{
  lib,
  config,
  modulesPath,
  ...
}:
{
  imports = [
    (modulesPath + "/profiles/minimal.nix")
  ];
  boot.loader.grub.enable = false;
  boot.initrd.systemd.enable = true;
  networking.useNetworkd = true;
  networking.nftables.enable = config.networking.firewall.enable || config.networking.nat.enable;
  fileSystems."/".fsType = lib.mkDefault "tmpfs";
  networking.hostName = lib.mkDefault "base";

  systemd.sysusers.enable = false;
  services.userborn.enable = true; # nikstur it

  nix.enable = false;
  services.logrotate.enable = false;
  services.udisks2.enable = false;
  system.tools.nixos-generate-config.enable = false;
  systemd.coredump.enable = false;
  powerManagement.enable = false;
  boot.kexec.enable = false;
  system.switch.enable = false;
  services.resolved.enable = false;

  systemd.services.generate-shutdown-ramfs.enable = lib.mkForce false;
  systemd.services.systemd-remount-fs.enable = lib.mkForce false;
  systemd.services.systemd-pstore.enable = lib.mkForce false;
  systemd.services.lastlog2-import.enable = lib.mkForce false;
  # systemd.services.suid-sgid-wrappers.enable = lib.mkForce false;
}