{
  modulesPath,
  lib,
  pkgs,
  ...
}:
{
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
    ./fs.nix
  ];

  config = {
    time.timeZone = "Europe/Amsterdam";
    i18n.defaultLocale = "en_US.UTF-8";

    #Provide a default hostname
    networking.hostName = lib.mkDefault "base";

    # Enable QEMU Guest for Proxmox
    services.qemuGuest.enable = lib.mkDefault true;

    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;

    # Allow remote updates with flakes and non-root users
    nix.settings.trusted-users = [
      "root"
      "@wheel"
    ];
    nix.settings.experimental-features = [
      "nix-command"
      "flakes"
    ];

    # Set up user for remote admin
    users.users."maintenance" = {
      isNormalUser = true;
      group = "maintenance";
      extraGroups = [ "wheel" ];
      openssh.authorizedKeys.keyFiles = [ ../../authorized_keys ];
    };

    users.groups."maintenance" = { };

    # Enable mDNS for `hostname.local` addresses
    services.avahi.enable = true;
    services.avahi.nssmdns4 = true;
    services.avahi.publish = {
      enable = true;
      addresses = true;
    };

    # Some sane packages we need on every system
    environment.systemPackages = with pkgs; [
      vim
      git
      ceph-client
    ];

    # Don't ask for passwords
    security.sudo.wheelNeedsPassword = false;

    # Enable ssh
    services.openssh = {
      enable = true;
      settings.PasswordAuthentication = false;
      settings.KbdInteractiveAuthentication = false;
    };
    programs.ssh.startAgent = true;

    environment.persistence."/persistent" = {
      enable = true;
      hideMounts = true;
      directories = [
        "/var/log"
        "/var/lib/nixos"
        "/var/lib/systemd/coredump"
        "/etc/nixos"
      ];
      files = [
        "/etc/machine-id"
        # SSH Server
        "/etc/ssh/ssh_host_ed25519_key"
        "/etc/ssh/ssh_host_ed25519_key.pub"
        "/etc/ssh/ssh_host_rsa_key"
        "/etc/ssh/ssh_host_rsa_key.pub"
        # Ceph Client
        "/etc/ceph/ceph.client.vm.keyring"
      ];
    };

    services.ceph = {
      enable = true;
      global = {
        fsid = "b9b22d11-3492-49a6-92b7-b36cdf0161fe";
        monHost = "v2:192.168.10.3:3300/0,v1:192.168.10.3:6789/0";
      };
    };

    # Resize partition on boot
    systemd.repart.partitions = {
      "00-esp" = {
        Type = "esp";
        SizeMinBytes = "550M";
        SizeMaxBytes = "550M";
        Format = "vfat";
      };
      "10-root" = {
        Type = "linux-generic";
        Format = "btrfs";
      };
    };
    boot.initrd = {
      # Custom systemd units in the initrd
      systemd = {
        enable = true;
        services = {
          resize-gpt = {
            description = "Resize GPT to use full disk size";
            path = [ pkgs.gptfdisk ];
            wants = [ "systemd-repart.service" ];
            before = [ "systemd-repart.service" ];
            serviceConfig = {
              Type = "oneshot";
              ExecStart = "/run/current-system/sw/bin/sgdisk --move-second-header /dev/sdX";
            };
          };
        };
        repart = {
          enable = true;
          device = "/dev/sda";
        };
      };
    };

    system.stateVersion = lib.mkDefault "24.05";
  };
}