{ config, lib, pkgs, modulesPath, desktop, username, ... }: {
  imports = [ 
    ./disks.nix
    ./xinetd.nix
    ./wireguard.nix
  ];
  
  # Distributed Builds
  nix.distributedBuilds = true;
  nixpkgs.config.allowUnfree = false;

  boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "iptable_nat" "iptable_filter" "xt_nat" ];
  boot.extraModulePackages = [ ];
  virtualisation.hypervGuest.enable = true;

  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  time.timeZone = "Asia/Tokyo";
  networking.hostName = "osaka-vultr-01";
  
  # networking.firewall.allowedTCPPorts = [ 22 ];

  # Generic Tailscale configs are in /nixos/common/services/tailscale.nix  
  # Set up the secrets file:
  sops.secrets."tailscale_keys/osaka-vultr-01" = {
    owner = "root";
    sopsFile = ../../../secrets/tailscale.yaml;
    restartUnits = [ 
      "tailscaled.service"
      "tailscaled-autoconnect.service" 
    ];
  };
  services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/osaka-vultr-01";
  services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
}