{
  lib,
  pkgs,
  config,
  modulesPath,
  specialArgs,
  ...
}: let
  hostname = specialArgs.hostname;
  enableSSH = specialArgs.enableSSH or true;
  _networking = lib.recursiveUpdate {hostName = hostname;} (specialArgs._networking or {});
  _boot = specialArgs._boot or {};
  _services = specialArgs._services or {};
  includeHardware = specialArgs.includeHardware or true;
  proj_root = builtins.toString ./../..;
in
  with lib; {
    imports =
      (
        if includeHardware
        then [
          "${proj_root}/hosts/${hostname}/hardware-configuration.nix"
        ]
        else []
      )
      ++ [
        "${modulesPath}/profiles/minimal.nix"
        "${proj_root}/modules/tailscale.sys.nix"
        "${proj_root}/modules/mosh.sys.nix"
      ];
    boot = _boot;

    # prune old builds
    nix.settings.auto-optimise-store = true;

    # Enable nix flakes
    nix.package = pkgs.nixFlakes;
    nix.extraOptions = ''
      experimental-features = nix-command flakes
    '';
    users.users.hungtr = {
      isNormalUser = true;
      home = "/home/hungtr";
      description = "pegasust/hungtr";
      extraGroups = ["wheel" "networkmanager" "audio"];
    };
    users.users.root = {
      # openssh runs in root, no? This is because port < 1024 requires root.
      openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root}/native_configs/ssh/authorized_keys");
    };

    # Some basic programs
    programs.neovim = {
      enable = true;
      defaultEditor = true;
    };

    programs.git = {
      enable = true;
      # more information should be configured under user level
      # See other config at @/home-nix
    };

    environment.systemPackages = [
      pkgs.gnumake
      pkgs.wget
      pkgs.inetutils # network diag
      pkgs.mtr # network diag
      pkgs.sysstat # sys diag
    ];
  }