{ inputs, outputs, lib, pkgs, ... }:
{
  system.stateVersion = "24.05";

  nix = {
    settings = {
      trusted-users = [ "@wheel" "root" ];
      experimental-features = lib.mkDefault [ "nix-command" "flakes" ];
      auto-optimise-store = true;
    };

    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 14d";
    };
  };

  nixpkgs = {
    overlays = [ outputs.overlays.unstable-packages ];
    config = {
      allowUnfree = true;
      allowUnfreePredicate = (_: true);
    };
  };

  system.autoUpgrade = {
    enable = true;
    flake = inputs.self.outPath;
    flags = [
      "--update-input"
      "nixpkgs"
      "-L"
    ];
    dates = "Sat *-*-* 06:00:00";
    randomizedDelaySec = "45min";
    allowReboot = true;
  };

  security = {
    sudo.enable = lib.mkDefault false;
    doas = {
      enable = lib.mkDefault true;
      extraRules = [{
        groups = [ "wheel" ];
        keepEnv = true;
        persist = true;
      }];
    };

    polkit.enable = true;
  };

  networking.firewall.enable = true;

  time.timeZone = "America/Detroit";

  i18n.defaultLocale = "en_US.UTF-8";

  programs = {
    git.enable = true;
    htop.enable = true;

    neovim = {
      enable = true;
      package = pkgs.unstable.neovim-unwrapped;
      viAlias = true;
      vimAlias = true;
      defaultEditor = true;
    };

    zsh = {
      enable = true;
      enableCompletion = true;
      syntaxHighlighting.enable = true;
      promptInit = ''
        PS1="%m%% "
      '';
      loginShellInit = ''
        if command -v motd &> /dev/null; then
          motd
        fi
      '';
    };
  };

  environment.systemPackages = with pkgs; [
    curl
    fd
    ripgrep
    rsync
  ];
}