{ config, pkgs, ... }:

{
  # Bootloader: systemd-boot with EFI support
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # Use systemd-boot instead of GRUB
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  };

  boot.initrd = {
    supportedFilesystems = [ "ext4" ];
    luks.devices."cryptroot".device = "/dev/disk/by-partlabel/cryptroot";
  };

  fileSystems."/" = {
    device = "/dev/mapper/cryptroot";
    fsType = "ext4";
  };

  fileSystems."/boot" = {
    device = "/dev/disk/by-partlabel/ESP";
    fsType = "vfat";
  };

  swapDevices = [{
    device = "/swapfile";
    size = 4096;
  }];

  # Locale and timezone
  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_GB.UTF-8";

  # Enable SSH
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
    };
  };

  # Enable Docker
  virtualisation.docker.enable = true;

  # PipeWire for audio
  services.pipewire = {
    enable = true;
    pulse.enable = true;
  };

  # Bluetooth
  services.blueman.enable = true;
}