{ pkgs, lib, inputs, config, outputs, ... }:
let
  sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
in
{
  imports = [
    inputs.impermanence.nixosModules.impermanence
    ./sops.nix
    ./locale.nix
  ];

  nixpkgs = {
    overlays = [
      outputs.overlays.additions
      outputs.overlays.modifications
      outputs.overlays.unstable-packages
      inputs.nur.overlays.default
    ];
    config = {
      allowUnfree = true;
    };
  };

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  users = {
    mutableUsers = true;
    extraUsers = {
      root = {
        hashedPasswordFile = sopsHashedPasswordFile;
      };
    };
  };

  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 30d";
  };

  environment.systemPackages = [
    pkgs.rsync
    pkgs.curl
    pkgs.just
    pkgs.vim
  ];

  programs.git = {
    enable = true;
    package = pkgs.git;
    config = {
    # need to set /etc/nixos as safe directory to enable root to interact with non-root nix config repo
      safe = {directory = ["/etc/nixos"]; };
    };
  };

  system.stateVersion = "24.05";
}