{ pkgs, ... }:
{
  nix = {
    extraOptions = ''
      tarball-ttl = 900
    '';
    gc = {
      automatic = true;
      interval = {
        Weekday = 0;
        Hour = 0;
        Minute = 0;
      };
      options = "--delete-older-than 30d";
    };
    package = pkgs.nixVersions.stable;
    settings = {
      substituters = [
        "https://cache.nixos.org"
        "https://nix-community.cachix.org"
      ];
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      trusted-users = [
        "@admin"
        "fcuny"
      ];
      experimental-features = [
        "nix-command"
        "flakes"
      ];
    };
  };

  system.defaults = {
    dock = {
      autohide = true;
      dashboard-in-overlay = false;
      launchanim = false; # Don't animate opening applications.
      mru-spaces = false; # don’t rearrange spaces based on the most recent use
      orientation = "left";
      show-recents = false;
      showhidden = false;
      tilesize = 60; # Default is 64.
      wvous-br-corner = 1; # Disable Notes hot corner.
    };
    finder.AppleShowAllExtensions = true;

    CustomUserPreferences = {
      "com.apple.desktopservices" = {
        # Avoid creating .DS_Store files on network or USB volumes
        DSDontWriteNetworkStores = true;
        DSDontWriteUSBStores = true;
      };
    };

    # Requires the directory to already exist.
    # See system.activationScripts.postUserActivation
    screencapture.location = "~/Documents/screenshots";
    SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true;
  };

  system.activationScripts.postUserActivation.text = ''
    mkdir -p ~/Documents/screenshots
  '';

  fonts.packages = with pkgs; [
    source-code-pro
  ];

  system.keyboard = {
    enableKeyMapping = true;
    remapCapsLockToControl = true;
  };

  # Touch ID for sudo auth
  security.pam.enableSudoTouchIdAuth = true;

  services.nix-daemon.enable = true;

  programs.fish.enable = true;
  programs.fish.shellInit = ''
    # Nix
    if test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish'
      source '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish'
    end
    # End Nix
  '';

  # Required for homebrew on aarch64
  environment.systemPath = [
    "/opt/homebrew/bin"
    "/opt/homebrew/sbin"
  ];

  ## this sets the PATH for GUI apps
  ## needs a restart
  launchd.user.agents = {
    user-paths = {
      command = "/bin/launchctl config user path '/opt/homebrew/bin:/Users/fcuny/.nix-profile/bin:/etc/profiles/per-user/fcuny/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin'";
      serviceConfig.RunAtLoad = true;
    };
  };

  environment.variables = {
    HOMEBREW_NO_ANALYTICS = "1";
    HOMEBREW_NO_INSECURE_REDIRECT = "1";
    HOMEBREW_NO_EMOJI = "1";
    HOMEBREW_NO_AUTO_UPDATE = "1";
  };

  homebrew = {
    enable = true;

    onActivation = {
      autoUpdate = true;
      cleanup = "uninstall";
      upgrade = true;
    };

    brews = [
      "repomix"
    ];

    casks = [
      "docker"
      "element"
      "iterm2"
      "vlc"
    ];
  };

  programs.ssh.knownHosts = {
    "github.com".publicKey =
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
  };
}