{
  pkgs,
  inputs,
  modulesPath,
  lib,
  ...
}: {
  imports = [
  ];

  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
    timeout = 0;
  };

  boot.zfs.devNodes = "/dev/disk/by-path";

  nix.settings.experimental-features = ["nix-command" "flakes"];
  nix.gc = {
    automatic = true;
    options = "--delete-older-than 30d";
  };
  nix.optimise = {
    automatic = true;
    dates = ["05:00"];
  };

  networking.hostName = "enis";
  networking.hostId = "2ead098f";
  networking.networkmanager.enable = true;
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [];
    allowedUDPPorts = [];
  };

  home-manager = {
    extraSpecialArgs = {inherit inputs;};
    users = {
      "enis" = import ./home.nix;
    };
  };

  users.users."enis" = {
    isNormalUser = true;
    hashedPassword = import ./password.nix;
    extraGroups = [
      "networkmanager"
      "audio"
      "wheel"
    ];

    shell = pkgs.zsh;
  };

  users.users."nixos" = {
    isNormalUser = true;
    initialPassword = "1234";
    extraGroups = ["wheel"];
  };

  users.users.root = {
    initialPassword = "1234";
  };

  programs.zsh = {
    enable = true;
    enableGlobalCompInit = true;
  };

  programs.ssh.startAgent = true;
  programs.nano.enable = false;

  environment.systemPackages = with pkgs; [
    wget
    curl
    git
    vim

    zfs
  ];

  environment.variables = {
    EDITOR = "vim";
  };

  time.timeZone = "Europe/Copenhagen";

  security.sudo = {
    enable = true;
    extraConfig = ''
      Defaults  lecture = never
    '';
  };

  programs.mtr.enable = true;
  programs.gnupg.agent.enable = true;

  services.udev.enable = true;
  services.thermald.enable = true;

  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      AllowUsers = null;
      PermitRootLogin = "no";
    };
  };

  nix.settings.trusted-users = ["@wheel"];

  system.stateVersion = "24.11";
}