{
  inputs,
  config,
  pkgs,
  ...
}: {
  imports = [
    ./hardware.nix
    ./sshd.nix
  ];

  # allow flakes
  nix.settings.experimental-features = ["nix-command" "flakes"];

  # allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # hostname
  networking.hostName = config.hostName;

  # common system packages
  environment.systemPackages = with pkgs; [
    # editor
    vim
    # lib
    libz
    openssl
    shared-mime-info
    # shell
    bash
    zsh
    # utility
    acpi
    curl
    dig
    file
    fd
    htop
    jq
    killall
    openssh
    p7zip
    ripgrep
    rsync
    sbctl
    sl
    tree
    unzip
    wget
  ];

  # nix-ld
  programs.nix-ld.enable = true;

  # appimage
  programs.appimage = {
    enable = !config.minimal;
    binfmt = !config.minimal;
  };

  # use the latest kernel
  boot.kernelPackages = pkgs.linuxPackages_latest;

  # sysrq
  boot.kernel.sysctl."kernel.sysrq" = 246;

  # timezone
  time.timeZone = "America/New_York";

  # docs
  documentation = {
    info.enable = false;
    dev.enable = false;
    nixos.enable = false;
  };

  # locale
  i18n.defaultLocale = "en_US.UTF-8";

  # networking
  networking.networkmanager.enable = true;
  networking.networkmanager.dns = "systemd-resolved";
  networking.firewall.enable = true;
  services.resolved.enable = true;

  # hardware
  services.dbus.implementation = "broker";
  services.fwupd.enable = true;
  services.libinput.enable = config.desktop.enable;
  services.pipewire = {
    enable = config.desktop.enable;
    alsa.enable = config.desktop.enable;
    pulse.enable = config.desktop.enable;
    jack.enable = config.desktop.enable;
  };

  # power
  services.upower = {
    enable = !config.minimal;
    percentageLow = 20;
    percentageCritical = 10;
    percentageAction = 4;
    criticalPowerAction = "Hibernate";
  };
  services.tlp = {
    enable = !config.minimal;
    settings = {
      CPU_SCALING_GOVERNOR_ON_AC = "performance";
      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";

      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
      CPU_ENERGY_PERF_POLICY_ON_AC = "performance";

      CPU_MIN_PERF_ON_AC = 0;
      CPU_MAX_PERF_ON_AC = 100;
      CPU_MIN_PERF_ON_BAT = 0;
      CPU_MAX_PERF_ON_BAT = 20;
    };
  };

  # printing
  services.printing.enable = config.desktop.enable;
  services.avahi = {
    enable = config.desktop.enable;
    nssmdns4 = config.desktop.enable;
    openFirewall = config.desktop.enable;
  };

  # create user account
  users.users.${config.user} = {
    isNormalUser = true;
    description = config.fullName;
    extraGroups = ["networkmanager" "wheel" "sys" "video" "audio"];
    home = config.homePath;
    shell = pkgs.zsh;
  };

  # certs
  security.pki.certificateFiles = [
    ../files/certs/freyanet.crt
    ../files/certs/tinternet.crt
  ];
}