{
  pkgs,
  attrs,
  ...
}:
let
  # Horrid workaround for https://github.com/nix-community/home-manager/issues/1011
  homeManagerSessionVars = "/etc/profiles/per-user/${attrs.username}/etc/profile.d/hm-session-vars.sh";
in
{
  imports = [
    ./hardware-configuration.nix
    ./backups.nix
  ];
  environment = {
    systemPackages = with pkgs; [
      cryptsetup
      nfs-utils
      nerdctl
      android-tools
      (lib.hiPrio uutils-coreutils-noprefix)
    ];
    extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test";
  };

  boot = {
    loader.systemd-boot.enable = true;
    loader.efi.canTouchEfiVariables = true;
    kernelPackages = pkgs.linuxPackages_latest;
    blacklistedKernelModules = [ "bluetooth" ];
    kernel.sysctl = {
      "net.core.rmem_max" = 4194304;
      "net.core.wmem_max" = 4194304;
    };
  };
  # Networking
  networking = {
    hostId = "1185c58e";
    nameservers = [
      "1.1.1.1"
      "9.9.9.9"
    ];
    networkmanager = {
      enable = true;
      dns = "systemd-resolved";
    };
    firewall = {
      allowedTCPPorts = [ 11111 ];
      trustedInterfaces = [ "tailscale0" ];
    };
  };

  # Services
  virtualisation = {
    containerd = {
      enable = true;
    };
  };

  security.pam.services.swaylock = { };
  xdg.portal = {
    enable = true;
    xdgOpenUsePortal = false;
    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
  };
  programs = {
    light.enable = true;
    hyprland.enable = true;
    ssh = {
      startAgent = true;
    };
    steam.enable = true;
    fish.enable = true; # enable vendor completions
    nh.enable = true;
  };

  # workaround for wait-online killing nixos build
  systemd.services.NetworkManager-wait-online = {
    serviceConfig = {
      ExecStart = [
        ""
        "${pkgs.networkmanager}/bin/nm-online -q"
      ];
    };
  };
  system-net.nfs = true;
  system-sys.zram = false;
  hardware = {
    graphics = {
      enable = true;
      enable32Bit = true;
      extraPackages = [
        pkgs.mesa
        pkgs.libGL
      ];
    };
    ledger.enable = true;
    enableAllFirmware = true;
  };
  services = {
    pipewire = {
      enable = true;
      alsa.enable = true;
      pulse.enable = true;
    };
    dbus.enable = true;

    tlp = {
      enable = true;
      settings = {
        START_CHARGE_THRESH_BAT0 = 60;
        STOP_CHARGE_THRESH_BAT0 = 90;
        CPU_BOOST_ON_AC = 1;
        CPU_BOOST_ON_BAT = 0;
        CPU_SCALING_GOVERNOR_ON_AC = "performance";
        CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
        CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
        CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
        PLATFORM_PROFILE_ON_BAT = "low-power";
        PLATFORM_PROFILE_ON_AC = "performance";
        DEVICES_TO_DISABLE_ON_STARTUP = "bluetooth";

        CPU_MIN_PERF_ON_AC = 0;
        CPU_MAX_PERF_ON_AC = 100;
        CPU_MIN_PERF_ON_BAT = 0;
        CPU_MAX_PERF_ON_BAT = 40;
      };
    };
    ratbagd.enable = true; # Logitech
    keyd = {
      enable = true;
      keyboards = {
        default = {
          ids = [ "*" ];
          settings = {
            main = {
              pause = "timeout(esc, 150, space)";
              scrolllock = "layer(shift)";
            };
          };
        };
      };
    };
    udev.packages = [
      pkgs.ledger-udev-rules
      pkgs.trezor-udev-rules
    ];

    trezord.enable = true;
    udisks2.enable = true; # kindle
  };
  fonts = {
    # Set a sane system-wide default font
    packages = with pkgs; [
      nerd-fonts.ubuntu-mono
      spleen
    ];
    fontconfig.defaultFonts.monospace = [ "UbuntuMono" ];
  };
  system.stateVersion = "22.11";
}