{config, lib, ...}:
{
  # Use the systemd-boot EFI boot loader.
  boot = {
    loader = {
      systemd-boot.enable = true;
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot/efi";
      };
    };
    initrd = {
      network = {
        enable = true;
        ssh = {
          enable = true;
          port = 22;
          authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
          hostKeys = [
            "/boot/efi/initrd_id_ed25519"
            "/boot/efi/initrd_id_rsa4096"
          ];
        };
      };
      systemd = {
        enable = true;
        network.enable = true;
        network.networks.enp1s0 = config.systemd.network.networks.enp1s0;
        targets.initrd.wants = [
          "systemd-networkd-wait-online@enp1s0.service"
        ];
        users.root.shell = "/bin/systemd-tty-ask-password-agent";
      };
      availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "virtio_pci" "r8169" ];
      kernelModules = [ "dm-snapshot" ];
      luks.devices."backstage" = {
        preLVM = true;
        device = "/dev/disk/by-uuid/7f3ccd2d-8022-491e-baa1-675805919fd7";
      };
    };
    kernelModules = [ "kvm-intel" ];
    kernelParams = [
      "zfs.zfs_arc_max=1024000000"
      "intel_iommu=on"
      "pci=assign-busses"
    ];
#    extraModprobeConfig = ''
#      options ixgbe max_vfs=4 allow_unsupported_sfp=1 debug=2
#    '';
  };
}