{
  pkgs,
  lib,
  config,
  ...
}:
with lib;
with lib.metacfg;
{
  imports = [
    ./hardware-configuration.nix
    ./xremap.nix
  ];

  services.rustdesk-server.signal.enable = false;
  networking.firewall.allowedTCPPorts = [
    22000
  ];

  programs.ccache.enable = true;
  nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];

  services.cratedocs-mcp.enable = true;

  sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
  sops.secrets."wg".sopsFile = ../../../.secrets/x1/files.yaml;
  sops.secrets."wg".mode = "0444";

  environment.etc."wg0.backup.conf".source = config.sops.secrets."wg".path;

  services.openssh = {
    enable = true;
    hostKeys = [
      {
        path = "/var/lib/secrets/ssh_host_ed25519_key";
        type = "ed25519";
      }
      {
        path = "/var/lib/secrets/ssh_host_rsa_key";
        type = "rsa";
        bits = 4096;
      }
    ];
  };

  services.tailscale.enable = true;
  services.resolved.enable = true;

  metacfg = {
    hardware.wooting.enable = true;
    base.enable = true;
    gui.enable = true;
    nix-ld.enable = true;
    nix.enable = true;
    podman.enable = true;
    secureboot.enable = true;
    homeprinter.enable = true;

    system = {
      limits = {
        enable = true;
        nofileLimit = 32768;
        memlockLimit = 32768;
      };
    };

    # User configuration
    tools = {
      direnv.enable = true;
    };
    user.extraGroups = [
      "docker"
      "dialout"
      "tss"
    ];
    system.kernelTweaks.enable = true;
  };

  system.autoUpgrade = {
    enable = true;
    operation = "boot";
    allowReboot = false;
  };

  nixpkgs.config.permittedInsecurePackages = [
    "electron-27.3.11"
  ];

  environment.systemPackages = with pkgs; [
    attic-client
    azure-cli
    claude-code
    claude-desktop-with-fhs
    desktop-file-utils
    fabric-ai
    gemini-cli
    gnome-terminal
    gnome-remote-desktop
    gtypist
    k9s
    klavaro
    kubectl
    kubectx
    libcamera
    logseq
    obsidian
    piper-tts
    tipp10
    uv
    vscode
  ];

  services.ratbagd.enable = true;

  virtualisation = {
    libvirtd.enable = true;
  };

  services.trezord.enable = true;

  services.ollama = {
    enable = false;
    acceleration = "rocm";
    environmentVariables = {
      HSA_OVERRIDE_GFX_VERSION = "10.1.0";
    };
  };

  /*
    environment.sessionVariables = {
      LIBVA_DRIVER_NAME = "iHD";
      # NIXOS_OZONE_WL = "1";
      # DRI_PRIME = "pci-0000_24_00_0";
      DRI_PRIME = "pci-0000_00_02_0";
    };
  */

  system.stateVersion = "23.11";
}