{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:

{
  imports = [
    # repoFlake.inputs.sops-nix.nixosModules.sops

    # ../../profiles/common/user.nix

    {
      nix.nixPath = [
        "nixpkgs=${pkgs.path}"
      ];

      nix.settings.experimental-features = [
        "nix-command"
        "flakes"
      ];

      nix.settings.max-jobs = lib.mkDefault "auto";
      nix.settings.cores = lib.mkDefault 0;
    }

    {
      services.openssh.enable = true;
      services.openssh.settings.PermitRootLogin = "yes";

      # users.commonUsers = {
      #   enable = true;
      #   enableNonRoot = false;
      #   rootPasswordFile = config.sops.secrets.passwords-root.path;
      # };

      users.users.root.password = "install";

      # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
      # sops.defaultSopsFormat = "yaml";

      # sops.secrets.passwords-root.neededForUsers = true;
    }
  ];

  networking = {
    hostName = nodeName;
    useNetworkd = false;

    networkmanager.enable = false;

    firewall.enable = false;
  };

  system.stateVersion = "23.11";

  # We exclude a number of modules included in the default list. A non-insignificant amount do
  # not apply to embedded hardware like this, so simply skip the defaults.
  #
  # Custom kernel is required as a lot of MTK components misbehave when built as modules.
  # They fail to load properly, leaving the system without working ethernet, they'll oops on
  # remove. MTK-DSA parts and PCIe were observed to do this.

  # boot.initrd.includeDefaultModules = false;
  # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
  # boot.initrd.availableKernelModules = ["nvme"];

  nixpkgs.config.allowUnfree = true;

  # hardware.enableRedistributableFirmware = true;

  environment.systemPackages = [
    pkgs.busybox
  ];

  fileSystems."/".label = "x13s_root";
}