{
  inputs,
  outputs,
  lib,
  config,
  pkgs,
  nix-rice,
  nix-std,
  ...
}: {
  nixpkgs = {
    overlays = [
      inputs.nur.overlay
      outputs.overlays.additions
      outputs.overlays.pkg-sets
      inputs.nix-rice.overlays.default
      outputs.overlays.rice
      inputs.helix.overlays.default
      inputs.nixd.overlays.default
      # inputs.eww.overlays.default
    ];
    config = {
      allowUnfree = true;
      allowUnfreePredicate = _: true;
    };
  };

  nix = {
    registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
    settings = {
      trusted-users = ["bolt" "plank"];
      experimental-features = "nix-command flakes";
      substitute = true;
      substituters = ["https://jakestanger.cachix.org"];
      trusted-public-keys = [
        "jakestanger.cachix.org-1:VWJE7AWNe5/KOEvCQRxoE8UsI2Xs2nHULJ7TEjYm7mM="
      ];
    };
  };

  imports = [
  ];

  nix.extraOptions = ''
    keep-outputs = true
    keep-derivations = true
  '';

  systemd.services.NetworkManager-wait-online.enable = true; # for some reason nm doesn't enable without this

  environment.pathsToLink = ["/share/zsh"];

  hardware.enableRedistributableFirmware = true;
  hardware.enableAllFirmware = true;
  boot.loader.systemd-boot.consoleMode = "max";
  boot.loader.timeout = 3;

  boot.loader.systemd-boot.enable = true;
  boot.tmp.useTmpfs = true;

  networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.

  time.timeZone = "Australia/Sydney";
  # fix windows to use utc instead
  time.hardwareClockInLocalTime = false;

  # Select internationalisation properties.
  i18n.defaultLocale = "en_AU.UTF-8";
  i18n.supportedLocales = ["en_AU.UTF-8/UTF-8"];
  console = {
    font = "Lat2-Terminus16";
    useXkbConfig = true; # use xkbOptions in tty.
  };

  hardware.opengl.enable = true;
  hardware.opengl.driSupport32Bit = true;

  #input stuff
  services.xserver.enable = false;
  services.xserver.xkbOptions = "caps:escape";
  services.xserver.layout = "us";
  services.xserver.libinput.enable = true;

  services.udisks2.enable = true;

  services.xserver.windowManager.qtile = {
    enable = true;
    backend = "wayland";
    package = inputs.qtile.packages.x86_64-linux.default;
    configFile = null; # using hm instead
    extraPackages = python3Packages:
      with python3Packages; [
        pkgs.stable.python3Packages.qtile-extras
        # coconut
      ];
  };

  services.greetd = {
    enable = true;
    settings = {
      default_session = {
        # command = "${lib.getExe pkgs.greetd.tuigreet} -r -g \"what's good\" --time --cmd sway";
        command = "${lib.getExe pkgs.greetd.tuigreet} -r -g \"what's good\" --time --cmd \"qtile start -b wayland\"";
        user = "greeter";
      };
    };
  };

  security.polkit.enable = true;

  programs.dconf.enable = true;

  xdg.autostart.enable = true;
  xdg.portal = {
    enable = true;
    extraPortals = with pkgs; [
      xdg-desktop-portal-gtk
      xdg-desktop-portal-wlr
    ];
  };

  services.resolved = {
    enable = true;
    fallbackDns = ["103.1.206.179" "168.138.8.38" "168.138.12.137"];
    dnssec = "false";
  };

  # Enable sound.
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # jack.enable = true;
  };

  qt.enable = true;
  qt.platformTheme = "gtk2";
  qt.style = "gtk2";

  programs.zsh.enable = true;
  users.defaultUserShell = pkgs.zsh;

  services.tumbler.enable = true; # thumbnailer for thunar
  # services.tailscale.enable = true;

  environment.systemPackages = with pkgs; [
    man-pages
    man-pages-posix

    rnix-lsp
    nixd

    home-manager
    cachix

    curl
    eza
    swaybg

    git

    nix-index
    starship

    cachix

    alejandra
  ];

  documentation.dev.enable = true;
  documentation.man.enable = true;
  documentation.enable = true;

  programs.nix-index-database.comma.enable = true;
  programs.nix-index.enableZshIntegration = false;
  programs.nix-index.enableBashIntegration = false;

  services.gvfs.enable = true;

  services.mullvad-vpn.enable = true;

  networking.firewall.enable = true;
  networking.firewall = {
    # trustedInterfaces = ["tailscale0"];
    checkReversePath = "loose";
  };

  # programs.sway = {
  #   # to use home-manager
  #   package = null;
  #   enable = true;
  #   wrapperFeatures = {
  #     base = true;
  #     gtk = true;
  #   };
  #   # extraPackages = with pkgs; [swaylock swayidle foot dmenu vulkan-validation-layers];
  # };

  # systemd.services.fixNetworkingForTailscale = {
  #   wantedBy = ["multi-user.target"];
  #   after = ["network.target" "mullvad-daemon.service"];
  #   description = "fix the damn routing table";
  #   serviceConfig = {
  #     Type = "oneshot";
  #     User = "root";
  #     ExecStart = ''${pkgs.bash}/bin/bash -c "if [[ \"$( ${pkgs.iproute2}/bin/ip rule | grep -e \"62:.*52\" | wc -l)\" -eq 0 ]]; then ${pkgs.iproute2}/bin/ip rule add pref 62 table 52; fi"'';
  #   };
  # };

  # give cpuset to user
  systemd.services."user@".serviceConfig.Delegate = "memory pids cpu cpuset";

  security.pam.services.gtklock = {
    text = ''
      auth include login
    '';
  };

  system.stateVersion = "22.11"; # Did you read the comment?
}