{
  self,
  pkgs,
  lib,
  inputs,
  config,
  ...
}: {
  imports = [
    ./storage.nix
    ./backups.nix
    ./networking
    ./data-sharing.nix
    ./monitoring
    ./k3s
    ./tailscale.nix
    ./facter.nix
    inputs.disko.nixosModules.disko
    inputs.sops-nix.nixosModules.sops
    inputs.nix-snapshotter.nixosModules.nix-snapshotter
  ];

  config = {
    time.timeZone = "Europe/Amsterdam";
    nixpkgs = {
      config.allowUnfree = true;
      overlays = [
        (final: _prev: {
          unstable = import inputs.nixpkgs-unstable {
            system = config.nixpkgs.hostPlatform.system;
          };
        })
      ];
    };

    i18n = {
      defaultLocale = "en_US.UTF-8";

      extraLocaleSettings = let
        extraLocale = "nl_NL.UTF-8";
      in {
        LC_ADDRESS = extraLocale;
        LC_IDENTIFICATION = extraLocale;
        LC_MEASUREMENT = extraLocale;
        LC_MONETARY = extraLocale;
        LC_NAME = extraLocale;
        LC_NUMERIC = extraLocale;
        LC_PAPER = extraLocale;
        LC_TELEPHONE = extraLocale;
        LC_TIME = extraLocale;
      };
    };

    services = {
      openssh = {
        enable = true;
        openFirewall = true;

        settings = {
          PasswordAuthentication = false;
          KbdInteractiveAuthentication = false;
          GSSAPIAuthentication = false;
          UseDns = false;
        };
      };
    };

    users.users.root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
    ];

    programs.neovim = {
      enable = true;
      vimAlias = true;
      viAlias = true;
    };

    environment.systemPackages = with pkgs; [
      wget
      git
      btop
      htop
      ripgrep
      dig
      tree
      file
      tcpdump
      lsof
      parted
      radvd
      minicom
      socat
      pciutils
      dmidecode
      openssl
      nfs-utils
      rsync
      fio
      libva-utils
      jq
      tmux
      fastfetch
    ];

    boot = lib.mkIf (! config.facter.lab.isRaspberryPi) {
      loader = {
        systemd-boot.enable = lib.mkDefault true;
        efi.canTouchEfiVariables = true;
      };
    };

    nix = {
      package = pkgs.nixFlakes;

      extraOptions = ''
        experimental-features = nix-command flakes
      '';

      gc = {
        automatic = true;
        persistent = true;
        dates = "weekly";
        options = "--delete-older-than 7d";
      };
    };

    system = {
      stateVersion = "23.05";

      activationScripts.diff = ''
        if [[ -e  /run/current-system ]]; then
          ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
        fi
      '';
    };

    sops = {
      age.keyFile = "/root/.config/sops/age/keys.txt";
      defaultSopsFile = "${self}/secrets/nixos.yaml";
    };
  };
}