{
  modulesPath,
  repoFlake,
  packages',
  pkgs,
  lib,
  config,
  nodeFlake,
  nodeName,
  system,
  ...
}: {
  disabledModules = [
  ];

  imports = [
    nodeFlake.inputs.disko.nixosModules.disko
    repoFlake.inputs.sops-nix.nixosModules.sops

    nodeFlake.inputs.srvos.nixosModules.roles-nix-remote-builder
    {
      roles.nix-remote-builder.schedulerPublicKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ22z5rDdCLYH+MEoEt+tXJXTJqoeZNqvJl2n4aB+Kn steveej@steveej-x13s"

        # TODO: make this a reference to the private key's secret
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8FHuK0k86iBWq41+NAhVwJqH1ZpGJe+q01m7iLviz6 root@steveej-t14"
      ];
    }

    ../../snippets/nix-settings.nix
    {
      nix.settings.sandbox = lib.mkForce "relaxed";
    }

    ../../snippets/mycelium.nix

    # user config
    ../../profiles/common/user.nix
    {
      users.commonUsers = {
        enable = true;
        enableNonRoot = true;
      };
    }

    ../../snippets/home-manager-with-zsh.nix
    # {
    #   home-manager.users.steveej = {pkgs, ...}: {
    #     imports = [
    #       ../../../home-manager/programs/pass.nix
    #       ../../../home-manager/programs/openvscode-server.nix
    #     ];
    #   };
    # }
  ];

  services.openssh = {
    enable = true;
    openFirewall = true;
    settings.PermitRootLogin = "yes";
    extraConfig = ''
      StreamLocalBindUnlink yes
    '';
  };

  boot = {
    kernel = {
      sysctl = {
        "net.ipv4.conf.all.forwarding" = true;
        "net.ipv6.conf.all.forwarding" = true;
      };
    };
  };

  networking = {
    hostName = nodeName;
    useNetworkd = true;
    useDHCP = true;

    nat.enable = true;
    firewall.enable = true;

    firewall.allowedTCPPorts = [
      5201
    ];
    firewall.allowedUDPPorts = [
      5201
    ];
  };

  disko.devices = let
    disk = id: {
      type = "disk";
      device = "/dev/${id}";
      content = {
        type = "gpt";
        partitions = {
          boot = {
            size = "1M";
            type = "EF02"; # for grub MBR
          };
          mdadm = {
            size = "100%";
            content = {
              type = "mdraid";
              name = "raid0";
            };
          };
        };
      };
    };
  in {
    disk = {
      sda = disk "sda";
      sdb = disk "sdb";
    };
    mdadm = {
      raid0 = {
        type = "mdadm";
        level = 0;
        content = {
          type = "gpt";
          partitions = {
            primary = {
              size = "100%";
              content = {
                type = "filesystem";
                format = "btrfs";
                mountpoint = "/";
              };
            };
          };
        };
      };
    };
  };

  system.stateVersion = "24.05";

  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.initrd.includeDefaultModules = true;
  boot.initrd.kernelModules = [
    "dm-raid"
    "dm-integrity"
    "xhci_pci_renesas"
  ];

  hardware.enableRedistributableFirmware = true;

  virtualisation.libvirtd.enable = true;

  boot.binfmt.emulatedSystems = [
    "aarch64-linux"
  ];
}