{ config, lib, pkgs, ... }:
{
  networking.firewall.allowedTCPPorts = [ ]; # socks proxy
  imports = [
    ../config/desktop.nix
    ../config/laptop.nix
    ../config/yubikey.nix
    ../config/thinkpad.nix
    # ../config/ap.nix
    # ../config/pxe.nix
  ];

  networking = {
    hostName = "pincer";
  };

  # services.displayManager.slim.enable = lib.mkForce false;
  # services.xserver.desktopManager.kodi.enable = true;

  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    kernelModules = ["xpad"];

    initrd.luks.devices = {
      cryptroot = {
        device = "/dev/sda6";
        allowDiscards = true;
      };
    };

    extraModprobeConfig = ''
      # option iwlwifi swcrypto=1
      options iwlmvm power_scheme=1
    '';
  };

  fileSystems = {
    "/boot" = {
      mountPoint = "/boot";
      device = "/dev/sda1";
      fsType = "vfat";
    };
    "/" = {
      mountPoint = "/";
      device = "/dev/mapper/cryptroot";
      fsType = "btrfs";
      options = ["subvol=active/nixos-root" "discard" "compress=lzo"];
    };
    "/btrfs" = {
      mountPoint = "/btrfs";
      device = "/dev/mapper/cryptroot";
      fsType = "btrfs";
      options = ["discard" "compress=lzo"];
    };
  };
  
  systemd.extraConfig = "DefaultLimitNOFILE=1048576";
  
  security.pam.loginLimits = [{
      domain = "*";
      type = "hard";
      item = "nofile";
      value = "1048576";
  }];
}