{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
}: let
  user = config.user;
in {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    ./ddc.nix
    ./g920.nix
  ];

  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
  boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
  boot.kernelModules = ["kvm-amd"];
  boot.extraModulePackages = [];

  fileSystems."/" = {
    device = "/dev/mapper/cryptroot";
    fsType = "btrfs";
    options = ["subvol=@" "compress=zstd" "autodefrag"];
  };

  fileSystems."/nix" = {
    device = "/dev/disk/by-label/nix";
    fsType = "f2fs";
    neededForBoot = true;
    options = ["noatime"];
  };

  boot.initrd.luks.devices."usbkey" = {
    device = "/dev/disk/by-label/usbkey1";
  };

  boot.initrd.luks.devices."cryptroot" = {
    device = "/dev/disk/by-uuid/cc0617df-8cbf-4618-abbc-df64c96de151";
    keyFileSize = 4096;
    preOpenCommands = ''
      mkdir -m 0755 -p /key
      mount -n -o ro /dev/mapper/usbkey /key
    '';
    keyFile = "/key/keyfile";
    preLVM = false;
  };

  fileSystems."/home" = {
    device = "/dev/mapper/cryptroot";
    fsType = "btrfs";
    options = ["subvol=@home" "compress=zstd" "autodefrag"];
  };

  fileSystems."/boot" = {
    device = "/dev/disk/by-label/boot";
    fsType = "vfat";
  };

  boot.plymouth.enable = true;
  boot.initrd.verbose = false;
  boot.consoleLogLevel = 1;
  boot.kernelParams = ["quiet" "udev.log_level=3"];

  swapDevices = [{device = "/dev/disk/by-label/swap";}];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;

  networking.networkmanager.appendNameservers = ["1.1.1.1" "1.0.0.1"];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  hardware.keyboard.zsa.enable = true;

  networking.hostName = "zenix";

  services.openssh.enable = true;

  networking.firewall.checkReversePath = "loose";

  system.stateVersion = "22.11"; # do not change

  home-manager.users.${user}.imports = [
    {
      home.stateVersion = "22.05";
    }
  ];
}