{
  inputs,
  outputs,
  lib,
  pkgs,
  ...
}: let
  secrets = builtins.fromTOML (builtins.readFile ./secrets.toml);
in {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix

    ../../modules/nixos/docker.nix
  ];

  nixpkgs = {
    overlays = builtins.attrValues outputs.overlays;

    config = {
      allowUnfree = true;
    };
  };

  nix = let
    flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
  in {
    settings = {
      experimental-features = ["nix-command" "flakes"];
    };

    channel.enable = false;

    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
  };

  # forgejo
  virtualisation.oci-containers = {
    backend = "docker";
    containers = {
      baszel = {
        image = "henrygd/beszel-agent:latest";
        autoStart = true;
        environment = {
          PORT = "45876";
          KEY = secrets.baszel_key;
          HUB_URL = "http://10.0.0.2:8090";
          TOKEN = secrets.baszel_token;
        };
        volumes = [
          "/var/run/docker.sock:/var/run/docker.sock"
        ];
      };
      forgejo-runner = {
        # serviceName = "forgejo-runner";
        autoStart = true;
        privileged = true;
        cmd = ["forgejo-runner" "--config" "/data/config.yml" "daemon"];
        user = "1000:131";
        networks = ["forgejo"];
        image = "data.forgejo.org/forgejo/runner:11";
        environment = {
          DOCKER_HOST = "unix:///var/run/docker.sock";
        };
        ports = [
          "8080:8080"
        ];
        volumes = [
          "/var/run/docker.sock:/var/run/docker.sock"
          "/home/tyler/.config/forgejo:/data"
          "/home/tyler/.local/cache/forgejo:/cache"
          "/home/tyler/.local/share/forgejo:/workspace"
        ];
      };
    };
  };

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  services.pcscd.enable = true;
  programs.gnupg.agent = {
    enable = true;
    pinentryPackage = pkgs.pinentry-curses;
    enableSSHSupport = true;
  };

  networking.hostName = "kaylee";
  services.dnsmasq.enable = true;
  services.avahi = {
    enable = true;
    nssmdns4 = true;
  };

  services.xserver.xkb.layout = "us";

  users.users.tyler = {
    isNormalUser = true;
    extraGroups = ["wheel" "docker"]; # Enable ‘sudo’ for the user.
    shell = pkgs.fish;
  };

  environment.systemPackages = with pkgs; [
    helix # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    wget
    yadm
    restic
    git
    chezmoi
    git
    curl
    unzip
  ];

  programs.fish.enable = true;

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

  system.stateVersion = "24.05"; # Did you read the comment?
}