{ lib, ... }:
{
  users.users.tlater.password = "insecure";

  # Disable graphical tty so -curses works
  boot.kernelParams = [ "nomodeset" ];

  networking.hostName = "testvm";
  # Sets the base domain for nginx to a local domain so that we can
  # easily test locally with the VM.
  services.nginx.domain = "dev.local";

  # Use the staging secrets
  sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml;

  systemd.network.networks."10-eth0" = {
    matchConfig.Name = "eth0";
    gateway = [
      "192.168.9.1"
    ];
    networkConfig = {
      Address = "192.168.9.2/24";
    };
  };

  # Don't run this
  services.batteryManager.enable = lib.mkForce false;

  # Both so we have a predictable key for the staging env, as well as
  # to have a static key for decrypting the sops secrets for the
  # staging env.
  environment.etc."staging.key" = {
    mode = "0400";
    source = ../../keys/hosts/staging.key;
  };

  services.openssh.hostKeys = lib.mkForce [
    {
      type = "rsa";
      bits = 4096;
      path = "/etc/staging.key";
    }
  ];

  virtualisation.vmVariant = {
    virtualisation = {
      memorySize = 3941;
      cores = 2;
      graphics = false;
    };

    virtualisation.qemu = {
      networkingOptions = lib.mkForce [
        "-device virtio-net,netdev=n1"
        "-netdev bridge,id=n1,br=br0,helper=$(which qemu-bridge-helper)"
      ];
    };
  };
}