{ hostName, inputs, pkgs, options, lib, ... }:

{
  # No server/router runs any untrusted user code
  boot.kernelParams = [ "mitigations=off" ];
  # Includes wireguard
  boot.kernelPackages = pkgs.linuxPackages_latest;

  nix = {
    package = pkgs.nixFlakes;
    extraOptions = "experimental-features = nix-command flakes";
    registry = {
      nixpkgs.flake = inputs.nixpkgs;
      zentralwerk-network.flake = inputs.self;
    };
  };

  documentation = {
    enable = false;
    nixos.enable = false;
  };

  environment.systemPackages = with pkgs; [
    vim screen git wget psmisc
    tcpdump iputils bridge-utils mtr traceroute
    dhcpcd ethtool
  ];

  networking.hostName = hostName;

  users.users.root.initialHashedPassword = "";

  # for vm-packages
  virtualisation = lib.optionalAttrs (builtins.hasAttr "qemu" options.virtualisation) {
    memorySize = 8192;
    msize = 65536;
    cores = 4;
    diskSize = 8192;
    writableStore = true;
    writableStoreUseTmpfs = false;
    qemu.options = [ "-enable-kvm" ];
  };

  system.stateVersion = "20.09";
}