{
  config,
  pkgs,
  lib,
  inputs,
  ...
}:

with lib;
with lib.metacfg;
let
  cfg = config.metacfg.nix;

  substituters-submodule = types.submodule (
    { name, ... }:
    {
      options = with types; {
        key = mkOpt (nullOr str) null "The trusted public key for this substituter.";
      };
    }
  );
in
{
  options.metacfg.nix = with types; {
    enable = mkBoolOpt false "Whether or not to manage nix configuration.";
    package = mkOpt package pkgs.nix "Which nix package to use.";

    extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure.";
  };

  config = mkIf cfg.enable {
    assertions = mapAttrsToList (name: value: {
      assertion = value.key != null;
      message = "metacfg.nix.extra-substituters.${name}.key must be set";
    }) cfg.extra-substituters;

    environment.systemPackages = with pkgs; [
      metacfg.nixos-revision
      (metacfg.nixos-hosts.override { hosts = inputs.self.nixosConfigurations; })
      deploy-rs
      nixfmt
      nix-index
      nix-prefetch-git
      nix-output-monitor
    ];

    #systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
    programs.nix-index.enable = true;
    programs.command-not-found.enable = false; # nix-index handles it instead

    nix =
      let
        users = [
          config.metacfg.user.name
        ]
        ++ optional config.services.hydra.enable "hydra";
        extra-substituters = cfg.extra-substituters;
      in
      {
        package = cfg.package;

        settings = {
          experimental-features = "nix-command flakes";
          http-connections = 50;
          warn-dirty = false;
          log-lines = 50;
          sandbox = true;
          auto-optimise-store = true;
          trusted-users = users;
          allowed-users = [ "@users" ];

          # NixOS already adds cache.nixos.org by default, only add extra substituters
          substituters = mapAttrsToList (name: _: name) extra-substituters;
          trusted-public-keys = mapAttrsToList (_: value: value.key) extra-substituters;

        }
        // (lib.optionalAttrs config.metacfg.tools.direnv.enable {
          keep-outputs = true;
          keep-derivations = true;
        });

        gc = {
          automatic = true;
          dates = lib.mkDefault "weekly";
          options = lib.mkDefault "--delete-older-than 14d";
        };

        # flake-utils-plus
        generateRegistryFromInputs = true;
        generateNixPathFromInputs = true;
        linkInputs = true;
      };
  };
}