{ config, lib, pkgs, ... }:
{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  nixpkgs.config.allowUnfree = true;

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "jaglan-beta-m01"; # Define your hostname.

  time.timeZone = "Australia/Melbourne";

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  # environment.systemPackages = with pkgs; [
  #   vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #   wget
  # ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };

  # List services that you want to enable:
  services = {
    tailscale.enable = true;
    nomad = {
      enable = true;
      enableDocker = true;
      dropPrivileges = false;
      settings = {
        datacenter = "jaglan-beta";
        server = {
          enabled = true;
          bootstrap_expect = 1;
        };
        client = {
          enabled = true;
          host_volume = {
            traefik = {
              path = "/opt/traefik";
              read_only = false;
            };
          };
        };
        plugin.docker.config.allow_privileged = true;
      };
    };
    consul = {
      enable = true;
      webUi = true;
      interface.bind = "tailscale0"; # Bind to the Tailscale interface
      interface.advertise = "tailscale0"; # Advertise the Tailscale interface
      extraConfig  = {
        bootstrap_expect = 1;
        server = true;
        client_addr = "127.0.0.1 100.79.223.55";
        datacenter = "jaglan-beta";
      };
    };
    openssh = {
      enable = true;
      settings.PermitRootLogin = "yes";
    };
  };

  systemd.tmpfiles.rules = [
    # Fix issue where nomad needs alloc_mounts to be writable
    "d /var/lib/alloc_mounts 0755 root root -"
    # Create a directory for Traefik to store its data (tls certs, etc.)
    "d /opt/traefik 0755 root root -"
  ];

  # Open ports in the firewall. 464X are the default ports for Nomad.
  networking.firewall.allowedTCPPorts = [ 80 443 4646 4647 4648 ];

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  system.copySystemConfiguration = true;

  # Defines the initial NixOS version for compatibility with older application data.
  # Do NOT change this value after installation without careful consideration.
  system.stateVersion = "24.11"; # Did you read the comment?
}