{
  config,
  inputs,
  self,
  pkgs,
  lib,
  ...
}:
{
  imports = [
    self.nixosModules.default
    inputs.disko.nixosModules.default
  ];

  nix =
    let
      flakeInputs = inputs |> lib.filterAttrs (_: lib.isType "flake");
    in
    {
      channel.enable = false;
      registry = flakeInputs |> lib.mapAttrs (_: flake: { inherit flake; });
      nixPath = flakeInputs |> lib.attrNames |> lib.map (name: "${name}=flake:${name}");

      settings = {
        flake-registry = "";
        nix-path = config.nix.nixPath;

        experimental-features = [
          "nix-command"
          "flakes"
          "pipe-operators"
        ];
        auto-optimise-store = true;
        warn-dirty = false;
        trusted-users = [
          "root"
          "@wheel"
        ];
        commit-lock-file-summary = "flake.lock: Update";
        allow-import-from-derivation = false;

        min-free = 4 * 1024 * 1024 * 1024;
        max-free = 6 * 1024 * 1024 * 1024;

        substituters = [ "https://sebastian-stork.cachix.org" ];
        trusted-public-keys = [
          "sebastian-stork.cachix.org-1:PAgwmtq5BF/UlUoXdBC2sX2EKZQ2vCjo3iGySujbaME="
        ];
      };
    };

  systemd.enableStrictShellChecks = true;

  time.timeZone = "Europe/Berlin";
  i18n = {
    defaultLocale = "en_US.UTF-8";
    extraLocaleSettings =
      let
        de = "de_DE.UTF-8";
      in
      {
        LC_ADDRESS = de;
        LC_IDENTIFICATION = de;
        LC_MEASUREMENT = de;
        LC_MONETARY = de;
        LC_NAME = de;
        LC_NUMERIC = de;
        LC_PAPER = de;
        LC_TELEPHONE = de;
        LC_TIME = de;
      };
  };

  console.keyMap = "de-latin1-nodeadkeys";

  security.sudo.extraConfig = "Defaults pwfeedback";

  sops.secrets."seb-password".neededForUsers = true;
  users = {
    mutableUsers = false;
    users.seb = {
      isNormalUser = true;
      description = "Sebastian Stork";
      hashedPasswordFile = config.sops.secrets."seb-password".path;
      extraGroups = [ "wheel" ];
    };
  };

  programs.neovim = {
    enable = true;
    defaultEditor = true;
    viAlias = true;
    vimAlias = true;
  };

  zramSwap.enable = true;

  environment.systemPackages = [
    (lib.hiPrio pkgs.uutils-coreutils-noprefix)
    pkgs.git
    pkgs.just
    pkgs.nh
    pkgs.dust
    pkgs.comma
    pkgs.btop
  ];

  nixpkgs.config.allowUnfree = true;

  _module.args.pkgs-unstable = import inputs.nixpkgs-unstable {
    inherit (pkgs.stdenv.hostPlatform) system;
    inherit (config.nixpkgs) config;
  };

  custom = {
    sops.enable = true;
    services = {
      auto-gc.enable = true;
      sshd.enable = true;
    };
  };
}