{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:

{
  imports = [
    # repoFlake.inputs.sops-nix.nixosModules.sops
    nodeFlake.inputs.disko.nixosModules.disko
    ./disko.nix

    repoFlake.nixosModules.thinkpad-x13s

    ../../profiles/common/pkg.nix


    {
      # nixpkgs.config.allowUnsupportedSystem = true;

      # flake registry
      nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;

      nix.nixPath = [
        "nixpkgs=${pkgs.path}"
      ];

      nix.settings.experimental-features = [
        "nix-command"
        "flakes"
      ];

      nix.settings.max-jobs = lib.mkDefault "auto";
    }

    # ../../profiles/common/user.nix

    {
      services.openssh.enable = true;
      services.openssh.settings.PermitRootLogin = "yes";
      services.openssh.openFirewall = true;


      # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
      # sops.defaultSopsFormat = "yaml";

      # users.commonUsers = {
      #   enable = true;
      #   enableNonRoot = true;
      # };

      users.users.root.initialPassword = "install";
    }

    nodeFlake.inputs.home-manager.nixosModules.home-manager

    # ../../snippets/sway-desktop.nix
    # ../../snippets/radicale.nix
  ];

  hardware.thinkpad-x13s = {
    enable = true;

    # TODO: use hardware address
    bluetoothMac = "65:9e:7a:8b:86:28";
  };

  networking = {
    hostName = nodeName;

    firewall.enable = true;

    # useNetworkd = true;
  };

  system.stateVersion = "23.11";

  nixpkgs.config.allowUnfree = true;

  environment.systemPackages = [
    pkgs.sshfs
    pkgs.util-linux
    pkgs.coreutils
    pkgs.vim

    pkgs.git
    pkgs.git-crypt
  ];

  # home-manager.users.steveej = _: {
  #   home.stateVersion = "23.11";

  #   imports = [
  #     ../../../home-manager/configuration/graphical-fullblown.nix
  #   ];

  #   home.sessionVariables = { };

  #   home.packages = with pkgs; [
  #   ];
  # };
}