{
  inputs,
  lib,
  pkgs,
  ...
}:

{
  imports = [
    ./module-overrides.nix
    ./nix.nix
  ];

  # kernel
  boot.kernelPackages = pkgs.linuxPackages_latest;

  # Enable networking
  networking.networkmanager.enable = true;

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
  nix = {
    channel.enable = false;
    settings.experimental-features = [
      "no-url-literals"
    ];
    nixPath = [
      "nixpkgs=${pkgs.selfExpr { useConfig = false; }}"
      "systemNixpkgs=${pkgs.selfExpr { useConfig = true; name = "systemNixpkgs-self"; }}"
      # don't garbage collect the nixpkgs input
      "inputsNixpkgs=${inputs.nixpkgs}"
    ];
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    waypipe
    wget
    ffmpeg
    yt-dlp
    htop
    btop
    fastfetch
    smartmontools
    ddrescue
  ];
  programs.git.enable = true;
  programs.git.config = {
    commit.verbose = true;
    init.defaultBranch = "main";
    merge.conflictstyle = "diff3";
    rerere.enabled = true;
  };

  # Use nix-index for command-not-found handler
  programs.command-not-found.enable = false;
  programs.nix-index = {
    package = pkgs.nix-index.override {
      nix-index-unwrapped = pkgs.nix-index-unwrapped.overrideAttrs (oldAttrs: {
        patches = oldAttrs.patches or [] ++ [
          ../pkgs/by-name/ni/nix-index/cnfOutput.patch
        ];
      });

    };
    enable = true;
    enableBashIntegration = true;
  };

  # Enable fail2ban because of the OpenSSH server
  services.fail2ban = {
    enable = true;
    maxretry = 10;
    bantime = "7d";
  };

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    ports = [
      22
      8022
    ];
  };
}