{ inputs, self, pkgs, pkgs-unstable, ... }: {
  networking.hostName = "stronghold";
  networking.hostId = "c581a1cd";

  imports = [
    inputs.disko.nixosModules.default
    inputs.lix-module.nixosModules.default
    inputs.home-manager.nixosModules.home-manager

    # Core Features
    ../../nixos/features/base.nix
    ../../nixos/features/tui-apps.nix
    ../../nixos/features/openssh-server.nix

    # Core Tweaks
    ../../nixos/tweaks/zram.nix
    ../../nixos/tweaks/enable_flakes.nix
    ../../nixos/tweaks/systemd-resolved_nonsense.nix

    # Dotspace
    ../../dotspace/configuration.nix
    ../../nixos/features/stronghold-binary-cache.nix

    # Users
    ../../users/lauren_lagarde/configuration.nix

    # Docker Host Stuff
    ../../nixos/tweaks/disable_firewall.nix
    ../../nixos/features/virtualization/docker.nix

    ../../secrets/dotspace.nix

    # Local Config
    #./gatus.nix
    #./haproxy.nix
    ./wireguard.nix
  ];

  ##############################################################################
  ##############################################################################
  ##############################################################################
  # Services

  services.smartd.enable = lib.mkForce false;

  virtualisation.oci-containers.backend = "docker";
  virtualisation.oci-containers.containers = {
    dozzle = {
      image = "amir20/dozzle:latest";
      ports = [ "10.86.84.3:9999:8080" ];
      volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
    };
  };

  ##############################################################################
  ##############################################################################
  ##############################################################################
  # Networking

  # To generate keys:
  # sudo mkdir -p /root/wireguard && wg genkey | sudo tee /root/wireguard/dotspace.priv | wg pubkey

  networking.useNetworkd = true;
  systemd.network = {
    enable = true;

    # TODO: Interfaces
  };

  ##############################################################################
  # Tinc

  sops.secrets."dotspace/stronghold/keys/tinc/ed25519_key.priv" = { sopsFile = ./secrets.yaml; };

  systemd.network.networks."90-tinc-dotspace" = {
    matchConfig.Name = "tinc.dotspace";
    address = [ "10.86.84.2/32" ]; # TODO: 2?
    routes = [ { Destination = "10.86.84.0/24"; } ];
  };

  services.tinc.networks.dotspace = {
    name = "stronghold";
    ed25519PrivateKeyFile = "/run/secrets/dotspace/stronghold/keys/tinc/ed25519_key.priv";

    chroot = false;
    settings.ConnectTo = [ "fortress" ];
  };
}