{
  inputs,
  lib,
  pkgs,
  configVars,
  outputs,
  ...
}: let
  # Disko setup
  fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
  dev = "/dev/nvme0n1"; # depends on target hardware
  encrypted = true; # currrently only applies to btrfs
  btrfsMountDevice =
    if encrypted
    then "/dev/mapper/crypted"
    else "/dev/root_vg/root";
  user = "sam";
  impermanence = true;
  piholeIp = configVars.networking.addresses.pihole.ip;
  gatewayIp = configVars.networking.addresses.gateway.ip;
  merlinIp = configVars.networking.addresses.merlin.ip;
  semitaIp = configVars.networking.addresses.semita.ip;
in {
  imports = [
    # Create users for this host
    ../common/users/${user}

    # Disk configuration
    inputs.disko.nixosModules.disko
    (import ../common/disks {
      device = dev;
      impermanence = impermanence;
      fsType = fsType;
      encrypted = encrypted;
    })

    # Impermanence
    (import ../common/disks/btrfs/impermanence.nix {
      btrfsMountDevice = btrfsMountDevice;
      lib = lib;
    })

    # Import core options
    ./hardware-configuration.nix
    ../common/core

    # Import optional options
    ../common/optional/persistence.nix
    ../common/optional/pipewire.nix
    ../common/optional/openssh.nix
    ../common/optional/dwm.nix
    ../common/optional/printing.nix
    ../common/optional/docker.nix
    ../common/optional/nix-ld.nix
    ../common/optional/gaming.nix
    ../common/optional/restic-backup.nix

    ../common/optional/fileserver/nfs-client/media.nix
    ../common/optional/fileserver/nfs-client/photos.nix
    ../common/optional/fileserver/nfs-client/personal.nix

    ../common/optional/distributed-builds/local-machine.nix

    outputs.nixosModules.nixosAutoUpgrade
  ];

  services.tailscale.useRoutingFeatures = "server";

  boot = {
    blacklistedKernelModules = ["snd_hda_intel" "snd_soc_skl"];
    kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
      timeout = 3;
    };
  };

  services = {
    xserver = {
      dpi = 144;
      upscaleDefaultCursor = true;
    };
    # enable oom killer when system ram drops below 5% free
    earlyoom = {
      enable = true;
      freeMemThreshold = 5; # <%5 free
    };
  };

  system.services.nixosAutoUpgrade = {
    enable = true;
    persistent = true;
    remote = "remotebuild@${merlinIp}";
    reboot = false;
    pushUpdates = false;
    configDir = "/etc/nixos";
    onCalendar = "*-*-* 06:00:00";
    user = "sam";
  };

  environment.variables = {
    GDK_SCALE = "1";
    GDK_DPI_SCALE = "1";
    _JAVA_OPTIONS = "-Dsun.java2d.uiScale=1.8";
    QT_AUTO_SCREEN_SCALE_FACTOR = "1";
    XCURSOR_SIZE = "32";
  };

  hardware.firmware = [
    pkgs.sof-firmware
  ];

  swapDevices = [
    {
      device = "/.swapvol/swapfile";
      size = 4 * 1024;
    }
  ];

  # Add hardware support for intel gpus as specified here: https://nixos.wiki/wiki/Jellyfin
  nixpkgs.config.packageOverrides = pkgs: {
    vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
  };

  hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver
      intel-vaapi-driver
      vaapiVdpau
      libvdpau-va-gl
      intel-compute-runtime
      # only available on unstable
      unstable.vpl-gpu-rt
      intel-media-sdk
    ];
  };

  programs.fuse.userAllowOther = true;

  networking = {
    hostName = "semita";
    nameservers = ["${piholeIp}" "${gatewayIp}" "8.8.8.8"];
    defaultGateway = "${gatewayIp}";
    useDHCP = false;
    bridges = {
      br0 = {
        interfaces = ["eth0"];
      };
    };
    interfaces.br0 = {
      ipv4.addresses = [
        {
          "address" = "${semitaIp}";
          "prefixLength" = 24;
        }
      ];
    };
  };

  services.libinput.enable = true;
}