{
  pkgs,
  lib,
  ...
}:
{
  imports = [ ./hardware-configuration.nix ];

  boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
  boot.loader.systemd-boot.enable = false;
  # Bootloader.
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
  boot.loader.grub.useOSProber = true;

  metacfg = {
    base.enable = true;
    nix-ld.enable = true;
    nix.enable = true;
    podman.enable = true;
    user.extraGroups = [
      "docker"
      "sgx"
    ];
    tools = {
      direnv.enable = true;
    };
  };

  virtualisation = {
    docker.enable = true;
    podman.dockerCompat = false;
  };

  system.autoUpgrade = {
    enable = true;
    operation = "switch";
    allowReboot = true;
  };

  networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.

  networking.firewall.allowPing = true;

  powerManagement.cpuFreqGovernor = "ondemand";

  systemd.user.extraConfig = "DefaultLimitNOFILE=32768";

  security.pam.loginLimits = [
    {
      domain = "*";
      item = "nofile";
      type = "-";
      value = "32768";
    }
    {
      domain = "*";
      item = "memlock";
      type = "-";
      value = "32768";
    }
  ];

  system.stateVersion = "25.05";
}