{
  pkgs,
  inputs,
  lib,
  ...
}:
let
  inherit (inputs) disko agenix home-manager;
in
{
  imports = [
    disko.nixosModules.disko
    agenix.nixosModules.default
    home-manager.nixosModules.home-manager
    ./disko-config.nix
    ./hardware-configuration.nix
  ];
  config = {

    my_users.enable = true;
    my_nix.enable = true;

    networking.hostName = "penguin";

    boot = {
      tmp.cleanOnBoot = true;
      loader = {
        systemd-boot.enable = true;
        efi.canTouchEfiVariables = true;
      };
    };

    time.timeZone = "Asia/Singapore";

    networking.firewall = {
      enable = true;
      allowedTCPPorts = [
        22
        3000
        3001
      ];
      networkmanager.enable = true;
      nftables.enable = true;
      trustedInterfaces = [ "tailscale0" ];
    };

    services.openssh = {
      enable = true;
      settings.PasswordAuthentication = false;
    };

    users.users.cs3223 = lib.snowfall.mkUser {
      isNormalUser = true;
      extraGroups = [ "wheel" ];
    };

    services.tailscale.enable = true;
    nixpkgs.config = {
      rocmSupport = true;
    };

    programs._1password.enable = true;

    environment.systemPackages = with pkgs; [
      git
      neovim
    ];

    virtualisation.podman = {
      enable = true;
      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
    };
    system.stateVersion = "25.11";
  };
}