{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
}:
let
  bootUUID = config.machine.fs.bootUUID;
  efiUUID = config.machine.fs.efiUUID;
  luuksUUID = config.machine.fs.luuksUUID;
  cryptrootUUID = config.machine.fs.cryptrootUUID;
in
{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    ./minimal.nix
  ];

  boot.bootspec.enable = true;
  boot.initrd = {
    kernelModules = [ ];
    luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luuksUUID}";
    systemd.enable = true;
  };

  boot.lanzaboote = {
    enable = true;
    pkiBundle = "/var/lib/sbctl";
  };

  boot.loader.efi = {
    canTouchEfiVariables = true;
    efiSysMountPoint = "efi";
  };

  boot.loader.systemd-boot = {
    enable = lib.mkForce false;
    xbootldrMountPoint = "/boot";
  };

  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/${bootUUID}";
    fsType = "ext4";
  };

  fileSystems."/efi" = {
    device = "/dev/disk/by-uuid/${efiUUID}";
    fsType = "vfat";
    options = [
      "fmask=0137"
      "dmask=0027"
    ];
  };

  environment.sessionVariables = {
    EDITOR = "${pkgs.vim}/bin/vim";
    PAGER = "${pkgs.less}/bin/less";
  };

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/${cryptrootUUID}";
    fsType = "btrfs";
    options = [ "subvol=@root" ];
  };

  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/${cryptrootUUID}";
    fsType = "btrfs";
    options = [ "subvol=@home" ];
  };

  fileSystems."/nix" = {
    device = "/dev/disk/by-uuid/${cryptrootUUID}";
    fsType = "btrfs";
    options = [ "subvol=@nix" ];
  };

  fileSystems."/var/cache" = {
    device = "/dev/disk/by-uuid/${cryptrootUUID}";
    fsType = "btrfs";
    options = [ "subvol=@var_cache" ];
  };

  fileSystems."/var/log" = {
    device = "/dev/disk/by-uuid/${cryptrootUUID}";
    fsType = "btrfs";
    options = [ "subvol=@var_log" ];
  };

  fileSystems."/var/spool" = {
    device = "/dev/disk/by-uuid/${cryptrootUUID}";
    fsType = "btrfs";
    options = [ "subvol=@var_spool" ];
  };

  fileSystems."/var/tmp" = {
    device = "/dev/disk/by-uuid/${cryptrootUUID}";
    fsType = "btrfs";
    options = [ "subvol=@var_tmp" ];
  };

  fileSystems."/var/lib/machines" = {
    device = "/dev/disk/by-uuid/${cryptrootUUID}";
    fsType = "btrfs";
    options = [ "subvol=@var_lib_machines" ];
  };

  fileSystems."/var/lib/portables" = {
    device = "/dev/disk/by-uuid/${cryptrootUUID}";
    fsType = "btrfs";
    options = [ "subvol=@var_lib_portables" ];
  };

  services.avahi.enable = true;
  services.openssh.enable = true;

  swapDevices = [ ];

  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}