{ config, pkgs, modulesPath, lib, ... }: {
  networking.hostName = "thinkrac";
  networking.hostId = "2bfaea87";

  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    ./systemd-boot.nix
    ./desktop.nix
    ./services/tpm2.nix
  ];
  hardware.cpu.intel.updateMicrocode = true;

  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  boot.supportedFilesystems = [ "zfs" ];
  boot.zfs.devNodes = "/dev/";

  services.zfs.trim.enable = true;
  services.zfs.autoScrub.enable = true;
  services.zfs.autoScrub.pools = [ "tank" ];

  boot.initrd.luks.devices = {
    disk = {
      device = "/dev/disk/by-partuuid/7da5a9f1-abcc-ac4f-837c-806d1de2e3ce";
      allowDiscards = true;
    };
  };

  fileSystems."/" =
    {
      device = "tank/nixos";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };

  fileSystems."/nix" =
    {
      device = "tank/nixos/nix";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };

  fileSystems."/etc" =
    {
      device = "tank/nixos/etc";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };

  fileSystems."/var" =
    {
      device = "tank/nixos/var";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };

  fileSystems."/var/lib" =
    {
      device = "tank/nixos/var/lib";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };

  fileSystems."/var/log" =
    {
      device = "tank/nixos/var/log";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };

  fileSystems."/var/spool" =
    {
      device = "tank/nixos/var/spool";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };

  fileSystems."/home" =
    {
      device = "tank/userdata/home";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };

  fileSystems."/root" =
    {
      device = "tank/userdata/home/root";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };

  fileSystems."/home/darkkirb" =
    {
      device = "tank/userdata/home/darkkirb";
      fsType = "zfs";
      options = [ "zfsutil" ];
    };

  fileSystems."/boot" =
    {
      device = "/dev/disk/by-uuid/9052-28BA";
      fsType = "vfat";
    };

  networking.interfaces.enp0s31f6.useDHCP = true;
  system.stateVersion = "21.11";
  networking.wireguard.interfaces."wg0".ips = [
    "fd0d:a262:1fa6:e621:f45a:db9f:eb7c:1a3f/64"
  ];
  home-manager.users.darkkirb = import ./home-manager/darkkirb.nix true;
  networking.nameservers = [ "fd00:e621:e621:2::2" ];
  services.xserver.videoDrivers = [ "intel" ];
  nix.settings.substituters = [
    "http://192.168.2.1:9000/cache.int.chir.rs/"
    "https://minio.int.chir.rs/cache.int.chir.rs/"
  ];
  nix.settings.cores = 4;

  # Disable kernel mitigations
  # 
  # Rationale:
  # - device has a limited workload, consisting mostly of running trusted code and visiting trusted websites with an advertisement blocker
  # - device is battery powered (we want to spend more time in an idle state, as opposed to running user code or mitigating cpu bugs)
  # - device is also not involved in any sort of virtualization
  boot.kernelParams = [ "mitigations=off" ];
  # use the lowest frequency possible, to save power
  powerManagement.cpuFreqGovernor = "powersave";
  # lm_sensors who cares
  environment.etc."sysconfig/lm_sensors".text = ''
    # Generated by sensors-detect on Tue Aug  7 10:54:09 2018
    # This file is sourced by /etc/init.d/lm_sensors and defines the modules to
    # be loaded/unloaded.
    #
    # The format of this file is a shell script that simply defines variables:
    # HWMON_MODULES for hardware monitoring driver modules, and optionally
    # BUS_MODULES for any required bus driver module (for example for I2C or SPI).

    HWMON_MODULES="coretemp"
  '';
  services.thermald.enable = true;
  boot.initrd.extraModprobeConfig = ''
    # enable power savings mode of snd_hda_intel
    options snd-hda-intel power_save=1 power_save_controller=y
    # enable power savings mode of igpu, enable framebuffer compression, downclock the LVDS connection
    options i915 i915_enable_rc6=7 i915_enable_fbc=1 lvds_downclock=1
    # automatically suspend USB devices
    options usbcore autosuspend=2
    # Fan control for thinkpads
    options thinkpad_acpi fan_control=1
  '';
  boot.kernel.sysctl = {
    # Probably unnecessary
    "kernel.nmi_watchdog" = "0";
    "vm.laptop_mode" = "5";
    # The kernel flusher threads will periodically wake up and write `old' data out to disk.  This
    # tunable expresses the interval between those wakeups, in 100'ths of a second (Default is 500).
    "vm.dirty_writeback_centisecs" = "1500";
  };
  networking.networkmanager.enable = true;
  users.users.darkkirb.extraGroups = [ "networkmanager" ];
}