{pkgs, outputs, ...}: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
  ];

  nixpkgs = {
    overlays = builtins.attrValues outputs.overlays;

    config = {
      allowUnfree = true;
      permittedInsecurePackages = [
      ];
    };
  };

  # Use GRUB 2 boot loader
  boot.loader.grub.enable = true;
  boot.loader.grub.efiSupport = true;
  boot.loader.grub.efiInstallAsRemovable = true;
  boot.loader.grub.device = "nodev";
  boot.loader.efi.efiSysMountPoint = "/efi";

  services.tailscale.enable = true;

  networking.hostName = "saffron"; # Define your hostname.

  # Caddy reverse proxy with DNS challenge
  services.caddy = {
    enable = true;
    package = pkgs.caddy.withPlugins {
      plugins = ["github.com/caddy-dns/cloudflare"];
      vendorHash = "sha256-A9V8WgJnalU3YzuKu3D1wJjSC1MQaH2HvOvBdLzFWl4=";
    };
    environmentFile = "/etc/caddy/environment";
    virtualHosts."rss.mayoff.ca" = {
      extraConfig = ''
        tls {
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
        }
        reverse_proxy MINIFLUX_TAILSCALE_IP:PORT
      '';
    };
  };

  # Set your time zone.
  time.timeZone = "America/Toronto";

  users.users.tyler = {
    isNormalUser = true;
    description = "tyler";
    extraGroups = ["wheel"];
    shell = pkgs.fish;
  };
  programs.fish.enable = true;

  services.openssh.enable = true;

  system.stateVersion = "25.05"; # Did you read the comment?
}