{
  config,
  pkgs,
  lib,
  inputs,
  ...
}:

{
  imports = [
    inputs.private.nixosModules.base
    inputs.private.nixosModules.substituter
  ];

  nix = {
    settings = {
      auto-optimise-store = true;
      experimental-features = [
        "nix-command"
        "flakes"
        "ca-derivations"
      ];
      trusted-users = [ "@wheel" ];
      use-xdg-base-directories = true;
    };

    gc = {
      automatic = true;
      dates = "8:00";
      options = "--delete-older-than 14d";
    };
  };

  nixpkgs = {
    overlays = [
      inputs.artemist.overlays.default
      inputs.fonts.overlays.default
    ];
    config.allowUnfreePredicate =
      pkg:
      (pkg ? passthru && pkg.passthru ? font && pkg.passthru.font)
      || (builtins.elem (lib.getName pkg) [
        "1password"
        "brscan5"
        "brscan5-etc-files"
        "celeste64"
        "corefonts"
        "google-chrome"
        "jlink"
        "makemkv"
        "steam"
        "steam-jupiter-original"
        "steam-original"
        "steam-run"
        "steamdeck-hw-theme"
        "unrar"
      ]);
  };

  console = {
    keyMap = "us";
    earlySetup = true;
  };

  time.timeZone = "Etc/UTC";
  environment.shellAliases.cp = "cp --reflink=auto --sparse=always";
  networking.firewall.enable = false;
  programs.fish.enable = true;

  users = {
    users.artemis = {
      isNormalUser = true;
      description = "Artemis Tosini";
      uid = 1000;
      extraGroups = [
        "wheel"
        "artemis"
      ];
      shell = pkgs.fish;
      # hashedPassword set in private
    };
    groups.artemis.gid = config.users.users.artemis.uid;
    mutableUsers = false;
  };

  security.sudo.execWheelOnly = true;

  systemd.extraConfig = "DefaultLimitCORE=infinity";
  security.pam.loginLimits = [
    {
      domain = "*";
      item = "core";
      type = "hard";
      value = "infinity";
    }
  ];
}