{ config, pkgs, lib, modulesPath, ... }:

{
  imports = [
    "${modulesPath}/installer/netboot/netboot-minimal.nix"
  ];

  # Allow broken packages (ZFS is currently marked as broken)
  nixpkgs.config.allowBroken = true;

  # ============================================================================
  # NETWORKING CONFIGURATION
  # ============================================================================
  networking = {
    # Use predictable interface names (eth0 instead of enpXsY)
    usePredictableInterfaceNames = false;

    # Enable DHCP for automatic network configuration
    useDHCP = lib.mkDefault true;

    # Disable firewall during installation phase
    firewall.enable = false;

    # Enable IPv6
    enableIPv6 = true;
  };

  # ============================================================================
  # SSH CONFIGURATION FOR REMOTE PROVISIONING
  # ============================================================================
  services.openssh = {
    enable = true;
    settings = {
      # Allow root login for nixos-anywhere
      PermitRootLogin = "yes";

      # Disable password authentication (key-based only)
      PasswordAuthentication = false;

      # Enable public key authentication
      PubkeyAuthentication = true;
    };
  };

  # Provisioning SSH keys (replace with your actual keys in deployment)
  users.users.root.openssh.authorizedKeys.keys = [
    # Real provisioning key for T036 VM cluster deployment
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICaSw8CP4Si0Cn0WpYMhgdYNvsR3qFO0ZFiRjpGZXd6S centra@cn-nixos-think"
  ];

  # ============================================================================
  # KERNEL CONFIGURATION
  # ============================================================================
  boot = {
    # Use latest kernel for broad hardware support
    kernelPackages = pkgs.linuxPackages_latest;

    # Kernel parameters for serial console and logging
    kernelParams = [
      "console=ttyS0,115200"  # Serial console (ttyS0)
      "console=tty0"           # VGA console (tty0)
      "loglevel=4"             # Standard log level
    ];

    # Enable common filesystems (ZFS excluded - not needed for installer)
    supportedFilesystems = lib.mkForce [ "ext4" "xfs" "btrfs" ];

    # Load common storage modules
    initrd.availableKernelModules = [
      # SATA/AHCI
      "ahci"
      "ata_piix"

      # NVMe
      "nvme"

      # USB storage
      "usb_storage"
      "usbhid"

      # SCSI
      "sd_mod"
      "sr_mod"

      # RAID
      "dm_mod"
      "raid0"
      "raid1"
      "raid10"
      "raid456"

      # Network cards (for iSCSI/PXE)
      "e1000e"
      "igb"
      "ixgbe"
      "r8169"
    ];
  };

  # ============================================================================
  # SYSTEM PACKAGES FOR PROVISIONING
  # ============================================================================
  environment.systemPackages = with pkgs; [
    # Disk management tools
    disko            # Declarative disk partitioning
    parted           # Partition editor
    gptfdisk         # GPT partition tools (gdisk, sgdisk)

    # Encryption and volume management
    cryptsetup       # LUKS disk encryption
    lvm2             # Logical Volume Manager

    # Filesystem tools
    e2fsprogs        # ext4 utilities
    xfsprogs         # XFS utilities
    btrfs-progs      # Btrfs utilities
    dosfstools       # FAT/VFAT utilities (for EFI)

    # Network tools
    iproute2         # ip command
    ethtool          # Network interface configuration
    tcpdump          # Network debugging
    curl             # HTTP client
    wget             # HTTP client

    # System tools
    pciutils         # lspci for hardware detection
    usbutils         # lsusb for USB devices
    smartmontools    # Disk SMART monitoring
    hdparm           # Disk parameter tool

    # Debugging tools
    tmux             # Terminal multiplexer
    htop             # Process monitor
    iotop            # I/O monitor
    vim              # Text editor
  ];

  # ============================================================================
  # SYSTEM CONFIGURATION
  # ============================================================================
  # Disable documentation to reduce image size
  documentation.enable = false;
  documentation.nixos.enable = false;
  documentation.man.enable = false;
  documentation.info.enable = false;
  documentation.doc.enable = false;

  # Minimal locale support (en_US only)
  i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" ];
  i18n.defaultLocale = "en_US.UTF-8";

  # Set timezone to UTC
  time.timeZone = "UTC";

  # Enable serial console
  systemd.services."serial-getty@ttyS0" = {
    enable = true;
    wantedBy = [ "getty.target" ];
  };

  # ============================================================================
  # NIX CONFIGURATION
  # ============================================================================
  nix.settings = {
    # Enable flakes and nix-command
    experimental-features = [ "nix-command" "flakes" ];

    # Configure substituters (add local cache in production)
    substituters = [
      "https://cache.nixos.org"
    ];

    # Trusted public keys
    trusted-public-keys = [
      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
    ];
  };

  # ============================================================================
  # SYSTEM STATE VERSION
  # ============================================================================
  system.stateVersion = "24.11";
}