{
  config,
  pkgs,
  lib,
  ...
}:

{
  imports = [
    ./base.nix
    ./users/chris.nix
  ];
  documentation.nixos.enable = false;
  documentation.enable = false;
  documentation.info.enable = false;
  documentation.man.enable = false;

  environment.variables.BROWSER = "echo";

  time.timeZone = lib.mkDefault "UTC";
  systemd = {
    enableEmergencyMode = false;
    watchdog = {
      runtimeTime = "20s";
      rebootTime = "30s";
    };

    sleep.extraConfig = ''
      AllowSuspend=no
      AllowHibernation=no
    '';
  };

  #systemd.services.NetworkManager-wait-online.enable = false;
  #systemd.network.wait-online.enable = false;

  # My servers always use /dev/vda as boot disk...
  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    loader = {
      grub = {
        devices = [ "/dev/vda" ]; # nodev for EFI only
        # EFI
        efiSupport = false;
        efiInstallAsRemovable = false;
      };
      timeout = 1;
    };
  };

  networking = {
    hostName = lib.mkDefault "Rory-nix-base-server";
    networkmanager.enable = false;
    useNetworkd = true;
    wireless.enable = false;
    enableIPv6 = false;
    firewall = {
      enable = false;
      # allowedTCPPorts = [ ... ];
      # allowedUDPPorts = [ ... ];
    };

    useDHCP = false;
    #     nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
    nameservers = [
      "10.10.0.4"
      "10.10.0.5"
      "1.1.1.1"
      "1.0.0.1"
      "8.8.8.8"
      "8.4.4.8"
    ];
    resolvconf.enable = true;
    defaultGateway = "192.168.1.1";
  };

  hardware.pulseaudio.enable = false;

  # This shaves off half a gigabyte of disk space...
  hardware.enableAllFirmware = false;
  hardware.enableRedistributableFirmware = false;

  services = {
    prometheus = {
      exporters = {
        node = {
          enable = true;
          port = 9100;
          enabledCollectors = [
            #"logind" #too slow
            "systemd"
            "processes"
            "interrupts"
            # Testing:
            "buddyinfo"
            "cgroups"
            "ksmd"
            "lnstat"
            "mountstats"
            "network_route"
            #"perf" # requires sysctl change
            "qdisc"
            "sysctl"
            "softirqs"
            "tcpstat"
          ];
          disabledCollectors = [
            "textfile"
            "xfs"
            "zfs"
            "selinux"
            "cpufreq"
            "btrfs"
            "powersupplyclass"
            "mdadm"
            "tapestats"
            "fibrechannel"
            "cpu_vulnerabilities"
            "watchdog"
            "thermal_zone"
            "logind"
            "nfs"
            "nfsd"
            "infiniband"
          ];
        };
      };
    };
    promtail = {
      enable = true;
      configuration = {
        server = {
          http_listen_port = 3031;
          grpc_listen_port = 0;
        };
        positions = {
          filename = "/tmp/positions.yaml";
        };
        clients = [ { url = "https://loki.regional.seian.cloud/loki/api/v1/push"; } ];
        scrape_configs = [
          {
            job_name = "journal";
            journal = {
              max_age = "12h";
              labels = {
                job = "systemd-journal";
                host = "${toString config.networking.hostName}";
              };
            };
            relabel_configs = [
              {
                source_labels = [ "__journal__systemd_unit" ];
                target_label = "unit";
              }
            ];
          }
        ];
      };
    };
  };
}