{
  pkgs,
  config,
  lib,
  extraInfo,
  ...
}:
{
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "ahci"
    "usbhid"
  ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.extraModulePackages = [ ];

  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  # Meta
  isProfessional = false;

  # Volumes
  luksDevices = [
    {
      name = "crypted-nixos";
      deviceUUID = "5a1ac4ae-d74f-4599-bc5a-fc0a3501a196";
      isPreLVM = true;
    }
  ];

  filesystems = [
    {
      mountpoint = "/";
      deviceUUID = "8dd700f8-7bf7-426c-8869-d31687e343df";
      fsType = "ext4";
    }

    {
      mountpoint = "/boot";
      deviceUUID = "F2B6-C8CA";
      fsType = "vfat";
    }

    {
      mountpoint = "/nix";
      deviceUUID = "b7a643f6-a78e-4e32-a1a3-22b321465bf6";
      fsType = "ext4";
    }

    {
      mountpoint = "/home";
      deviceUUID = "e26f6727-3712-4830-b8e8-fdbce5e3584b";
      fsType = "ext4";
    }
  ];

  swapDeviceUUID = "5fe5e76b-df3d-43ce-abf9-d2b63078df09";

  # Linux kernel
  useLatestKernel = true;

  # Custom udev rules for Nucleo's stlink interface
  services.udev.extraRules = ''
    ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b",MODE="660",GROUP="dialout",TAG+="uaccess"
    ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748",MODE="660",GROUP="dialout",TAG+="uaccess"
  '';

  # Nix
  allowUnfreePackages = true;

  # Hardware acceleration
  hwAccelerationGPU = "nvidia";

  # Enable Docker
  enableDocker = true;

  keymap = "fr";

  # System secrets
  sops = {
    gnupg.sshKeyPaths = [ ];
    age = {
      sshKeyPaths = [ ];
      keyFile = "/var/lib/sops-nix/key.txt";
    };
    defaultSopsFile = ./secrets/secrets.yaml;
    secrets.wg0_private = { };
  };

  # Wireguard
  networking.wg-quick.interfaces.wg0 = {
    address = [ "10.100.0.4/8" ];
    dns = [ "10.100.0.1" ];

    listenPort = 51820;
    privateKeyFile = config.sops.secrets.wg0_private.path;

    peers = [
      {
        # Rock Pro 64
        publicKey = "XVmG3/rNsCqc8KCmOx3+UUn9DJOnJ40Uxid5JGdChR4=";
        endpoint = "${extraInfo.wireguard.rockProEndpoint}:51820";
        allowedIPs = [ "10.100.0.1" ];
        persistentKeepalive = 25;
      }

      {
        # VPS
        publicKey = "x45YsLDpMJw1pwKOvkyzdesen3lFcKpxCXACGz+xtDs=";
        endpoint = "${extraInfo.wireguard.VPSEndpoint}:51820";
        allowedIPs = [ "10.100.0.2" ];
        persistentKeepalive = 25;
      }
    ];
  };

  # User config
  machineUsers = {
    dala = {
      description = "Dala";
      groups = [
        "docker"
        "wheel"
        "video"
        "audio"
        "seat"
        "keys"
        "lp"
        "dialout"
        "network"
      ];
      uid = 1000;
      shell = pkgs.fish;
      enableHomeManagerProfile = true;
      homeManagerConfig = {
        programs.helix.enable = true;
        desktop.monitors = [
          {
            name = "Iiyama North America PL2470H 0x0000047B";
            resolution = "1920x1080@165.003Hz";
            position = "1920 0";
            defaultWorkspace = 1;
          }
          {
            name = "Iiyama North America PL2530H 1154392601941";
            resolution = "1920x1080@74.973Hz";
            position = "0 0";
            defaultWorkspace = 2;
          }
        ];

        nixpkgs.config.allowUnfree = true;
        development.embedded.enableTools = true;
      };
    };
  };
}