{
  lib,
  config,
  ...
}: {
  networking.domain = lib.consts.mainDomain;

  system.stateVersion = "23.05";

  # Share NixOS store for efficiency
  microvm = {
    storeOnDisk = false;
    shares = [
      {
        tag = "ro-store";
        source = "/nix/store";
        mountPoint = "/nix/.ro-store";
      }
    ];
  };

  microvm = {
    # Hypervisor setup
    hypervisor = "qemu";
    socket = "control.socket";

    # Trusted bridge setup
    interfaces = [
      {
        type = "tap";
        id = "vm-${config.networking.hostName}";
        mac = "02:00:00:00:00:01";
      }
    ];
  };

  # If this isn't set, then every system changes whenever a commit is made
  # Which is super annoying
  nix.registry = lib.mkForce {};

  # SSH Access
  services.openssh = {
    enable = true;
    openFirewall = true;
    settings.PermitRootLogin = "prohibit-password";
  };
  users.users.root.openssh.authorizedKeys.keys = [lib.consts.rootPubKey];

  # Swap file
  # swapDevices = [
  #   {
  #     device = "/swapfile";
  #     size = builtins.floor (config.microvm.mem * 0.5);
  #   }
  # ];
}