{ config, lib, pkgs, ... }:

{
  system.stateVersion = "23.11";

  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    initrd = {
      availableKernelModules =
        [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_usb_sdmmc" ];
      kernelModules = [ ];
    };
    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
  };

  fileSystems = {
    "/" = {
      device = "cartus-root";
      fsType = "tmpfs";
      options = [ "mode=755" "noexec" ];
    };

    "/boot" = {
      device = "/dev/disk/by-label/CARTUS-BOOT";
      fsType = "vfat";
      options = [ "noexec" "noatime" ];
    };

    "/state" = {
      device = "/dev/disk/by-label/cartus-data";
      fsType = "btrfs";
      options = [ "noatime" "compress=zstd" "noexec" "subvol=@state" ];
    };

    "/nix" = {
      device = "/dev/disk/by-label/cartus-data";
      fsType = "btrfs";
      options = [ "noatime" "compress=zstd" "subvol=@nix" ];
    };

    "/var/log" = {
      device = "/dev/disk/by-label/cartus-data";
      fsType = "btrfs";
      options = [ "noatime" "compress=zstd" "noexec" "subvol=@log" ];
    };

    "/var/lib/tailscale" = {
      device = "/dev/disk/by-label/cartus-data";
      fsType = "btrfs";
      options = [ "noatime" "compress=zstd" "noexec" "subvol=@tailscale" ];
    };

    "/var/lib/containers" = {
      device = "/dev/disk/by-label/cartus-data";
      fsType = "btrfs";
      options = [ "noatime" "compress=zstd" "noexec" "subvol=@containers" ];
    };
  };

  hardware = {
    bluetooth.enable = false;

    cpu.intel.updateMicrocode = true;
  };

  services.xserver.videoDrivers = [ "intel" ];
  nix.settings.max-jobs = lib.mkDefault 4;
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}