{ pkgs, lib, ... }:
with lib;
with lib.metacfg;
{
  imports = [ ./hardware-configuration.nix ];

  metacfg = {
    base.enable = true;
    gui.enable = true;
    nix-ld.enable = true;
    nix.enable = true;
    podman.enable = true;
    secureboot.enable = true;
    homeprinter.enable = true;
    user.extraGroups = [
      "docker"
      "dialout"
    ];
  };

  environment.systemPackages = with pkgs; [
    azure-cli
    cloudflare-warp
    desktop-file-utils
    kubectl
    kubectx
    k9s
    attic-client
    ollama
  ];

  services.resolved.enable = true;
  services.resolved.dnssec = "allow-downgrade";
  services.resolved.extraConfig = ''
    ResolveUnicastSingleLabel=yes
  '';

  systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli

  virtualisation = {
    docker.enable = true;
    libvirtd.enable = true;
    podman.dockerCompat = false;
  };

  system.autoUpgrade = {
    enable = true;
    operation = "boot";
    allowReboot = false;
  };

  services.trezord.enable = true;

  systemd.user.extraConfig = "DefaultLimitNOFILE=32768";

  security.pam.loginLimits = [
    {
      domain = "*";
      item = "nofile";
      type = "-";
      value = "32768";
    }
    {
      domain = "*";
      item = "memlock";
      type = "-";
      value = "32768";
    }
  ];

  services.ollama = {
    enable = true;
    acceleration = "rocm";
    environmentVariables = {
      HSA_OVERRIDE_GFX_VERSION = "10.1.0";
    };
  };

  environment.sessionVariables = {
    LIBVA_DRIVER_NAME = "iHD";
    # NIXOS_OZONE_WL = "1";
    # DRI_PRIME = "pci-0000_24_00_0";
    DRI_PRIME = "pci-0000_00_02_0";
  };

  system.stateVersion = "23.11";
}