{
  pkgs,
  auxiliaryPkgs,
  ...
}:

{
  imports = [
    ../modules/common.nix

    ../modules/gnome.nix
    ../modules/fonts.nix
    ../modules/flatpak.nix
    ../modules/libreoffice.nix
    ../modules/electronics.nix
    ../modules/hardware-keys.nix
  ];

  services = {
    sysprof.enable = true;
    tailscale = {
      enable = true;
      useRoutingFeatures = "both";
      extraUpFlags = [ "--ssh" ];
    };
    mullvad-vpn.enable = true;
  };

  programs = {
    # TODO: pull out gaming related configuration (like steam) into a seperate module.
    steam = {
      enable = true;
      remotePlay.openFirewall = true;
    };
    virt-manager.enable = true;

    ghidra = {
      enable = true;
      package = auxiliaryPkgs.ghidra;
      gdb = true;
    };

    wireshark = {
      enable = true;
      dumpcap.enable = true;
      usbmon.enable = true;
    };

    adb.enable = true;
  };

  # on desktop machines (a.k.a. minerals) we only use tailscale ssh
  # for access, so we don't generally have normal host keys, and
  # have to grab the ones tailscale uses.
  age.identityPaths = [ "/var/lib/tailscale/ssh/ssh_host_ed25519_key" ];

  environment.etc.openvpn.source = "${pkgs.update-resolv-conf}/libexec/openvpn";
}