{
  inputs,
  outputs,
  lib,
  config,
  pkgs,
  ...
}: {
  imports = [
    ./locale
    ./packages
    inputs.home-manager.nixosModules.home-manager
    #../hosts/${config.networking.hostName}/hardware-configuration.nix
  ];
  sops = {
    age.keyFile = ../../../../../../var/secrets/keys.txt;
    secrets."lillian-password".neededForUsers = true;

    defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;

    secrets."wg-private-key".mode = "0440";
    secrets."wg-private-key".owner = config.users.users.root.name;

    secrets."ssh-private-key" = {
      mode = "0600";
      owner = config.users.users.lillian.name;
      path = "/home/lillian/.ssh/id_ed25519";
    };
  };
  #TODO: remove this when unneeded for freetube
  nixpkgs.config.permittedInsecurePackages = [
    "python3.12-youtube-dl-2021.12.17"
  ];

  nix = {
    package = pkgs.lix;
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
    # This will add each flake input as a registry
    # To make nix3 commands consistent with your flake
    registry = lib.mapAttrs (_: value: {flake = value;}) inputs;

    # This will additionally add your inputs to the system's legacy channels
    # Making legacy nix commands consistent as well, awesome!
    nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;

    settings = {
      trusted-users = ["root" "lillian"];
      # Enable flakes and new 'nix' command
      experimental-features = "nix-command flakes";
      # Deduplicate and optimize nix store
      auto-optimise-store = true;
      extra-substituters = [
        "https://cache.lix.systems"
        "https://nix-community.cachix.org"
        "https://nixpkgs-unfree.cachix.org"
        "https://0uptime.cachix.org"
      ];
      trusted-public-keys = [
        "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
        "0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE="
      ];
    };
  };
  catppuccin = {
    flavor = "macchiato";
    tty.enable = true;
    # sddm.enable = true;
    # sddm.flavor = "macchiato";
    forgejo.enable = true;
    forgejo.flavor = "macchiato";
    # plymouth.enable = false;
    # grub.enable = false;
  };

  programs.zsh = {
    enable = true;
  };

  programs.gnupg.agent = {
    enable = true;
    enableBrowserSocket = true;
  };

  # stylix = {
  #   enable = true;
  #   # targets.qt.platform = "kde6";
  #   autoEnable = true;
  #   base16Scheme = {
  #     scheme = "Catppuccin Macchiato";
  #     author = "https://github.com/catppuccin/catppuccin";
  #     base00 = "24273a";
  #     base01 = "1e2030";
  #     base02 = "363a4f";
  #     base03 = "494d64";
  #     base04 = "5b6078";
  #     base05 = "cad3f5";
  #     base06 = "f4dbd6";
  #     base07 = "b7bdf8";
  #     base08 = "ed8796";
  #     base09 = "f5a97f";
  #     base0A = "eed49f";
  #     base0B = "a6da95";
  #     base0C = "8bd5ca";
  #     base0D = "8aadf4";
  #     base0E = "c6a0f6";
  #     base0F = "f0c6c6";
  #   };
  #   image = ./background.jpg;
  #   cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
  #   cursor.name = "catppuccin-macchiato-mauve-cursors";
  #   cursor.size = 16;
  #   homeManagerIntegration.followSystem = true;
  #   fonts = {
  #     serif = {
  #       package = pkgs.dejavu_fonts;
  #       name = "DejaVu Serif";
  #     };

  #     monospace = {
  #       package = pkgs.dejavu_fonts;
  #       name = "DejaVu Sans Mono";
  #     };

  #     sansSerif = {
  #       package = pkgs.dejavu_fonts;
  #       name = "DejaVu Sans";
  #     };

  #     emoji = {
  #       package = pkgs.noto-fonts-emoji-blob-bin;
  #       name = "Blobmoji";
  #     };
  #   };
  # };

  fonts.packages = [
    pkgs.atkinson-hyperlegible
    pkgs.atkinson-monolegible
    pkgs.noto-fonts
    pkgs.nerd-fonts.fira-mono
  ];

  fonts.fontconfig.defaultFonts = {
    emoji = ["Blobmoji"];
    monospace = ["Atkinson Monolegible"];
    sansSerif = ["Atkinson Hyperlegible"];
  };

  networking =
    if config.services.vpn-ip.enable
    then {
      wireguard.enable = true;

      wg-quick.interfaces = {
        wg0 = {
          autostart = true;
          address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
          dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
          listenPort = 51821;
          privateKeyFile = config.sops.secrets."wg-private-key".path;
          peers = [
            {
              publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
              endpoint = "84.87.146.85:51821";
              allowedIPs = ["0.0.0.0/0" "::/0"];
              persistentKeepalive = 25;
            }
          ];
        };
      };
    }
    else {};

  # Enable completion of system packages by zsh
  environment.pathsToLink = ["/share/zsh"];

  home-manager = {
    backupFileExtension = "backup";
    extraSpecialArgs = {
      inputs = inputs;
      outputs = outputs;
    };
    users = {
      # Import your home-manager configuration
      lillian = import ../../home-manager/hosts/${config.networking.hostName};
    };
  };

  users = {
    users.lillian = {
      isNormalUser = true;
      extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
      shell = pkgs.zsh;
      hashedPasswordFile = config.sops.secrets."lillian-password".path;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
      ];
    };
    mutableUsers = false;

    users.root = {
      hashedPassword = "*";
    };
  };
}