{ config, lib, pkgs, ... }:

let generateMac = pkgs.lib.network.generate-mac-address;

in {
  boot = {
    initrd = {
      availableKernelModules = [
        "uhci_hcd"
        "ehci_pci"
        "ata_piix"
        "ahci"
        "usb_storage"
        "floppy"
        "sd_mod"
        "sr_mod"
      ];
      kernelModules = [ "dm-snapshot" ];
    };

    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
    kernelPackages = pkgs.linuxPackages_latest;

    loader.grub = {
      enable = true;
      devices = [
        "/dev/disk/by-id/ata-Samsung_SSD_870_QVO_2TB_S6R4NJ0W702893V"
        "/dev/disk/by-id/ata-Crucial_CT525MX300SSD1_171516B3CB40"
      ];
    };
  };

  fileSystems = {
    "/boot" = {
      device = "/dev/disk/by-label/germany-boot";
      fsType = "ext4";
      options = [ "noatime" "noexec" ];
    };

    "/" = {
      device = "root-tmpfs";
      fsType = "tmpfs";
      options = [ "mode=755" "noexec" ];
    };

    "/nix" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@nix" "compress=zstd" "noatime" ];
    };

    "/state" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@state" "compress=zstd" "noatime" "noexec" ];
    };

    "/var/log" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@logs" "compress=zstd" "noatime" "noexec" ];
    };

    "/home" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@home" "compress=zstd" "noatime" "noexec" ];
    };

    "/var/lib/acme" = {
      device = "/dev/disk/by-label/germany-data";
      fsType = "btrfs";
      options = [ "subvol=@acme" "compress=zstd" "noatime" "noexec" ];
    };
  };

  swapDevices = [{ device = "/dev/disk/by-label/germany-swap"; }];

  nix.settings.max-jobs = lib.mkDefault 24;

  hardware.bluetooth.enable = false;

  nixpkgs.hostPlatform = "x86_64-linux";

  hardware = {
    cpu.intel.updateMicrocode = true;
    enableAllFirmware = true;
  };

  networking = {
    useDHCP = false;

    macvlans = {
      extif0 = {
        interface = "enp5s0f0";
        mode = "bridge";
      };

      extif1 = {
        interface = "enp5s0f1";
        mode = "bridge";
      };
    };

    interfaces = {
      extif0.macAddress = generateMac config.instance.hostname "extif0";
      extif1.macAddress = generateMac config.instance.hostname "extif1";
    };
  };
}