{ config
, pkgs
, modulesPath
, lib
, inputs
, system
, ...
}: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
    ../../os-mods/common
    ../../os-mods/cachix
    ../../os-mods/desktop
    ../../os-mods/desktop/audio.nix
    ../../os-mods/desktop/printing.nix
    ../../os-mods/netdata
    ../../os-mods/network
  ];

  # Bootloader.
  boot = {
    loader.grub = {
      enable = true;
      device = "/dev/sda";
      useOSProber = true;
    };

    initrd = {
      availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
      kernelModules = [ ];
    };
    kernelModules = [ ];
    extraModulePackages = [ ];
  };

  environment.systemPackages = with pkgs; [
    netmaker
  ];

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/8598929f-bf20-4f02-9f20-acf899eeee2c";
    fsType = "ext4";
  };

  swapDevices = [ ];
  zramSwap.enable = true;

  networking.hostName = "nixos-karl-kvm-guest";

  fileSystems."/etc/nixos" = {
    device = lib.mkForce "/home/reopen5194/nix";
    fsType = "none";
    options = [ "bind" ];
  };

  security.polkit.extraConfig = ''
    polkit.addRule(function(action, subject) {
        if (action.id == "org.freedesktop.login1.suspend" ||
            action.id == "org.freedesktop.login1.suspend-multiple-sessions" ||
            action.id == "org.freedesktop.login1.hibernate" ||
            action.id == "org.freedesktop.login1.hibernate-multiple-sessions")
        {
            return polkit.Result.NO;
        }
    });
  '';

  services.qemuGuest.enable = true;

  services.netdata.configDir = {
    "stream.conf" = pkgs.writeText "stream.conf" ''
      [8fcb63b3-8361-4339-a010-fc459c2132b0]
      enabled = yes
      default history = 36000
      default memory mode = dbengine
      health enabled by default = auto
      allow from = 192.*
    '';
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.reopen5194 = {
    isNormalUser = true;
    description = "reopen5194";
    extraGroups = [ "docker" "networkmanager" "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
    ];
  };
  home-manager = {
    useUserPackages = true;
    useGlobalPkgs = true;
    users.reopen5194 = import ../../users/admin-thin.nix {
      username = "reopen5194";

      inherit pkgs config inputs system lib;
    };
  };

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;

  # Virtualization
  virtualisation.docker = {
    enable = true;
    package = pkgs.docker;
    # rootless = {
    # enable = true;
    # setSocketVariable = true;
    # };
    daemon.settings = {
      # fixed-cidr-v6 = "fd00::/80";
      # ipv6 = true;
      dns = [ "9.9.9.9" "149.112.112.112" ];
    };
  };
  # allow to bind to priv ports
  # boot.kernel.sysctl = {
  # "net.ipv4.ip_unprivileged_port_start" = 79;
  # };

  system.stateVersion = "23.05"; # Did you read the comment?
}