{
  pkgs,
  lib,
  ...
}: {
  imports = [
    ../../hosts/modules/core/garbage-collector.nix
  ];

  networking = {
    networkmanager.enable = true;

    nftables.enable = true;
    firewall = {
      enable = lib.mkDefault true;
      allowPing = lib.mkDefault true;
    };

    # Use CloudFlare's WARP+ 1.1.1.1 DNS service
    nameservers = [
      "1.1.1.1"
      "1.0.0.1"
    ];
  };

  programs.nh = {
    enable = true;
    clean.enable = true;
    clean.extraArgs = "--keep-since 7d --keep 3";
    flake = "/etc/nixos"; # sets NH_OS_FLAKE variable for you
  };

  nix.settings = {
    # making wheel group trusted allows your user
    # to import packages not signed by a trusted key
    trusted-users = ["root" "@wheel"];
    experimental-features = [
      "nix-command"
      "flakes"
      "pipe-operators"
    ];
    download-buffer-size = 524288000; # 500 MiB
  };

  time.timeZone = lib.mkDefault "America/Los_Angeles";
  i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";

  # Enable initrd hook for virtual console customisation
  # aka cool colours when bootting yay!!
  console = {
    enable = true;
    earlySetup = true; # initrd pre hook
    keyMap = "us";
    font = "Lat2-Terminus16";
    # ANSI 24-bit color definitions (theme: dracula)
    colors = [
      "21222c"
      "ff5555"
      "50fa7b"
      "f1fa8c"
      "bd93f9"
      "ff79c6"
      "8be9fd"
      "f8f8f2"
      "6272a4"
      "ff6e6e"
      "69ff94"
      "ffffa5"
      "d6acff"
      "ff92df"
      "a4ffff"
      "ffffff"
    ];
  };

  users.defaultUserShell = pkgs.bash;

  security.sudo-rs = {
    enable = true;
    wheelNeedsPassword = lib.mkOverride 200 true;
  };

  environment.systemPackages = with pkgs; [
    git
    vim
    wget
    tree
  ];
}