{ config, pkgs, lib, disko, /* sydnix-cli, */ ... }:
{
  imports = [
    ./hardware-configuration.nix
    ./disko-config.nix
  ];

  sydnix = {
    filesystemType = "btrfs";

    users.users = [
      "lain"
      "public"
    ];

    impermanence = {
      enable = true;
      directories = [
        # "Warning: Neither /var/lib/nixos nor any of its parents are persisted.
        # This means all users/groups without specified uids/gids will have them
        # reassigned on reboot."
        "/var/lib/nixos"
        # We don't want to have different ssh keys on reboot, because ssh keys
        # are expected to consistently identify machines... I think.  I mostly
        # just think it's annoying to edit ~/.ssh/known_hosts all the time.
        "/etc/ssh"
      ];
      rollback = {
        enable = true;
        device = "/dev/sda2";
        subvolume = "rootfs";
      };
    };

    sops = {
      enable = true;
      keyFile = "/persist/vault/root/deertopia-key";
    };

    git-annex = {
      enable = true;
      user.name = "annex";
      user.email = "annex@deertopia.net";
      keyFiles = [ ../../public-keys/crumb-at-guix-rebound.pub ];
      repos = {
        "/persist/deertopia.net/dav/org" = {
          managed = true;
          remotes = {
            "guix-rebound" = "crumb@guix-rebound:/tmp/org";
          };
        };
      };
    };

    deertopia = {
      nginx.enable = true;
      webdav.enable = true;

      # A simple default webpage.  This should probably live somewhere else.
      nginx.vhosts."www" = {
        vhostName = "deertopia.net";
        vhost = {
          forceSSL = true;
          enableACME = true;

          locations."/" = {
            index = "index.html";
          };
        };
      };
    };
  };

  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  };

  time.timeZone = "America/Denver";

  i18n.defaultLocale = "en_US.UTF-8";

  console = {
    font = "Lat2-Terminus16";
    # keyMap = "us";
    useXkbConfig = true; # use xkb.options in tty.
  };

  services.xserver.xkb.layout = "us";
  services.xserver.xkb.options = "caps:escape";

  environment.systemPackages = with pkgs; [
    neovim
    git
    sshfs
    # sydnix-cli.packages.x86_64-linux.default
  ];

  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "yes";
      X11Forwarding = true;
      # This server is connected to the internet!  Port 22 is open!!
      # Aagghhhh!!!  Stay safe!
      PasswordAuthentication = false;
    };
  };

  # TODO: Move to defaults.
  users.mutableUsers = false;

  # This option defines the first version of NixOS you have installed on this
  # particular machine, and is used to maintain compatibility with application
  # data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any
  # reason, even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are
  # pulled from, so changing it will NOT upgrade your system - see
  # https://nixos.org/manual/nixos/stable/#sec-upgrading for how to actually do
  # that.
  #
  # This value being lower than the current NixOS release does NOT mean your
  # system is out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes
  # it would make to your configuration, and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or
  # https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "24.05"; # Did you read the comment?
}