{
  clan.core.settings.machine.description = "VM machine to host headplane instance";

  nixpkgs.hostPlatform = {
    system = "x86_64-linux";
  };

  networking.firewall.allowedTCPPorts = [
    80
    443
  ];

  system.stateVersion = "25.11";
  clan.core.sops.defaultGroups = [ "admins" ];
}