{ pkgs, config, lib, modulesPath, machine, microvm, disko, agenix, machines, ... }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    ./modules
    ./lab.nix
    machine.nixosModule
    disko.nixosModules.disko
    agenix.nixosModules.default
    microvm.nixosModules.host
  ];

  config = {
    boot = {
      kernelModules = [ "kvm-intel" ];
      extraModulePackages = [ ];

      initrd = {
        availableKernelModules = [
          "ahci"
          "xhci_pci"
          "nvme"
          "usbhid"
          "usb_storage"
          "sd_mod"
          "sdhci_pci"
        ];
        kernelModules = [ ];
      };

      loader = {
        systemd-boot.enable = true;
        efi.canTouchEfiVariables = true;
      };
    };

    time.timeZone = "Europe/Amsterdam";

    i18n = {
      defaultLocale = "en_US.UTF-8";

      extraLocaleSettings = {
        LC_ADDRESS = "nl_NL.UTF-8";
        LC_IDENTIFICATION = "nl_NL.UTF-8";
        LC_MEASUREMENT = "nl_NL.UTF-8";
        LC_MONETARY = "nl_NL.UTF-8";
        LC_NAME = "nl_NL.UTF-8";
        LC_NUMERIC = "nl_NL.UTF-8";
        LC_PAPER = "nl_NL.UTF-8";
        LC_TELEPHONE = "nl_NL.UTF-8";
        LC_TIME = "nl_NL.UTF-8";
      };
    };

    services = {
      openssh = {
        enable = true;
        openFirewall = true;

        settings = {
          PasswordAuthentication = false;
          KbdInteractiveAuthentication = false;
        };
      };

      xserver = {
        layout = "us";
        xkbVariant = "";
      };
    };

    users.users.root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
    ];

    programs = {
      ssh = {
        knownHosts = {
          dmz = {
            hostNames = [ "*.dmz" ];
            publicKey =
              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
            certAuthority = true;
          };

          hypervisors = {
            hostNames = [ "*.hyp" ];
            publicKey =
              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
            certAuthority = true;
          };
        };

      };

      neovim = {
        enable = true;
        vimAlias = true;
        viAlias = true;
      };
    };

    nixpkgs = {
      config.allowUnfree = true;
      hostPlatform = "x86_64-linux";
    };

    environment.systemPackages = with pkgs; [
      neofetch
      wget
      git
      btop
      htop
      ripgrep
      dig
      tree
      file
      tcpdump
      lsof
      parted
      radvd
    ];

    hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;

    age.identityPaths = [ "/etc/age_ed25519" ];

    virtualisation.libvirtd.enable = true;

    nix = {
      package = pkgs.nixFlakes;
      extraOptions = ''
        experimental-features = nix-command flakes
      '';
    };

    system = {
      stateVersion = "23.05";

      activationScripts.diff = ''
        if [[ -e  /run/current-system ]]; then
          ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
        fi
      '';
    };

    microvm.vms =
      let
        vmsForHypervisor = lib.attrValues (lib.filterAttrs (n: v: v.type == "virtual" && v.hypervisorName == machine.hostName) machines);
      in
      lib.attrsets.mergeAttrsList (map
        (vm:
          {
            "${vm.hostName}" = {
              # TODO Simplify?
              specialArgs = { inherit agenix disko pkgs lib microvm; machine = vm; hypervisorConfig = config; };
              config = {
                imports = [
                  ./vm.nix
                ];
              };
            };
          }
        )
        vmsForHypervisor
      );
  };
}