{
  inputs,
  outputs,
  lib,
  config,
  pkgs,
  ...
}: {
  imports = [
    ./locales/paris.nix

    ./services/sshd.nix
    ./programs/neovim.nix
    ./programs/zsh.nix
    ./programs/git.nix
  ];

  nixpkgs = {
    overlays = [
      outputs.overlays.additions
      outputs.overlays.modifications
      outputs.overlays.unstable-packages
    ];
  };

  # This will add each flake input as a registry
  # To make nix3 commands consistent with your flake
  nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);

  # This will additionally add your inputs to the system's legacy channels
  # Making legacy nix commands consistent as well, awesome!
  nix.nixPath = ["/etc/nix/path"];
  environment.etc =
    lib.mapAttrs'
    (name: value: {
      name = "nix/path/${name}";
      value.source = value.flake;
    })
    config.nix.registry;

  nix.settings = {
    # Enable flakes and new 'nix' command
    experimental-features = "nix-command flakes";
    # Deduplicate and optimize nix store
    auto-optimise-store = true;
  };

  # Unfree packages that can be installe even if "allow-unfree.nix" isn't imported
  nixpkgs.config.allowUnfreePredicate = pkg:
    builtins.elem (lib.getName pkg) [
      # Steam
      "steam"
      "steam-original"
      "steam-run"

      # Nvidia drivers
      "nvidia-x11"
      "nvidia-settings"
    ];

  boot.loader = {
    systemd-boot = {
      enable = true;
      editor = false;
    };

    efi.canTouchEfiVariables = true;
  };

  # boot.initrd.enable = true;
  # boot.initrd.systemd.enable = true;
  # boot.plymouth = {
  #   enable = true;
  #   font = "${pkgs.jetbrains-mono}/share/fonts/truetype/JetBrainsMono-Regular.ttf";
  #   themePackages = [ pkgs.catppuccin-plymouth ];
  #   theme = "catppuccin-macchiato";
  #   logo = pkgs.fetchurl {
  #     url = "https://nixos.org/logo/nixos-hires.png";
  #     sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
  #   };
  # };

  networking = {
    networkmanager = {
      enable = true;
      wifi = {
        powersave = true;
        scanRandMacAddress = true;
        # XXX https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1091
        #backend = "iwd";
        # Generate a random MAC for each WiFi and associate the two permanently.
        macAddress = "stable";
      };
      # Randomize MAC for every ethernet connetion
      ethernet.macAddress = "random";
      connectionConfig = {
        # IPv6 Privacy Extensions
        "ipv6.ip6-privacy" = 2;

        # unique DUID per connection
        "ipv6.dhcp-duid" = "stable-uuid";
      };
    };

    firewall = {
      enable = true;
      trustedInterfaces = ["tailscale0"];
    };
  };

  # sudo and nix can only be used by the wheel group
  nix.settings.allowed-users = ["@wheel"];
  security.sudo.execWheelOnly = true;

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.mtr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  environment.systemPackages = with pkgs; [
    wget
    dig
    nmap
    btop
    gitFull
    smartmontools
    lm_sensors
    pciutils
    gcc
    gnumake
    sysstat
    file
    ffmpeg
    usbutils
  ];

  services = {
    fwupd.enable = true;
    tailscale.enable = true;
  };
#  console = {
#    earlySetup = true;
#  };

  # boot.blacklistedKernelModules = [ "nvidia_drm" ];
}