{
  lib,
  pkgs,
  inputs,
  ...
}:
{
  imports = [
    ../../common/encrypted-btrfs-layout.nix
    ../../common/global
    ./hardware.nix
  ];

  diskLayout = {
    mainDiskDevice = "/dev/disk/by-id/ata-FORESEE_512GB_SSD_MP15B03900928";
    #keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777660586-0:0";
    keyDiskDevice = "/dev/sdb";
  };

  networking.hostName = "chilly";
  services.tailscaleAutoconnect.authkey = "tskey-auth-kRXS9oPyPm11CNTRL-BE6YnbP9J6ZZuV9dHkX17ZMnm1JGdu93";
  services.consul.interface.advertise = lib.mkForce "br0";

  networking.useNetworkd = true;
  systemd.network.enable = true;
  # not useful and potentially a security loophole
  services.resolved.llmnr = "false";

  systemd.network.netdevs."10-br0" = {
	netdevConfig = {
	  Name = "br0";
	  Kind = "bridge";
      # when switching to DHCP, fill this in with value from enp1s0 or something made up starting with 02:
      # MACAddress = "";
	};
  };

  systemd.network.networks."20-enp1s0" = {
	matchConfig.Name = "enp1s0";
	networkConfig.Bridge = "br0";
  };

  systemd.network.networks."30-br0" = {
	matchConfig.Name = "br0";
	networkConfig = {
      # TODO: use DHCP. Would need a hardcoded MAC (see above)
	  Address = [ "192.168.1.5/24" ];
	  Gateway = [ "192.168.1.1" ];
	  DNS = [ "192.168.1.1" ];
      # DHCP = "yes";
	};
  };

  virtualisation.libvirtd = {
    enable = true;
    allowedBridges = [ "br0" ];
  };

  systemd.services.hassos = {
    description = "Home Assistant OS VM";
    wantedBy = [ "multi-user.target" ];
    script = ''
      ${pkgs.qemu}/bin/qemu-system-x86_64 -bios ${pkgs.OVMF.fd}/FV/OVMF.fd -name 'hassos' -enable-kvm -cpu host -m 16384 -smp 4 -drive 'if=virtio,file=/persist/hassos/disk-drive-sata0.raw,format=raw' -nic 'bridge,br=br0,mac=1E:DD:78:D5:78:9A' -device qemu-xhci,id=xhci -device usb-host,bus=xhci.0,vendorid=0x0658,productid=0x0200 -device usb-host,bus=xhci.0,vendorid=0x10c4,productid=0xea60 -nographic -serial telnet:localhost:4321,server=on,wait=off -monitor telnet:localhost:4322,server=on,wait=off
      '';
    preStop = ''
      echo 'system_powerdown' | ${pkgs.netcat-gnu}/bin/nc localhost 4322
      sleep 10
      '';
  };

  environment.systemPackages = with pkgs; [
    qemu
    inetutils # for telnet to qemu
    usbutils
  ];

  users.users.ppetru.extraGroups = [ "libvirtd" ];
}