{ pkgs, ... }:
{
  users.users.erwin.extraGroups = [ "incus-admin" ];
  virtualisation = {
    incus = {
      enable = true;
      preseed = {
        networks = [
          {
            config = {
              "ipv4.address" = "10.0.100.1/24";
              "ipv4.nat" = "true";
            };
            name = "incusbr0";
            type = "bridge";
          }
        ];

        profiles = [
          {
            name = "default";
            devices = {
              root = {
                path = "/";
                pool = "default";
                size = "32GiB";
                type = "disk";
              };
            };
          }
          {
            name = "nixos";
            config = {
              "security.nesting" = true;
            };
          }
          {
            name = "privileged";
            config = {
              "security.privileged" = true;
            };
          }
          {
            name = "autostart";
            config = {
              "boot.autostart" = true;
            };
          }
          {
            name = "net-bridged";
            devices = {
              eth0 = {
                type = "nic";
                nictype = "bridged";
                parent = "vmbr0";
              };
            };
          }
          {
            name = "homeassistant";
            devices = {
              root = {
                path = "/";
                pool = "default";
                size = "128GiB";
                type = "disk";
              };

              eth0 = {
                type = "nic";
                nictype = "bridged";
                parent = "vmbr0";
              };

              zigbee = {
                type = "usb";
                productid = "55d4";
                vendorid = "1a86";
              };

              p1 = {
                type = "usb";
                productid = "0403";
                vendorid = "6001";
              };
            };
            config = {
              "limits.cpu" = 4;
              "limits.memory" = "8GiB";
            };
          }
        ];

        storage_pools = [
          {
            config = {
              "lvm.thinpool_name" = "data";
              "lvm.vg_name" = "data";
            };
            driver = "lvm";
            name = "default";
          }
        ];

        config = {
          "oidc.client.id" = "incus";
          "oidc.issuer" = "https://id.datarift.nl/realms/datarift/.well-known/openid-configuration";
          "core.https_address" = "[::]:8443";
        };
      };
    };
  };

  systemd.services = {
    incus = {
      path = [
        pkgs.nftables
        pkgs.lvm2
        pkgs.e2fsprogs
        pkgs.kmod
      ];
      environment = {
        INCUS_UI = pkgs.incus-ui;
      };
    };
    incus-preseed = {
      path = [ pkgs.lvm2 ];
    };
  };

  networking.firewall.allowedTCPPorts = [
    8443

  ];
}