{ nixos-hardware, disko, ... }:
{ pkgs, config, ... }:
{
  imports = [
    nixos-hardware.nixosModules.common-cpu-intel
    nixos-hardware.nixosModules.common-pc-ssd

    disko.nixosModules.disko

    ./storage.nix
    ./network.nix
    ./virtualisation.nix
    ../../users/erwin
    ../../users/root
  ];

  eboskma = {
    users.erwin = {
      enable = true;
      server = true;
    };

    base = {
      plymouth.enable = true;
    };

    nix-common = {
      enable = true;
      remote-builders = true;
    };

    # libvirtd.enable = true;
    systemd.enable = true;
    tailscale.enable = true;
  };

  security = {
    sudo-rs = {
      enable = true;
    };
    sudo.enable = false;
  };


  boot = {
    loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = 10;
      };
      efi.canTouchEfiVariables = true;
    };

    initrd = {
      availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "ahci" "usb_storage" "usbhid" "sd_mod" "virtio_blk" "virtio_pci" ];
      kernelModules = [ "kvm-intel" ];
    };

    kernelPackages = pkgs.linuxPackages_latest;
    kernelModules = [ "kvm-intel" "dm-thin-pool" "dm-snapshot" ];
    # From PVE: ro quiet intel_iommu=on i915.enable_gvt=1 cpufreq.default_governor=ondemand
    # kernelParams = [ "intel_iommu=on" "i915.enable_gvt=1" "cpufreq.default_governor=ondemand" ];

    extraModulePackages = with config.boot.kernelPackages; [ gasket ];
  };

  hardware.enableAllFirmware = true;
  powerManagement.cpuFreqGovernor = "ondemand";

  services = {
    openssh.enable = true;
    cockpit = {
      enable = true;
      openFirewall = true;
      settings = {
        WebService = {
          Origins = "https://cockpit.datarift.nl";
          ProtocolHeader = "X-Forwarded-Proto";
          ForwardedForHeader = "X-Forwarded-For";
        };
      };
    };
    lvm = {
      enable = true;
    };
  };

  system.stateVersion = "24.05";
}