{ inputs, config, lib, pkgs, modulesPath, desktop, username, hostname, platform, ... }: {
  imports = [ 
    inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
    (modulesPath + "/installer/scan/not-detected.nix")
    ../../common/modules/secureboot.nix
    ../../common/modules/udev-rules.nix
    ../../common/services/fwupd.nix
    ../../common/modules/ssh-luks.nix
    ../../common/services/docker.nix
    ../../common/services/tailscale-autoconnect.nix
    ./disks.nix
    ./builder.nix
    ./wireguard.nix
    ./cron.nix
    ./firewall.nix
  ];

    environment.systemPackages =  [
      inputs.deploy-rs.packages.${platform}.deploy-rs
      pkgs.distrobox
    ];

  # backups-rpi4 cron job to back up sysctl.io's Docker files 
  users.users.root.openssh.authorizedKeys.keys = [ ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKp2wgqFcr0LGaUXbom88/zK2631pysePUWIaCMljT0K root@backups-rpi4'' ];
  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

  # steam, etc
  nixpkgs.config.allowUnfree = true;

  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "sd_mod" "uas" ];
  boot.initrd.kernelModules = [ "r8152" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];

  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  # Set your time zone.
  time.timeZone = "Asia/Tokyo";

  # Set the networking hostname:
  networking.hostName = "framework-server";
  networking.firewall.allowedTCPPorts = [ 22 ];

  services.tailscale.extraUpFlags = [ 
    "--advertise-exit-node" 
    "--advertise-routes=10.2.0.0/24" 
  ];

  boot.kernel.sysctl = { 
    "net.ipv4.ip_forward" = true; 
  };
}