{
  config,
  pkgs,
  modulesPath,
  lib,
  ...
}:

{
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
    (modulesPath + "/virtualisation/proxmox-image.nix")
  ];

  options.my.vm = {
    name = lib.mkOption {
      type = lib.types.nonEmptyStr;
      example = "hello01";
      description = "Used for vm name and hostname";
    };

    iface = lib.mkOption {
      type = lib.types.nonEmptyStr;
      default = "ens18";
      example = "ens18";
      description = "Interface on which static IP is bound";
    };

    ip4 = lib.mkOption {
      type = lib.types.nonEmptyStr;
      example = "192.168.0.42";
      description = "Static IP for this VM";
    };
  };

  config =
    let
      cfg = config.my.vm;
    in
    {
      proxmox.qemuConf.name = cfg.name;
      virtualisation.diskSize = "auto";

      # Enable QEMU Guest for Proxmox
      services.qemuGuest.enable = lib.mkDefault true;

      # Use the boot drive for grub
      boot.loader.grub.enable = lib.mkDefault true;
      boot.loader.grub.devices = [ "nodev" ];

      boot.growPartition = lib.mkDefault true;

      # Allow remote updates with flakes and non-root users
      nix.settings.trusted-users = [
        "root"
        "@wheel"
      ];
      nix.settings.experimental-features = [
        "nix-command"
        "flakes"
      ];

      # Enable mDNS for `hostname.local` addresses
      services.avahi.enable = true;
      services.avahi.nssmdns4 = true;
      services.avahi.publish = {
        enable = true;
        addresses = true;
      };

      # Some sane packages we need on every system
      environment.systemPackages = with pkgs; [
        vim
        git # for pulling nix flakes
      ];

      # doing it here opens udp port _and_ installs package
      programs.mosh.enable = true;

      # Don't ask for passwords
      security.sudo.wheelNeedsPassword = false;

      # Don't use cloud-init
      services.cloud-init.network.enable = lib.mkForce false;
      networking = {
        hostName = cfg.name;
        nameservers = [ "192.168.0.1" ];
        interfaces.${cfg.iface} = {
          ipv4.addresses = [
            {
              address = cfg.ip4;
              prefixLength = 24;
            }
          ];
        };
        defaultGateway = {
          address = "192.168.0.1";
          interface = "${cfg.iface}";
        };
        defaultGateway6 = {
          address = "fe80::1";
          interface = "${cfg.iface}";
        };
      };

      # Enable ssh
      services.openssh = {
        enable = true;
        settings.PasswordAuthentication = false;
        settings.KbdInteractiveAuthentication = false;
      };
      programs.ssh.startAgent = true;

      # Enable prometheus metrics export
      networking.firewall.allowedTCPPorts = [ 9100 ];
      services.prometheus.exporters.node = {
        enable = true;
        port = 9100;
        enabledCollectors = [ "systemd" ];
      };

      # Add an admin user
      users.users.admin = {
        isNormalUser = true;
        description = "Robert Perce";
        extraGroups = [ "wheel" ];
      };

      users.users.admin.openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFTDd1G3ufe8lCEWMbMN+q83WrrS92+qrI2tOaMtit+q robert@aether"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdReqMvpgCuez7dTeSaMnHU/7gDal6/HH7c8m17M1hb rob@ereshkigal"
      ];

      # Default filesystem
      fileSystems."/" = lib.mkDefault {
        device = "/dev/disk/by-label/nixos";
        autoResize = true;
        fsType = "ext4";
      };

      fileSystems."/mnt/nfs" = lib.mkDefault {
        device = "192.168.0.3:/";
        fsType = "nfs";
      };

      system.stateVersion = lib.mkDefault "24.11";
    };
}