{
  inputs,
  modulesPath,
  config,
  lib,
  pkgs,
  ...
}:

{
  ###
  ### NixOS and Nixpkgs configuration
  ###
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  system.stateVersion = "25.05";
  nixpkgs.config.allowUnfree = true;

  # Use the same nixpkgs for system and for `nix-shell` and `nix shell`
  nix.registry.nixpkgs.flake = inputs.nixpkgs;
  nix.nixPath = [
    "nixpkgs=${inputs.nixpkgs.outPath}"
    "/nix/var/nix/profiles/per-user/root/channels"
  ];

  ###
  ### Filesystems
  ###
  programs.fuse.userAllowOther = true;
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/4665ceb6-5e13-48fc-81fc-02a7959cd10a";
      fsType = "btrfs";
    };

    "/efi" = {
      device = "/dev/disk/by-uuid/796C-8DE8";
      fsType = "vfat";
      options = [
        "fmask=0022"
        "dmask=0022"
      ];
    };

    "/data" = {
      device = "/dev/disk/by-uuid/2874dc1d-f1b5-4200-a5de-8dd555fa58c8";
      fsType = "btrfs";
    };
  };

  swapDevices = [
    { device = "/dev/disk/by-uuid/37e818f5-1460-4f22-8207-5ad94b5ec8c4"; }
  ];

  ###
  ### Bootloader and Linux kernel
  ###
  boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.efi.efiSysMountPoint = "/efi";
  boot.lanzaboote = {
    enable = true;
    privateKeyFile = "/etc/secureboot/keys/db/db.key";
    publicKeyFile = "/etc/secureboot/keys/db/db.pem";
  };

  boot.kernelPackages = pkgs.linuxPackages_cachyos;
  # services.scx.enable = true;
  # services.scx.package = pkgs.scx_git.full;
  # services.scx.scheduler = "scx_lavd";
  # services.scx.extraArgs = [ "--performance" ];

  boot.kernelParams = [ "amdgpu.ppfeaturemask=0xfffd7fff" ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usbhid"
  ];

  # NOTE: We need to load `i915` before `amdgpu` due to Chromium bugs
  # Will be removed when Chromium 131 will be released and Electron will upgrade to it
  boot.initrd.kernelModules = [
    "i915"
    "amdgpu"
    "dm-snapshot"
  ];
  # boot.initrd.kernelModules = [ "dm-snapshot" ];

  boot.postBootCommands = ''
    echo 2048 > /sys/class/rtc/rtc0/max_user_freq
    echo 2048 > /proc/sys/dev/hpet/max-user-freq
  '';

  ###
  ### Hardware configuration
  ###
  hardware.enableAllFirmware = true;
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  hardware.graphics.enable = true;
  hardware.graphics.enable32Bit = true;

  hardware.graphics.extraPackages = with pkgs; [
    intel-media-driver
    intel-vaapi-driver

    vpl-gpu-rt
    intel-media-sdk
  ];

  hardware.graphics.extraPackages32 = with pkgs; [
    intel-media-driver
    intel-vaapi-driver

    vpl-gpu-rt
    intel-media-sdk
  ];

  hardware.bluetooth.enable = true;

  hardware.sane.enable = true;
  hardware.sane.extraBackends = [ pkgs.hplip ];

  hardware.opentabletdriver.enable = true;

  services.fstrim.enable = true;
  services.keyd.enable = true;
  services.upower.enable = true;

  musnix.enable = true;
  musnix.rtcqs.enable = true;

  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    jack.enable = true;
    pulse.enable = true;
  };

  ###
  ### Timezone and Networking
  ###
  time.timeZone = "Europe/Moscow";
  networking.hostName = "sapphire";
  networking.useDHCP = lib.mkDefault true;
  networking.networkmanager.enable = true;
  services.resolved.enable = true;

  services.openssh.enable = true;
  services.openssh.settings.PasswordAuthentication = false;

  networking.firewall.allowedTCPPorts = [ ];
  networking.firewall.allowedUDPPorts = [ ];

  ###
  ### Software configuration
  ###
  security.rtkit.enable = true;

  programs.fish.enable = true;
  # NOTE: nushell configuration is not available on NixOS
  # programs.nushell.enable = true;

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };

  programs.dconf.enable = true;
  services.dbus.packages = with pkgs; [
    dconf
    gcr
  ];

  xdg.portal = {
    enable = true;
    config.common.default = [
      "gtk"
      "gnome"
    ];
    extraPortals = with pkgs; [
      xdg-desktop-portal-gtk
      xdg-desktop-portal-gnome
    ];
  };

  services.flatpak.enable = true;

  # NOTE: I now use this as alternative to steam-run'ing every precompiled binary
  # This should be much easier now, than `steam-run <binary>` every time
  services.envfs.enable = true;
  programs.nix-ld.enable = true;
  programs.nix-ld.libraries = with pkgs; [
    acl
    attr
    bzip2
    dbus
    expat
    fontconfig
    freetype
    fuse3
    icu
    libnotify
    libsodium
    libssh
    libunwind
    libusb1
    libuuid
    nspr
    nss
    stdenv.cc.cc
    util-linux
    zlib
    zstd

    # Graphics-related
    pipewire
    cups
    libxkbcommon
    pango
    mesa
    libdrm
    libglvnd
    libpulseaudio
    atk
    cairo
    alsa-lib
    at-spi2-atk
    at-spi2-core
    gdk-pixbuf
    glib
    gtk3
    libGL
    libappindicator-gtk3
    vulkan-loader
    xorg.libICE
    xorg.libSM
    xorg.libX11
    xorg.libXScrnSaver
    xorg.libXcomposite
    xorg.libXcursor
    xorg.libXdamage
    xorg.libXext
    xorg.libXfixes
    xorg.libXi
    xorg.libXrandr
    xorg.libXrender
    xorg.libXtst
    xorg.libxcb
    xorg.libxkbfile
    xorg.libxshmfence
  ];

  ###
  ### Extra Packages
  ###
  environment.systemPackages = with pkgs; [
    git
    git-crypt
    lact
  ];

  systemd.packages = with pkgs; [ lact ];

  ###
  ### Extra Services
  ###
  systemd.services.lactd.wantedBy = [ "multi-user.target" ];
}