{
  pkgs,
  myConfig,
  inputs,
  lib,
  specialArgs,
  ...
}: {
  imports = [
    inputs.home-manager.nixosModules.home-manager
    ./hardware-configuration.nix
  ];

  environment.systemPackages = with pkgs; [
    pavucontrol
    wl-clipboard
  ];

  users = {
    defaultUserShell = pkgs.${myConfig.general.Terminal.shell};
    users = {
      ${myConfig.essentials.Username} = {
        isNormalUser = true;
        extraGroups = ["wheel" "networkmanager" "input" "video"];
        initialHashedPassword = "$y$j9T$NHFtSwF4NJtEmgMjy4Xdg.$9WQltjEx3eEfZ7GbpGLW8lBhJtiXPOeIawrxdmx0.vB";
        useDefaultShell = true;
        packages = [];
      };
    };
  };
  home-manager = {
    backupFileExtension = "backup";
    useGlobalPkgs = true;
    useUserPackages = true;
    extraSpecialArgs = specialArgs;
    users.${myConfig.essentials.Username} = import ../../home/hakase.nix;
  };

  nixpkgs.config.allowUnfree = myConfig.general.allowUnfree;

  hardware.graphics = {
    enable = true;
    enable32Bit = true;
  };

  i18n.defaultLocale = "en_US.UTF-8";
  time.timeZone = "${myConfig.nixos.Timezone}";

  boot.loader = {
    systemd-boot = lib.mkIf (myConfig.nixos.Boot.mode == "systemd") {
      enable = true;
    };
    grub = lib.mkIf (myConfig.nixos.Boot.mode == "grub") {
      efiSupport = true;
      enable = true;
      device = "nodev";
      useOSProber = true;
    };
    efi = {
      canTouchEfiVariables = true;
      efiSysMountPoint = "/boot";
    };
  };

  programs.ssh.extraConfig = myConfig.optionals.Ssh.extraConfig;

  programs.bash = {
    interactiveShellInit = ''
      if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
      then
        shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
        exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
      fi
    '';
  };

  programs = {
    zsh.enable = true;
    fish.enable = true;
  };

  services = {
    displayManager.gdm.enable = true;
    libinput.enable = true;
    blueman.enable = true;
    printing.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;

      # lowLatency = {
      #   enable = true;
      #   quantum = 64;
      #   rate = 48000;
      # };
    };
  };
  # make pipewire realtime-capable
  security.rtkit.enable = true;

  nix = {
    distributedBuilds = true;
    settings = {
      builders-use-substitutes = true;
      trusted-users = myConfig.optionals.Builds.trustedUsers;
      experimental-features = ["nix-command" "flakes"];
    };
  };

  console = {
    earlySetup = true;
    font = "${pkgs.terminus_font}/share/consolefonts/ter-132n.psf.gz";
    packages = with pkgs; [terminus_font];
    useXkbConfig = true;
  };

  networking = {
    networkmanager.enable = true;
    firewall = {
      enable = false;
      allowedTCPPorts = [22 80];
      allowedUDPPorts = [53];
    };
    proxy.default = null;
    proxy.noProxy = null;
  };
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  system.stateVersion = "25.05";
}