{
  config,
  pkgs,
  pkgs-unstable,
  inputs,
  configPath,
  hostname,
  hostTypes,
  ...
}:

{
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    inputs.home-manager.nixosModules.default
  ];

  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  # Nix optimizations
  nix.optimise.automatic = true;
  nix.settings = {
    download-buffer-size = 200000000;
    auto-optimise-store = true;
    substituters = ["https://hyprland.cachix.org"];
    trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
  };
  nix.gc = {
    automatic = true;
    dates = "weekly";
    persistent = true;
    options = "--delete-older-than 30d";
  };

  # Dynamic power managment
  #  powerManagement = {
  #    enable = true;
  #    cpuFreqGovernor = "powersave";
  #    powertop.enable = true;
  #  };

  # Power Management
  services.thermald.enable = true;
  services.power-profiles-daemon.enable = false;
  services.auto-cpufreq.enable = true;
  services.auto-cpufreq.settings = {
    battery = {
      governor = "balanced";
      turbo = "auto";
    };
    charger = {
      governor = "performance";
      turbo = "auto";
    };
  };
  services.system76-scheduler = {
    enable = true;
    useStockConfig = true;
  };

  # Intel CPU integrated graphics packages
  hardware.graphics.extraPackages = with pkgs; [
    intel-media-driver
    intel-ocl
    intel-vaapi-driver
  ];

  networking.hostName = "eva-01"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Enable networking
  networking.networkmanager.enable = true;

  virtualisation.docker.enable = true;

  # zram
  zramSwap = {
    enable = true;
    priority = 100;
    memoryPercent = 30;
    swapDevices = 1;
    algorithm = "zstd";
  };

  # Set your time zone.
  # time.timeZone = "America/Los_Angeles";
  services.automatic-timezoned.enable = true;

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  # Enable the X11 windowing system.
  # You can disable this if you're only using the Wayland session.
  services.xserver.enable = false;
  programs.xwayland.enable = true;

  # Enable the KDE Plasma Desktop Environment.
  services.displayManager.sddm.enable = true;
  services.displayManager.sddm.wayland.enable = true;
  services.desktopManager.plasma6.enable = true;
  #services.displayManager.sddm.theme = "sddm-astronaut-theme";

  # Enable Hyprland wayland compositor
  programs.hyprland.enable = true;
  environment.sessionVariables.NIXOS_OZONE_WL = "1";

  # Enable XDG Desktop Portal for proper D-Bus integration
  services.dbus.enable = true;
  xdg.portal = {
    enable = true;
    wlr.enable = true;
    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
  };

  services.tailscale.enable = true;

  #Enable Ollama daemon
  services.ollama = {
    enable = true;
    package = pkgs-unstable.ollama;
  };

  #Enable Hyprland
  services.fprintd.enable = true;
  services.fprintd.tod.enable = true;
  services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix;

  # Configure keymap in X11
  services.xserver.xkb = {
    layout = "us";
    variant = "";
  };

  # Enable CUPS to print documents.
  services.printing.enable = false;
  services.avahi.enable = true;
  services.avahi.nssmdns4 = true;

  # Enable Smart Card
  services.pcscd.enable = true;

  # Enable sound with pipewire.
  services.pulseaudio.enable = false;
  #hardware.pulseaudio = {
  #  enable = true;
  #  package = pkgs.pulseaudioFull;
  #};
  hardware.bluetooth.enable = true;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;

    # use the example session manager (no others are packaged yet so this is enabled by default,
    # no need to redefine it in your config for now)
    #media-session.enable = true;
  };

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  programs.zsh.enable = true;
  users.users.rogueking = {
    isNormalUser = true;
    description = "rogueking";
    extraGroups = [ "networkmanager" "wheel" "docker" ];
    shell = pkgs.zsh;
    #packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
    packages = with pkgs; [
    ];
  };

  # Install firefox.
  programs.firefox.enable = true;

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
  security.polkit.enable = true;
  programs._1password.enable = true;
  programs._1password-gui = {
    enable = true;
    # Certain features, including CLI integration and system authentication support,
    # require enabling PolKit integration on some desktop environments (e.g. Plasma).
    polkitPolicyOwners = [ "rogueking" ];
  };

  # 1Password SSH agent systemd socket
  systemd.user.sockets."1password" = {
    wantedBy = [ "sockets.target" ];
    socketConfig = {
      ListenStream = "%t/1password/agent.sock";
      SocketMode = "0600";
    };
  };

  systemd.user.services."1password" = {
    description = "1Password SSH Agent";
    requires = [ "1password.socket" ];
    after = [ "graphical-session.target" ];
    serviceConfig = {
      ExecStart = "${pkgs._1password-gui}/bin/1password --silent";
      Restart = "on-failure";
      RestartSec = 5;
    };
  };

  #steam
  programs.steam.enable = true;

  # Enable OpenSSH daemon
  services.openssh = {
    enable = true;
    ports = [ 22 ];
    settings = {
      PasswordAuthentication = false;
      AllowUsers = [ "rogueking" ];
      UseDns = true;
      X11Forwarding = false;
      PermitRootLogin = "no";
      MaxAuthTries = "20";
    };
  };

  users.users."rogueking".openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINXqriPZVIuduc/J7GS1mD171LL0gIbgEjlImsxedWVX"
  ];

  # Firewall
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [
      22
    ];
    logRefusedConnections = true;
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    # System-level only
    fprintd
  ];

  fonts.packages = with pkgs; [
    nerd-fonts.jetbrains-mono
    nerd-fonts.hack
    nerd-fonts.fira-code
    dejavu_fonts
  ];

  home-manager = {
    extraSpecialArgs = {
      inherit
        configPath
        inputs
        pkgs-unstable
        hostname
        hostTypes
        ;
    };
    users = {
      "rogueking" = import ./../../home-manager/home.nix;
    };
    backupFileExtension = "backup";
  };

  system.stateVersion = "25.11"; # Did you read the comment?

}