{ pkgs, ... }: {
  imports = [
    # Base Config
    ../../features/base.nix
    ../../features/headless.nix

    # Features
    ../../features/br0.nix
    ../../features/dockge.nix
    ../../features/docker.nix
    ../../features/libvirt.nix

    # Tweaks
    ../../tweaks/zfs.nix
    ../../tweaks/zram.nix
    ../../tweaks/disable_firewall.nix
    ../../tweaks/systemd-resolved_nonsense.nix

    # Dotspace
    ../../secrets/dotspace.nix

    # Users
    ../../users/lauren_lagarde/lauren_lagarde.nix
    ../../users/ashley_funkhouser/ashley_funkhouser.nix
  ];

  ##############################################################################
  ##############################################################################
  ##############################################################################
  # Bootloader / Kernel

  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.grub = {
    enable = true;
    zfsSupport = true;
    efiSupport = true;
  };

  ##############################################################################
  ##############################################################################
  ##############################################################################
  # Local Filesystems

  fileSystems = {
    "/" = {
      device = "bastion-root/root";
      fsType = "zfs";
    };
  };

  ##############################################################################
  ##############################################################################
  ##############################################################################
  # Services

  services.cron = {
    enable = true;
    mailto = "";
    systemCronJobs = [
      "* * * * *	lauren_lagarde		/home/lauren_lagarde/bin/PublishStats > /dev/null"
    ];
  };

  services.samba = {
    enable = true;
    openFirewall = true;
    settings = {
      Frigate = {
        path = "/exports/Frigate";
        comment = "NVR Local Storage";
        writable = "yes";
        browseable = "yes";

        "force user" = "nobody";
        "force group" = "users";

        "create mask" = "775";
        "force create mode" = "775";
        "security mask" = "775";
        "force security mode" = "775";

        "directory mask" = "2775";
        "force directory mode" = "2775";
        "directory security mask" = "2775";
        "force directory security mode" = "2775";
      };

      MyBook = {
        path = "/exports/MyBook";
        comment = "External Storage";
        writable = "yes";
        browseable = "yes";

        "force user" = "nobody";
        "force group" = "users";

        "create mask" = "775";
        "force create mode" = "775";
        "security mask" = "775";
        "force security mode" = "775";

        "directory mask" = "2775";
        "force directory mode" = "2775";
        "directory security mask" = "2775";
        "force directory security mode" = "2775";
      };
    };
  };

  ##############################################################################
  ##############################################################################
  ##############################################################################
  # System Users

  users.users = {
    bastion = {
      isNormalUser = true;
      extraGroups = [ "wheel" ];
      initialHashedPassword = "$y$j9T$WThHVbTQdHbv4mI0m4EjK/$LA.4Uf95jD/rJpLVf0kbfH0wFBj4FHCimV6xiDfLOD/";
    };
    dotspace = {
      isNormalUser = true;
      shell = pkgs.shadow;
      initialHashedPassword = "$y$j9T$cH1b/0aafCTaHyWigarb70$bS6WFrbYV4xUZwVtqDCepydOhEol1DqmokBfkGmvRcA";
    };
  };
}