{
  self,
  config,
  pkgs,
  lib,
  modulesPath,
  ...
}: {
  imports = [
    ../../../mixin/cache.nix
    ../../../mixin/common.nix
    ../../../mixin/kmscon.nix
    ../../../mixin/nix.nix
    ../../../mixin/motd.nix
    ../../../mixin/sops.nix
    ../../../mixin/users.nix

    ./attic.nix
    ./knot.nix
    ./mastodon.nix
    ./ssh.nix
    ./tor.nix
    ./radicle.nix
    ./grafana.nix
    ./victorialogs.nix
    ./files.nix

    ./bootstrap

    (modulesPath + "/profiles/qemu-guest.nix")
  ];

  systemd.network.networks."10-hetzner".address = [
    # IPv6 address is statically configured, see Hetzner dashboard.
    "2a01:4f9:c011:b666::1/128"
  ];

  fileSystems =
    (builtins.listToAttrs (map
      ({
        subvol,
        mountpoint ? "/${subvol}",
      }: {
        name = mountpoint;
        value = {
          device = "/dev/disk/by-uuid/e55dc01e-ecab-4cd2-ad08-e773615f36fd";
          fsType = "btrfs";
          options = ["compress=zstd" "discard=async" "noatime" "subvol=${subvol}"];
        };
      }) [
        {
          mountpoint = "/";
          subvol = "root";
        }
        {subvol = "home";}
        {subvol = "nix";}
      ]))
    // {
      "/boot" = {
        device = "/dev/disk/by-uuid/5d17c66f-46fc-484d-be63-b21786e61af9";
        fsType = "ext2";
      };
    };

  boot = {
    loader.grub = {
      enable = true;
      efiSupport = false;
      device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_30473871";
    };

    initrd.availableKernelModules = [
      "ata_piix"
      "uhci_hcd"
      "virtio_pci"
      "sr_mod"
      "virtio_blk"

      "ahci"
      "xhci_pci"
      "virtio_scsi"
      "sd_mod"
    ];
  };

  networking = {
    domain = "radicle.dev";
    hostName = "seed";
    useDHCP = false;

    firewall = {
      allowedTCPPorts = [
        22 # ssh
        80 # http
        443 # https
        3000 # grafana
        8776 # radicle-node
      ];

      allowedUDPPorts = [
        443 # http3
      ];
    };
  };

  networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
}