{
  modulesPath,
  repoFlake,
  pkgs,
  config,
  ...
}: let
  disk = "/dev/disk/by-id/ata-Corsair_Voyager_GTX_21488170000126002051";
in {
  disabledModules = [];
  imports = [
    repoFlake.inputs.disko.nixosModules.disko
    repoFlake.inputs.srvos.nixosModules.server
    (modulesPath + "/profiles/all-hardware.nix")

    repoFlake.inputs.srvos.nixosModules.mixins-terminfo
    repoFlake.inputs.srvos.nixosModules.mixins-systemd-boot

    repoFlake.inputs.sops-nix.nixosModules.sops

    ../../profiles/common/user.nix
  ];

  ## bare-metal machines
  srvos.boot.consoles = ["tty0"];
  boot.loader.grub.enable = false;
  boot.loader.efi.canTouchEfiVariables = false;

  disko.devices.disk.main = {
    device = disk;
    type = "disk";
    content = {
      type = "table";
      format = "gpt";
      partitions = [
        {
          name = "boot";
          start = "0";
          end = "1M";
          part-type = "primary";
          flags = ["bios_grub"];
        }
        {
          name = "ESP";
          start = "1M";
          end = "512M";
          bootable = true;
          content = {
            type = "filesystem";
            format = "vfat";
            mountpoint = "/boot";
          };
        }
        {
          name = "root";
          start = "512M";
          end = "100%";
          part-type = "primary";
          bootable = true;
          content = {
            type = "btrfs";
            extraArgs = ["-f"]; # Override existing partition
            subvolumes = {
              # Subvolume name is different from mountpoint
              "/rootfs" = {
                mountpoint = "/";
              };
              "/nix" = {
                mountOptions = ["noatime"];
              };
            };
          };
        }
      ];
    };
  };

  hardware.enableAllFirmware = true;
  nixpkgs.config.allowUnfree = true;

  hardware.enableRedistributableFirmware = true;
  hardware.cpu.intel.updateMicrocode = true;

  services.openssh.enable = true;

  systemd.network.enable = true;
  systemd.network.networks."10-lan" = {
    matchConfig.Name = "eth*";
    networkConfig = {
      # enable DHCP for IPv4 *and* IPv6
      DHCP = "yes";

      # accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC)
      IPv6AcceptRA = true;
    };
  };
  networking.dhcpcd.enable = false;

  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [
    22

    # iperf3
    5201
  ];
  networking.firewall.logRefusedConnections = false;
  networking.usePredictableInterfaceNames = false;

  networking.nat = {
    enable = true;
    internalInterfaces = ["ve-+"];
    externalInterface = "eth0";
  };

  # Kubernetes
  # services.kubernetes.roles = ["master" "node"];

  # virtualization
  # virtualisation = {docker.enable = true;};

  nix.gc = {automatic = true;};

  containers = {
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.05"; # Did you read the comment?
}