{ lib
, pkgs
, ... }: {
  global = {
    id = "ff96c05be13e44f681292205370eed1a";
    auth.openssh.enable = true;
    fs.esp.uuid = "C368-7571";
    fs.type = "zfs";
    fs.zfs.externalStore = true;
    fs.external.device = "/dev/disk/by-uuid/d9202e56-a14f-4342-acdb-dbae33d680fc";
    fs.external.fsType = "xfs";
    fs.external.options = [ "noatime" ];
    fs.cryptsetup.enable = true;
    fs.cryptsetup.allowDiscards = false;
    fs.cryptsetup.uuids.secret = "c33c9b18-a280-42d7-8740-3f8d3f60dc43";
    boot.lanzaboote = true;
    acme.enable = true;
    oci.enable = true;
  };

  services.fstrim.enable = true;
  boot.swraid.enable = true;
  boot.swraid.mdadmConf = ''
    PROGRAM /usr/bin/true
  '';
  fileSystems."/nix/var/secret" =
  { device = "/dev/disk/by-uuid/1404c4f1-b890-4cf0-ab8a-26bd81bd2254";
    fsType = "ext4";
    options = [ "noatime" ];
    neededForBoot = true;
    depends = [ "/nix/var" ];
  };
  boot.initrd.systemd.services.zfs-import-eientei.after = [ "cryptsetup.target" ];

  networking.proxy = {
    allProxy = "socks5://192.168.1.253:1080";
    noProxy = "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.1,localhost,.localdomain";
  };

  imports = lib.pipe ./. [
    builtins.readDir
    (lib.filterAttrs (n: ty: ty == "regular" && n != "default.nix"))
    (lib.mapAttrsToList (n: _: ./${n}))
  ];

  hardware.enableRedistributableFirmware = true;
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ "i915" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  networking.firewall.allowedTCPPorts = [ 25565 ];
  environment.systemPackages = with pkgs; [ python3 ];
}