{ config, lib, pkgs, ... }:

{
  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    initrd = {
      availableKernelModules =
        [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
      kernelModules = [ ];
    };
    kernelModules = [ "kvm-intel" ];
    # kernelPackages = pkgs.linuxPackages_latest;
    extraModulePackages = [ ];
  };

  system.stateVersion = "23.05";

  fileSystems = {
    "/" = {
      device = "zbox-root";
      fsType = "tmpfs";
      options = [ "mode=755" "noexec" ];
    };

    "/boot" = {
      device = "/dev/disk/by-label/ZBOX-BOOT";
      fsType = "vfat";
      options = [ "noexec" "noatime" ];
    };

    "/state" = {
      device = "/dev/disk/by-label/zbox-data";
      fsType = "btrfs";
      options = [ "noatime" "compress=zstd" "noexec" "subvol=@state" ];
    };

    "/nix" = {
      device = "/dev/disk/by-label/zbox-data";
      fsType = "btrfs";
      options = [ "noatime" "compress=zstd" "subvol=@nix" ];
    };

    "/var/log" = {
      device = "/dev/disk/by-label/zbox-data";
      fsType = "btrfs";
      options = [ "noatime" "compress=zstd" "noexec" "subvol=@log" ];
    };

    "/var/lib/containers" = {
      device = "/dev/disk/by-label/zbox-data";
      fsType = "btrfs";
      options = [ "noatime" "compress=zstd" "noexec" "subvol=@containers" ];
    };

    "/state/services/frigate" = {
      device = "/dev/disk/by-label/zbox-recordings";
      fsType = "btrfs";
      options = [ "noatime" "compress=zstd" "noexec" ];
    };
  };

  swapDevices = [{ device = "/dev/disk/by-label/zbox-swap"; }];

  hardware = {
    bluetooth.enable = true;

    cpu.intel.updateMicrocode = true;

    opengl = {
      driSupport = true;
      driSupport32Bit = true;
      setLdLibraryPath = true;
      extraPackages = with pkgs; [ nvidia-vaapi-driver vaapiVdpau ];
    };

    nvidia = {
      package = config.boot.kernelPackages.nvidiaPackages.stable;
      modesetting.enable = true;
      powerManagement.enable = false;
    };

    enableAllFirmware = true;
  };

  networking = {
    useDHCP = false;
    macvlans = {
      intif0 = {
        interface = "eno1";
        mode = "bridge";
      };
    };

    interfaces = {
      eno1.useDHCP = false;
      intif0 = {
        # output of: echo clunk-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
        macAddress = "02:dd:80:52:83:9b";
      };
    };
  };

  nix.settings.max-jobs = lib.mkDefault 8;

  systemd.targets = {
    sleep.enable = false;
    suspend.enable = false;
    hibernate.enable = false;
    hybrid-sleep.enable = false;
  };
}