{ pkgs, lib, config, ... }:
{
  imports = [
    ./hardware-configuration.nix
    ./fileserver.nix
    ./backup.nix
    ./network.nix
  ];

  sops.secrets.pccs.sopsFile = ../../../.secrets/sgx/pccs.yaml;
  sops.secrets.backup-pw.sopsFile = ../../../.secrets/sgx/backup-s3.yaml;

  metacfg = {
    base.enable = true;
    gui.enable = false;
    nix-ld.enable = false;
    nix.enable = true;
    podman.enable = true;
    secureboot.enable = true;
    user.extraGroups = [ "docker" ];
  };

  virtualisation = {
    docker.enable = false;
    libvirtd.enable = true;
    podman.dockerCompat = true;
  };

  systemd.services.libvirt-guests.after = [ "network-online.target" ];

  system.autoUpgrade = {
    enable = true;
    operation = "switch";
    allowReboot = true;
  };

  systemd.targets.sleep.enable = false;
  systemd.targets.suspend.enable = false;
  systemd.targets.hibernate.enable = false;
  systemd.targets.hybrid-sleep.enable = false;
  services.xserver.displayManager.gdm.autoSuspend = false;

  services.logind.lidSwitch = "ignore";

  system.stateVersion = "23.11";
}