{ inputs, config, lib, pkgs, modulesPath, system, ... }: {
  imports = [ 
    inputs.nixos-hardware.nixosModules.framework-13th-gen-intel
    (modulesPath + "/installer/scan/not-detected.nix")
    ../../common/modules/secureboot.nix
    ../../common/modules/udev-rules.nix
    ../../common/modules/builder.nix
    ../../common/services/fwupd.nix
    ../../common/modules/ssh-luks.nix
    ../../common/services/docker.nix
    ../../common/services/tailscale-autoconnect.nix
    # Disabling -- I don't know why but this all of a sudden breaks Headscale.  
    # Sep 12 2024
    # ../../common/modules/fail2ban/traefik.nix
    ./containers.nix
    ./disks.nix
    ./wireguard.nix
    ./cron.nix
    ./firewall.nix
  ];

  environment.systemPackages =  [
    inputs.deploy-rs.packages.${system}.deploy-rs
    pkgs.distrobox
  ];

  # backups-rpi4 cron job to back up sysctl.io's Docker files
  # osaka-linode-01 cron job to copy certs for the DERP relay
  # milan-linode-01 cron job to copy certs for the DERP relay
  # frankfurt-linode-01 cron job to copy certs for the DERP relay
  # warsaw-ovh-01 - copy /Storage
  users.users.root.openssh.authorizedKeys.keys = [ 
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKp2wgqFcr0LGaUXbom88/zK2631pysePUWIaCMljT0K root@backups-rpi4'' 
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkNFdEcYIrjss1Nz0tU/AX89hUMmxB/Vabvsa7A6E2K root@osaka-linode-01''
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORCrD/ZWXbAfi5eIN8b9dwuvMuPPTgpMiIFh1WagXV2 root@milan-linode-01''
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGXiWUR2T5HXQ4g/En+eJ9K6GSokl3tEK7RZcYb+0UA root@frankfurt-linode-01''
    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcGPkzFaSGd1q/oy/uP5zEoOuPNr1h17ifu7oj4DaYO root@warsaw-ovh-01''
  ];

  # Allow root login, but only with SSH keys
  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "thunderbolt" "sd_mod" "uas" ];
  boot.initrd.kernelModules = [ "r8152" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];

  networking.useDHCP = lib.mkDefault true;
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  # Set your time zone.
  time.timeZone = "Europe/Warsaw";

  # Set the networking hostname:
  networking.hostName = "framework-server";
  networking.firewall.allowedTCPPorts = [ 22 ];

  services.tailscale.extraUpFlags = [ 
    "--advertise-exit-node" 
    "--advertise-routes=10.2.0.0/24" 
  ];

  boot.kernel.sysctl = { 
    "net.ipv4.ip_forward" = true; 
  };
}