{
  config,
  pkgs,
  ...
}: {
  imports = [
    ./services

    ./hardware.nix
    ./disk-config.nix
    ./mounts.nix
    ./secrets.nix
    ./nebula.nix
    ./zfs.nix
    ./prometheus.nix
  ];

  networking.hostName = "eidola"; # Define your hostname.
  time.timeZone = "America/New_York"; # Set your time zone.
  networking.hostId = "80f64d29"; # Define the host ID. (for ZFS)

  # Allow unfree packages (firmware)
  nixpkgs.config.allowUnfree = true;

  # Basic networking
  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [5201];
  networking.firewall.allowedUDPPorts = [5201];

  # Locales
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    keyMap = "us";
  };

  # Users - eidola & root
  users.users = {
    root.hashedPasswordFile = config.sops.secrets."root-pw".path;

    eidola = {
      isNormalUser = true;
      extraGroups = ["wheel"];
      hashedPasswordFile = config.sops.secrets."user-pw".path;
      openssh.authorizedKeys.keys = import ../../keys/ssh.nix;
    };
  };

  # Packages
  environment.systemPackages = with pkgs; [
    rsync
    git
    vim
    fastfetch
    btop
  ];
  environment.variables.EDITOR = "vim";

  # Enable ssh server
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;

    listenAddresses = [
      {
        addr = "10.13.1.1";
        port = 22;
      }
    ];
  };

  # My modules
  gen.hardening.disableSack = true;
  gen.hardening.disableConsole = true;
  gen.bootloader.luksSsh = {
    enable = true;
    useDhcp = true;
    port = 48722;
    hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
  };

  system.stateVersion = "24.05";
}