{
  pkgs,
  inputs,
  ...
}: {
  imports = with inputs; [
    chaotic.nixosModules.default
    lix.nixosModules.default
    self.nixosModules.desktop
    self.nixosModules.system
    ./hardware.nix
    ./programs.nix
    ./stylix.nix
    ./disko.nix
    ./users.nix
    ./sops.nix
  ];

  desktop = {
    niri.enable = true;
  };

  nix = {
    channel.enable = false;
    settings.experimental-features = ["nix-command" "flakes"];
    daemonCPUSchedPolicy = "idle";
  };

  system.stateVersion = "25.05";

  time.timeZone = "Europe/Kyiv";
  locale.ukrainian.enable = true;

  networking = {
    networkmanager.enable = true;
    hostName = "dunamis";
  };

  boot = {
    kernelPackages = pkgs.linuxPackages_cachyos;
    # kernelPackages = pkgs.linuxPackages_latest;
    plymouth.enable = true;
    loader.efi.canTouchEfiVariables = true;
    loader.systemd-boot = {
      enable = true;
      consoleMode = "auto";
    };
  };

  console = {
    earlySetup = true;
    packages = [pkgs.terminus_font];
    font = "${pkgs.terminus_font}/share/consolefonts/ter-c18n.psf.gz";
  };

  environment.memoryAllocator.provider = "mimalloc";

  services = {
    # hardware.openrgb.enable = true;
    flatpak.enable = true;
    fstrim.enable = true;
    fwupd.enable = true;
    openssh.enable = true;
    syncthing.openDefaultPorts = true;
    dnscrypt-proxy2 = {
      enable = true;
      settings = {
        require_dnssec = true;
        server_names = ["mullvad-doh"];
        bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
      };
    };
    opensnitch = {
      enable = false;
      settings = {
        DefaultAaction = "deny";
        Firewall = "iptables";
        InterceptUnknown = true;
        ProcMonitorMethod = "ebpf";
      };
    };
  };
  services.scx = {
    enable = true;
    scheduler = "scx_flash";
  };

  security.basic.enable = true;

  virtual = {
    libvirt.enable = true;
    podman.enable = false;
  };

  wireless.bluetooth.enableBlueman = true;

  opentabletdriver.enable = false;
  qmk-vial.enable = true;
}