{
  pkgs,
  pkgs-unstable,
  lib,
  inputs,
  config,
  ...
}:
let
  secrets = config.age.secrets;
in
{
  nixpkgs.config.allowUnfree = true;
  nixpkgs.overlays = [ (import ../../custom-pkgs { inherit lib inputs pkgs-unstable; }) ];

  environment = {
    systemPackages = with pkgs; [
      vim
      wget
      curl
      htop
      tmux
      libimobiledevice
      ripgrep
      fd
    ];

    pathsToLink = [ "/share/zsh" ];
  };

  fonts.packages = with pkgs-unstable; [
    nerd-fonts.iosevka
    nerd-fonts.iosevka-term
  ];
  services = {
    pcscd = {
      enable = true;
      plugins = [ pkgs.ccid ];
    };

    openssh = {
      enable = true;
      openFirewall = false;
    };

    tailscale = {
      enable = true;
      useRoutingFeatures = "client";
    };

    ollama = {
      enable = true;
      acceleration = "rocm";
      environmentVariables = {
        HSA_OVERRIDE_GFX_VERSION = "11.0.3";
      };
    };

    borgbackup.jobs.root = {
      paths = "/";
      exclude = [
        "/nix"
        "/var/cache"
        "/run"
        "/sys"
        "/etc"
        "/swap"
        "/proc"
        "**/node_modules"
        "**/.cargo"
        "**/ruby/*/gems"
        "**/.cache"
        "**/.meteor"
        "**/.next"
        "**/.local/share/containers/cache"
        "**/.local/share/containers/storage/overlay"
        "**/.local/share/docker/overlay2"
        "**/log/*.log"
        "**/.local/share/Trash"
      ];
      environment = {
        BORG_RSH = "ssh -i /root/.ssh/id_ed25519.borg";
      };
      repo = "ssh://u324815-sub2@u324815.your-storagebox.de:23/./backup";
      encryption = {
        mode = "repokey";
        passphrase = "will be overridden from environment file";
      };
      extraCreateArgs = [
        "--stats"
        "--progress"
      ];
      compression = "auto,zstd";
      startAt = "daily";
      persistentTimer = true;
      preHook = with pkgs; ''
        ${coreutils}/bin/timeout 60 ${bash}/bin/sh -c '
          until ${iputils}/bin/ping -c1 your-storagebox.de; do
            sleep 1
          done
        '
      '';
      postCreate = with pkgs; ''
        ${curl}/bin/curl "https://status.freun.dev/api/push/''${UPTIME_KUMA_TOKEN}?status=up&msg=OK&ping="
      '';
      prune.keep = {
        within = "3d";
        daily = 14;
        weekly = 8;
        monthly = -1;
      };
    };

    locate = {
      enable = true;
      package = pkgs.plocate;
    };
  };

  systemd.services.borgbackup-job-root.serviceConfig.EnvironmentFile = secrets.borgbackup-radish.path;

  programs = {
    zsh.enable = true;
    _1password-gui = {
      enable = true;
      polkitPolicyOwners = [ "moco" ];
    };
    _1password.enable = true;
  };
}