{ modulesPath, config, lib, pkgs, ... }:

{
  ###
  ### NixOS and Nixpkgs configuration
  ###
  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
  system.stateVersion = "25.05";
  nixpkgs.config.allowUnfree = true;

  ###
  ### Filesystems
  ###
  programs.fuse.userAllowOther = true;
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/4665ceb6-5e13-48fc-81fc-02a7959cd10a";
      fsType = "btrfs";
    };

    "/efi" = {
      device = "/dev/disk/by-uuid/796C-8DE8";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };

    "/data" = {
      device = "/dev/disk/by-uuid/2874dc1d-f1b5-4200-a5de-8dd555fa58c8";
      fsType = "btrfs";
    };
  };

  swapDevices = [
    { device = "/dev/disk/by-uuid/37e818f5-1460-4f22-8207-5ad94b5ec8c4"; }
  ];


  ###
  ### Bootloader and Linux kernel
  ###
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/efi";
  boot.lanzaboote = {
    enable = true;
    privateKeyFile = "/etc/secureboot/keys/db/db.key";
    publicKeyFile = "/etc/secureboot/keys/db/db.pem";
  };

  boot.kernelPackages = pkgs.linuxPackages_cachyos;
  services.scx.enable = true;
  services.scx.package = pkgs.scx_git.full;
  services.scx.scheduler = "scx_lavd";
  services.scx.extraArgs = [ "--performance" ];

  boot.kernelParams = [ "amdgpu.ppfeaturemask=0xfffd7fff" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ];

  # NOTE: We need to load `i915` before `amdgpu` due to Chromium bugs
  # Will be removed when Chromium 131 will be released and Electron will upgrade to it
  boot.initrd.kernelModules = [ "i915" "amdgpu" "dm-snapshot" ];


  ###
  ### Hardware configuration
  ###
  hardware.enableAllFirmware = true;
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  hardware.graphics.enable = true;
  hardware.graphics.enable32Bit = true;

  hardware.bluetooth.enable = true;

  hardware.sane.enable = true;
  hardware.sane.extraBackends = [ pkgs.hplip ];

  hardware.opentabletdriver.enable = true;

  services.fstrim.enable = true;
  services.keyd.enable = true;
  services.upower.enable = true;

  musnix.enable = true;
  musnix.rtcqs.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    jack.enable = true;
    pulse.enable = true;
  };


  ###
  ### Timezone and Networking
  ###
  time.timeZone = "Europe/Moscow";
  networking.hostName = "sapphire";
  networking.useDHCP = lib.mkDefault true;
  networking.networkmanager.enable = true;
  services.resolved.enable = true;

  services.openssh.enable = true;
  services.openssh.settings.PasswordAuthentication = false;


  ###
  ### Software configuration
  ###
  security.rtkit.enable = true;

  programs.fish.enable = true;
  # NOTE: nushell configuration is not available on NixOS
  # programs.nushell.enable = true;

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  programs.dconf.enable = true;
  services.dbus.packages = with pkgs; [ dconf gcr ];

  environment.systemPackages = with pkgs; [ git git-crypt ];
}