{
  config,
  lib,
  extraInfo,
  pkgs,
  ...
}:
{
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "nvme"
    "usb_storage"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [
    "dm-snapshot"
    "i915"
  ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  services.tlp.enable = true;

  useLatestKernel = true;
  hwAccelerationGPU = "intel";

  isProfessional = false;
  allowUnfreePackages = true;
  keymap = "us";

  luksDevices = [
    {
      name = "crypted-nixos";
      deviceUUID = "401036ff-8ad8-4738-a249-85391dac0430";
      isPreLVM = true;
    }
  ];

  filesystems = [
    {
      mountpoint = "/";
      deviceUUID = "663f1c4a-dce6-48b2-b8e2-a602e812c49b";
      fsType = "ext4";
    }

    {
      mountpoint = "/boot";
      deviceUUID = "3F42-7C9B";
      fsType = "vfat";
    }

    {
      mountpoint = "/nix";
      deviceUUID = "148a5295-396b-495b-b46e-1fa4e99cf9d0";
      fsType = "ext4";
    }

    {
      mountpoint = "/home";
      deviceUUID = "16b6bd32-465c-4a42-a082-df42d912e5e5";
      fsType = "ext4";
    }
  ];

  swapDeviceUUID = "0bc27219-00dd-4ae9-b946-ab65a68cbdf1";

  sops = {
    gnupg.sshKeyPaths = [ ];
    age = {
      sshKeyPaths = [ ];
      keyFile = "/var/lib/sops-nix/key.txt";
    };
    defaultSopsFile = ./secrets/secrets.yaml;
    secrets.wg0_private = { };
  };

  networking.wg-quick.interfaces.wg0 = {
    address = [ "10.100.0.3/24" ];
    listenPort = 51820;
    privateKeyFile = config.sops.secrets.wg0_private.path;

    dns = [ "10.100.0.1" ];

    peers = [
      # RockPro 64
      {
        publicKey = "XVmG3/rNsCqc8KCmOx3+UUn9DJOnJ40Uxid5JGdChR4=";
        endpoint = "${extraInfo.wireguard.rockProEndpoint}:51820";
        allowedIPs = [ "10.100.0.1/32" ];
        persistentKeepalive = 25;
      }
    ];
  };

  machineUsers = {
    dala = {
      description = "Dala";
      groups = [
        "wheel"
        "network"
        "audio"
        "video"
        "docker"
        "wireshark"
      ];
      uid = 1000;
      shell = pkgs.fish;

      enableHomeManagerProfile = true;
      homeManagerConfig = {
        programs.helix.enable = true;
        desktop.monitors = [
          {
            name = "Chimei Innolux Corporation 0x14C9 Unknown";
            resolution = "1920x1080@60.008Hz";
            position = "0 0";
            defaultWorkspace = 1;
          }
        ];
        nixpkgs.config.allowUnfree = true;
        development.embedded.enableTools = true;
      };
    };
  };
}