{
  config,
  lib,
  pkgs,
  mypkgs,
  inputs,
  ...
}: {
  imports = [./hardware-configuration.nix];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.luks.devices = {
    cryptlvm = {
      device = "/dev/disk/by-uuid/1b3b8818-6085-4dd3-ab5e-c97cc49d2773";
      allowDiscards = true;
      preLVM = true;
    };
  };
  boot.kernelPackages = pkgs.linuxPackages_6_6;

  i18n.defaultLocale = "en_US.UTF-8";
  time.timeZone = "Europe/Berlin";

  hardware = {
    bluetooth.enable = true;
    graphics.enable = true;

    printers = {
      ensureDefaultPrinter = "Kyocera_FS-1370DN";

      ensurePrinters = [
        {
          name = "Kyocera_FS-1370DN";
          location = "HWLAB_DC3";
          deviceUri = "socket://10.3.32.10";
          model = "Kyocera/Kyocera_FS-1370DN.ppd";
        }
      ];
    };
  };

  networking = {
    useDHCP = false;
    networkmanager = {
      enable = true;
      plugins = with pkgs; [
        networkmanager-openvpn
      ];
    };
  };

  environment.systemPackages = with pkgs; [
    vim
    wget
  ];

  networking.firewall.enable = false;

  services = {
    blueman.enable = true;
    fprintd.enable = true;
    illum.enable = true;
    tlp.enable = true;
    libinput.enable = true;

    udev.extraRules = ''
      KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
      # Keymapp Flashing rules for the ZSA Voyager
      SUBSYSTEMS=="usb", ATTRS{idVendor}=="3297", MODE:="0666", SYMLINK+="ignition_dfu"
    '';

    printing = {
      enable = true;
      drivers = [
        mypkgs.cups-kyocera-fs1370dn
      ];
    };

    openssh = {
      enable = true;
      ports = [222];
      openFirewall = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "prohibit-password";
        KbdInteractiveAuthentication = false;
      };
      hostKeys = [
        {
          path = "/etc/ssh/ssh_host_ed25519_key";
          type = "ed25519";
        }
      ];
    };

    logind = {
      lidSwitch = "suspend";
      lidSwitchDocked = "ignore";
      lidSwitchExternalPower = "ignore";
      extraConfig = ''
        HoldoffTimeoutSec=300s
      '';
    };

    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };

    xserver = {
      enable = true;

      displayManager = {
        gdm = {
          enable = true;
          wayland = true;
        };
      };
    };

    clamav = {
      daemon.enable = true;
      updater.enable = true;
    };
  };

  security.sudo.configFile = ''
    Defaults lecture=always
    Defaults lecture_file=${../../misc/sudo_lecture}
  '';
  security.pam.services.swaylock = {};

  fonts.packages = with pkgs; [
    font-awesome
    nerd-fonts.fira-mono
    mypkgs.comic-mono
  ];

  programs.fish.enable = true;
  programs.hyprland.enable = true;

  users.groups.plugdev = {};
  users.users.patrick = {
    isNormalUser = true;
    extraGroups = ["networkmanager" "wheel" "plugdev" "jupyter"];
    shell = pkgs.bashInteractive;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8zNAXScQ4FoWNxF4+ALJXMSi3EbpqZP5pO9kfg9t8o patrick"
    ];
  };

  virtualisation.podman.enable = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
}