{ inputs, config, lib, pkgs, modulesPath, hostname, username, system, ... }: {
  imports = [ 
    (modulesPath + "/installer/scan/not-detected.nix")
    ../../common/services/tailscale-autoconnect.nix
    ../../common/modules/secureboot.nix
    ../../common/modules/ssh-luks.nix
    ../../common/services/podman.nix
    ./disks.nix
    ./mounts.nix
    ./cron.nix
  ];

    environment.systemPackages =  [
      inputs.deploy-rs.packages.${system}.deploy-rs
    ];

  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "sd_mod" "uas" ];
  boot.initrd.kernelModules = [ "r8152" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];

  networking.useDHCP = lib.mkDefault true;
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  # Set your time zone.
  time.timeZone = "America/Los_Angeles";

  # Set the networking hostname:
  networking.hostName = "nuc-server";
  networking.firewall.allowedTCPPorts = [ 22 ];

  services.tailscale.extraUpFlags = [ 
    "--advertise-exit-node" 
    "--advertise-routes=10.2.0.0/24,192.168.1.13/32,192.168.1.14/32" 
  ];
}