{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
}: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  config = {
    networking.hostName = config.sils.meta.hostname;

    boot = {
      initrd = {
        systemd.enable = true;
        availableKernelModules = ["xhci_pci" "nvme" "rtsx_pci_sdmmc"];
        kernelModules = [];
        luks.devices."cryptroot" = {
          crypttabExtraOpts = ["fido2-device=auto"];
          device = config.sils.meta.rootPart;
        };
      };
      kernelModules = ["kvm-intel"];
      extraModulePackages = [];
      kernelPackages = pkgs.linuxPackages_latest;
      lanzaboote = {
        enable = true;
        configurationLimit = 10;
        pkiBundle = "/etc/secureboot";
      };
      resumeDevice = config.sils.meta.mainDisk;
      kernelParams = ["resume_offset=369403136"];
    };

    fileSystems = {
      "/" = {
        device = "tmpfs";
        fsType = "tmpfs";
        options = ["defaults" "size=2G" "mode=755"];
      };
      "/tmp" = {
        device = "tmpfs";
        fsType = "tmpfs";
        options = ["defaults" "size=5G" "mode=755"];
      };
      "/nix" = {
        device = config.sils.meta.mainDisk;
        fsType = "btrfs";
        options = ["subvol=nix" "compress-force=zstd"];
      };
      "/etc/NetworkManager" = {
        device = config.sils.meta.mainDisk;
        fsType = "btrfs";
        options = ["subvol=networkmanagerconfig" "compress-force=zstd"];
      };
      "/etc/secureboot" = {
        device = config.sils.meta.mainDisk;
        fsType = "btrfs";
        options = ["subvol=secureboot" "compress-force=zstd"];
      };
      "/etc/nixos" = {
        device = config.sils.meta.mainDisk;
        fsType = "btrfs";
        options = ["subvol=nixconfig" "compress-force=zstd"];
      };
      "/srv" = {
        device = config.sils.meta.mainDisk;
        fsType = "btrfs";
        options = ["subvol=srv" "compress-force=zstd"];
        neededForBoot = true;
      };
      "/swap" = {
        device = config.sils.meta.mainDisk;
        fsType = "btrfs";
        options = ["subvol=swap" "noatime"];
      };
      "/home" = {
        device = config.sils.meta.mainDisk;
        fsType = "btrfs";
        options = ["subvol=home" "compress-force=zstd"];
      };
      "/srv/snapshots" = {
        device = config.sils.meta.mainDisk;
        fsType = "btrfs";
        options = ["subvol=snapshots" "compress-force=zstd"];
      };
      "/boot" = {
        device = config.sils.meta.bootPart;
        fsType = "vfat";
      };
    };

    swapDevices = [
      {
        device = "/swap/swapfile";
      }
    ];

    system.stateVersion = "23.05";

    i18n.defaultLocale = "en_US.UTF-8";

    time.timeZone = "Europe/Berlin";
    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
    # (the default) this is the recommended approach. When using systemd-networkd it's
    # still possible to use this option, but it's recommended to use it in conjunction
    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
    networking.useDHCP = true;
    # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
    # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;

    nixpkgs.hostPlatform = config.sils.meta.system;
    powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
    hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  };
}