{
  config,
  pkgs,
  lib,
  ...
}: let
  choose = paths: lib.findFirst builtins.pathExists null paths;

  # Dummy filesystem config for dry-run evaluation
  dummyFileSystems = {
    fileSystems."/" = {
      device = "/dev/disk/by-label/nixos";
      fsType = "ext4";
    };
  };
in {
  options.local = {
    hostname = lib.mkOption {
      type = lib.types.str;
      default = "nixos-default";
      description = "System hostname";
    };
    username = lib.mkOption {
      type = lib.types.str;
      default = "user";
      description = "Primary user username";
    };
    userDescription = lib.mkOption {
      type = lib.types.str;
      default = "NixOS User";
      description = "Primary user description";
    };
    address = lib.mkOption {
      type = lib.types.str;
      default = "10.1.1.100";
      description = "Static IP address";
    };
  };

  imports =
    lib.filter (x: x != null) [
      (choose [./modules/local/hostname_username.nix ../local/hostname_username.nix])
      (choose [./modules/local/networking_local.nix ../local/networking_local.nix])
      (choose [./modules/bootloader/seabios-assigned-iso-at-birth.nix ../bootloader/seabios-assigned-iso-at-birth.nix])
      (choose [./modules/lix-default.nix ../lix-default.nix])
      (choose [./modules/secrets-config/sops-the-blank-system.nix ../secrets-config/sops-the-blank-system.nix])
    ]
    # TODO: Make this more clean, migrate over to seabios-assigned-iso-at-birth.nix?
    #++ lib.optional (builtins.pathExists ./hardware-configuration.nix) ./hardware-configuration.nix
    #++ lib.optional (!builtins.pathExists ./hardware-configuration.nix) dummyFileSystems
    ;
  config = {
    local.hostname = "nixos-grametheus";
    local.username = "prglogs";
    local.userDescription = "NixOS PRG Grafana Prometheus Service";
    local.address = "10.1.1.10";

    system.stateVersion = "25.11";

    services.grafana = {
      enable = true;
      settings = {
        server = {
          http_addr = "100.71.227.33";
          http_port = 3000;
          #enforce_domain = true;
          enable_gzip = true;
          domain = "grafana.prg-radio.org";

          # Alternatively, if you want to serve Grafana from a subpath:
          # domain = "your.domain";
          # root_url = "https://your.domain/grafana/";
          # serve_from_sub_path = true;
        };

        # Prevents Grafana from phoning home
        #analytics.reporting_enabled = false;
      };
    };

    services.prometheus = {
      enable = true;
      port = 9001;

      exporters.node = {
        enabledCollectors = [
          "ethtool"
          "softirqs"
          "systemd"
          "tcpstat"
        ];
        enable = true;
        port = 9002;
      };
      globalConfig.scrape_interval = "10s"; # "1m"
      scrapeConfigs = [
        {
          job_name = "node";
          static_configs = [
            {
              targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];
            }
          ];
        }
      ];
    };

    #services.loki = {
    #   enable = true;
    #
    #  configuration = {
    #    auth_enabled = false;
    #     server.http_listen_port = 3100;
    #
    #     # etc.
    #   };

    # or alternatively
    #configFile = ./loki-config.yaml;
    # };

    # Enable Tailscale for remote access to Traefik dashboard and configuration
    services.tailscale.enable = true;

    networking.firewall.allowedTCPPorts = [3005];
    networking.firewall.allowedUDPPorts = [3005];
  };
}