.mkIf cfg.enable {
    nixfiles.modules = {
      endlessh-go.enable = true;
      fail2ban.enable = true;
      openssh.server.enable = true;
    };

    hm.home.file = {
      ".hushlogin".text = "";
      ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null";
    };

    boot.kernelPackages = pkgs.linuxPackages_hardened;

    nix = {
      gc = {
        automatic = true;
        dates = "weekly";
        options = "--delete-older-than 30d";
      };

      optimise = {
        automatic = true;
        dates = [ "daily" ];
      };
    };

    services.udisks2.enable = false;
  };
}