{
  lib,
  pkgs,
  inputs,
  outputs,
  config,
  ...
}:
{
  imports = [
    inputs.home-manager.nixosModules.home-manager
    ./jawz.nix
    ../modules/modules.nix
  ];
  system.stateVersion = "23.05";
  sops = {
    defaultSopsFormat = "yaml";
    defaultSopsFile = ../secrets/secrets.yaml;
    age = {
      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = true;
    };
  };
  home-manager = {
    backupFileExtension = "hbckup";
    useUserPackages = true;
    useGlobalPkgs = true;
    extraSpecialArgs = {
      inherit inputs outputs;
    };
    users.jawz = import ./home-manager.nix;
  };
  time = {
    inherit (config.my) timeZone;
    hardwareClockInLocalTime = true;
  };
  i18n = {
    defaultLocale = "en_CA.UTF-8";
    extraLocaleSettings = {
      LC_MONETARY = "es_MX.UTF-8";
    };
  };
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };
  security = {
    polkit.enable = true;
    sudo-rs = {
      enable = true;
      wheelNeedsPassword = false;
    };
    pam.loginLimits = [
      {
        domain = "*";
        type = "soft";
        item = "nofile";
        value = "8192";
      }
    ];
  };
  users = {
    mutableUsers = false;
    groups = {
      users.gid = 100;
      piracy.gid = 985;
    };
  };
  nixpkgs.config = {
    allowUnfree = true;
    permittedInsecurePackages = [
      "aspnetcore-runtime-wrapped-6.0.36"
      "aspnetcore-runtime-6.0.36"
      "dotnet-runtime-6.0.36"
      "dotnet-sdk-wrapped-6.0.428"
      "dotnet-sdk-6.0.428"
    ];
  };
  nix = {
    nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
    distributedBuilds = true;
    optimise.automatic = true;
    settings = {
      use-xdg-base-directories = true;
      auto-optimise-store = true;
      trusted-users = [
        "jawz"
        "root"
        "nixremote"
      ];
      experimental-features = [
        "nix-command"
        "flakes"
        "pipe-operators"
      ];
      substituters = [
        "${config.my.servers.atticd.url}/nixos"
        "https://nix-gaming.cachix.org"
        "https://nixpkgs-python.cachix.org"
        "https://devenv.cachix.org"
        "https://cuda-maintainers.cachix.org"
        "https://ai.cachix.org"
        "https://cache.lix.systems"
        "https://cosmic.cachix.org"
      ];
      trusted-public-keys = [
        "nixos:kubuWhYCk9/aZp5GDJFAScYgigM66DszP8i1Pzbq0Fc="
        "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
        "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
        "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
        "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
        "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
        "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
        "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
      ];
    };
  };
  documentation.enable = false;
  environment = {
    systemPackages = builtins.attrValues {
      inherit (pkgs)
        wget
        sops
        ;
    };
    variables = inputs.self.lib.xdgEnvironment;
  };
  programs = {
    nh = {
      enable = true;
      flake = "/home/jawz/Development/NixOS";
      clean = {
        enable = true;
        extraArgs = "--keep-since 3d";
      };
    };
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
  };
  services = {
    udev.packages = [ pkgs.yubikey-personalization ];
    smartd.enable = true;
    fstrim.enable = true;
    avahi = {
      enable = true;
      nssmdns4 = true;
    };
    openssh = {
      enable = true;
      openFirewall = true;
      startWhenNeeded = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "prohibit-password";
        KbdInteractiveAuthentication = false;
      };
    };
  };
  fonts.fontconfig.enable = true;
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}