{ config, lib, pkgs, modulesPath, ... }:
{
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];

  # System
  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" "sr_mod" "r8169" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";

  # Boot Loader
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # SSH Remote Unlock
  boot.kernelParams = [ "ip=dhcp" ];
  boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
  boot.initrd.network = {
    enable = true;
    ssh = {
      enable = true;
      port = 7299;
      authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6jJa135d46R9XgV7h5SfxALabycI5ZPN8kdSQbEkYM kb@Ohybke" ];
      hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
    };
    postCommands = ''
      echo 'cryptsetup-askpass' >> /root/.profile
    '';
  };

  # Disks
  boot.initrd.luks.devices."luks-2d08047a-a014-480b-8a24-a70e20a2d7d7".device = "/dev/disk/by-uuid/2d08047a-a014-480b-8a24-a70e20a2d7d7";
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/9c1d9682-5cfb-4683-a789-f544fc6e7681";
    fsType = "ext4";
  };
  fileSystems."/boot" = { 
    device = "/dev/disk/by-uuid/FEAA-61DA";
    fsType = "vfat";
    options = [ "fmask=0077" "dmask=0077" ];
  };

  swapDevices = [ ];

  # Networking
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;

}