{
  nixpkgs,
  config,
  pkgs,
  ...
}:
let
  cfg = config.machine;
in
{
  imports = [ "${nixpkgs}/nixos/modules/installer/scan/not-detected.nix" ];

  boot = {
    loader.systemd-boot = {
      enable = true;
      #      signed = true;
      #      signing-key = "${cfg.secretPath}/secureboot/db.key";
      #      signing-certificate = "${cfg.secretPath}/secureboot/db.crt";
    };
    loader.efi.canTouchEfiVariables = true;
    tmp = {
      useTmpfs = true;
      cleanOnBoot = true;
    };

    kernelPackages = pkgs.linuxPackages_latest;
    initrd.availableKernelModules = [
      "xhci_pci"
      "ahci"
      "sd_mod"
      "rtsx_pci_sdmmc"
    ];
    kernelModules = [
      "acpi_call"
      "i915"
      "kvm-intel"
      "uinput"
    ];
    # 5_10 breaks my touchpad/mouse buttons
    # https://bbs.archlinux.org/viewtopic.php?id=254885
    # maybe modprobe hid_rmi or i2c_i801
    # blacklistedKernelModules = [ "i2c_i801" ];
    extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; # pkgs.gitpkgs.linuxPackages_latest.hid-nintendo ];
    kernelParams = [ "intel_iommu=on" ];
    extraModprobeConfig = ''
      options i915 enable_fbc=1 enable_guc=3
    '';
    kernel.sysctl = {
      "kernel.nmi_watchdog" = 0;
      "fs.inotify.max_user_watches" = 524288;
      "vm.dirty_writeback_centisecs" = 1500;
    };
  };

  fileSystems."/" = {
    device = "/dev/disk/by-uuid/b37b48a8-5dcb-4f4d-ad71-1b26500b3e5f";
    fsType = "ext4";
  };

  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/546A-A3D1";
    fsType = "vfat";
  };

  hardware = {
    firmware = with pkgs; [ firmwareLinuxNonfree ];
    cpu.intel.updateMicrocode = true;
    enableAllFirmware = false;
    ksm.enable = true;
    graphics = {
      extraPackages = with pkgs; [ (intel-vaapi-driver.override { enableHybridCodec = true; }) ];
      extraPackages32 = with pkgs.pkgsi686Linux; [
        (intel-vaapi-driver.override { enableHybridCodec = true; })
      ];
    };

    pulseaudio = {
      enable = true;
      support32Bit = true;
      package = pkgs.pulseaudioFull;
      zeroconf.discovery.enable = false;
      extraClientConf = ''
        autospawn = no
      '';
    };

    bluetooth = {
      enable = true;
      powerOnBoot = true;
    };
  };

  powerManagement = {
    enable = true;
    cpuFreqGovernor = "powersave";
  };
  services = {
    upower.enable = true;
    xserver.videoDrivers = [ "intel" ];
  };
  environment.variables.LIBVA_DRIVER_NAME = "i915";
  time.timeZone = "Europe/Berlin";
}