{
  config,
  pkgs,
  ...
}: let
  net = {
    # TODO: hardcoding
    address = "66.23.198.122";
    prefixLength = 24;
    subnet = "255.255.255.0";
    gateway = "66.23.198.1";
    interface = "eth0";
  };
in {
  imports = [
    ./services

    ./hardware.nix
    ./disk-config.nix
    ./mounts.nix
    ./secrets.nix
    ./prometheus.nix
  ];

  networking.hostName = "silver"; # Define your hostname.
  time.timeZone = "America/New_York"; # Set your time zone.

  # Allow unfree packages (firmware)
  nixpkgs.config.allowUnfree = true;

  # Basic networking
  networking.firewall.enable = true;

  # Networking - IP configuration
  networking = {
    enableIPv6 = false;

    defaultGateway = {
      address = net.gateway;
      inherit (net) interface;
    };

    interfaces.${net.interface} = {
      useDHCP = false;
      ipv4.addresses = [
        {inherit (net) address prefixLength;}
      ];
    };
  };
  boot.kernelParams = [
    # Manual IP configuration for initrd
    "ip=${net.address}::${net.gateway}:${net.subnet}::${net.interface}:off"
  ];

  # Locales
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    keyMap = "us";
  };

  # Users - silver & root
  users.users = {
    root.hashedPasswordFile = config.sops.secrets."root-pw".path;

    silver = {
      isNormalUser = true;
      extraGroups = ["wheel"];
      hashedPasswordFile = config.sops.secrets."user-pw".path;
      openssh.authorizedKeys.keys = import ../../keys/ssh.nix;
    };
  };

  # Packages
  environment.systemPackages = with pkgs; [
    rsync
    git
    vim
    fastfetch
    btop
    tmux
    speedtest-cli
  ];
  environment.variables.EDITOR = "vim";
  networking.firewall.allowedTCPPorts = [5201];
  networking.firewall.allowedUDPPorts = [5201];

  # Enable ssh server
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;
    listenAddresses = [
      {
        addr = "10.13.0.1";
        port = 22;
      }
    ];
  };

  # My modules
  gen.hardening.disableSack = true;
  gen.bootloader.luksSsh = {
    enable = true;
    useDhcp = false;
    port = 48722;
    hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
  };

  system.stateVersion = "24.05";
}