{ lib, pkgs, ... }:

{
  boot.kernelParams = [ "console=ttyS0,115200n8" ];
  boot.initrd.availableKernelModules = [
    "ahci"
    "sr_mod"
    "virtio_blk"
    "virtio_net"
    "virtio_pci"
    "virtio_scsi"
    "xhci_pci"
  ];

  networking.firewall.enable = false;
  networking.useDHCP = lib.mkForce false;
  networking.dhcpcd.enable = lib.mkForce false;
  networking.usePredictableInterfaceNames = false;

  systemd.network = {
    enable = true;
    wait-online.enable = true;
    networks."10-eth0" = {
      matchConfig.Name = "eth0";
      networkConfig.DHCP = "yes";
      linkConfig.RequiredForOnline = "routable";
    };
  };

  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "prohibit-password";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
  };

  users.users.root.openssh.authorizedKeys.keys = [ ];

  nix.registry = lib.mkForce { };
  nix.nixPath = lib.mkForce [ ];
  nix.channel.enable = false;
  nix.settings = {
    experimental-features = [
      "nix-command"
      "flakes"
    ];
    flake-registry = "";
  };
  nixpkgs.flake = {
    source = lib.mkForce null;
    setFlakeRegistry = lib.mkForce false;
    setNixPath = lib.mkForce false;
  };

  documentation.enable = false;
  documentation.nixos.enable = false;
  documentation.man.enable = false;
  documentation.info.enable = false;
  documentation.doc.enable = false;

  environment.systemPackages = with pkgs; [
    curl
    jq
  ];

  systemd.services.ultracloud-baremetal-postinstall-marker = {
    description = "Emit a canonical post-install marker for bare-metal QEMU smoke";
    wantedBy = [ "multi-user.target" ];
    after = [ "network-online.target" ];
    wants = [ "network-online.target" ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      StandardOutput = "journal+console";
      StandardError = "journal+console";
    };
    script = ''
      hostname="$(tr -d '\n' </etc/hostname)"
      role="$(cat /etc/ultracloud-role)"
      echo "ULTRACLOUD_MARKER post-install.boot.$hostname.$role"
    '';
  };

  system.stateVersion = "24.11";
}