{
  config,
  lib,
  pkgs,
  apple-silicon,
  ...
}:

{
  nixpkgs.overlays = [ apple-silicon.overlays.apple-silicon-overlay ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = false;

  hardware.asahi.useExperimentalGPUDriver = true;
  hardware.asahi.extractPeripheralFirmware = true;

  networking.hostName = "homeserver";
  networking.networkmanager.enable = true;

  users.groups.media = { };
  users.users.media = {
    group = "media";
    isNormalUser = true;
  };

  services.xserver.xkb.layout = "us";

  services.audiobookshelf = {
    enable = true;
    group = "media";
    host = "0.0.0.0";
    openFirewall = true;
    port = 8000;
    user = "media";
  };

  services.avahi = {
    enable = true;
    publish = {
      enable = true;
      addresses = true;
      workstation = true;
    };
  };

  services.calibre-server = {
    enable = true;
    extraFlags = [ "--enable-local-write" ];
    group = "media";
    libraries = [ "/srv/books" ];
    openFirewall = true;
    port = 8585;
    user = "media";
  };

  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;
    settings.PermitRootLogin = "no";
  };

  services.tailscale = {
    enable = true;
    useRoutingFeatures = "server";
  };

  networking.firewall.allowedTCPPorts = [ 22 ];
  networking.firewall.allowedUDPPorts = [ ];

  system.stateVersion = "25.11";
}