{
  inputs,
  outputs,
  lib,
  config,
  pkgs,
  nix-rice,
  ...
}: {
  nixpkgs = {
    overlays = [
      inputs.nur.overlay
      outputs.overlays.additions
      outputs.overlays.unstable-pkgs
      inputs.nix-rice.overlays.default
      outputs.overlays.rice
    ];
    config = {
      allowUnfree = true;
      allowUnfreePredicate = _: true;
    };
  };

  nix = {
    registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
    settings = {
      experimental-features = "nix-command flakes";
    };
  };

  imports = [
    # inputs.declarative-cachix.nixosModules.declarative-cachix
    # inputs.helix
  ];

  # stylix = {
  #   polarity = "dark";
  #   image = pkgs.fetchurl {
  #     sha256 = "sha256-6BCoxgqK5pCxv5P7Rf5MoyLbHAShRd3YuacAcZ916C8=";
  #     url = "https://gruvbox-wallpapers.pages.dev/wallpapers/irl/flowers-2.jpg";
  #   };
  #   base16Scheme = "${inputs.base16-schemes}/gruvbox-dark-hard.yaml";
  #   fonts = {
  #     sizes = {
  #       desktop = 12;
  #       popups = 12;
  #       terminal = 10;
  #       applications = 12;
  #     };
  #     monospace = {
  #       name = "Fira Code";
  #       package = pkgs.fira-code;
  #     };
  #     sansSerif = {
  #       name = "Inria Sans";
  #       package = pkgs.inriafonts;
  #     };
  #     serif = {
  #       name = "Inria Serif";
  #       package = pkgs.inriafonts;
  #     };
  #     emoji = {
  #       name = "Twitter Color Emoji";
  #       package = pkgs.twemoji-color-font;
  #     };
  #   };
  # };

  # cachix = [
  #   "nix-community"
  # ];

  nix.extraOptions = ''
    keep-outputs = true
    keep-derivations = true
  '';

  systemd.services.NetworkManager-wait-online.enable = true;

  environment.pathsToLink = ["/share/zsh"];

  hardware.enableRedistributableFirmware = true;
  hardware.enableAllFirmware = true;
  boot.loader.systemd-boot.consoleMode = "max";
  boot.loader.timeout = 3;

  boot.loader.systemd-boot.enable = true;
  boot.tmpOnTmpfs = true;

  networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.

  time.timeZone = "Australia/Sydney";
  time.hardwareClockInLocalTime = true;

  # Select internationalisation properties.
  i18n.defaultLocale = "en_AU.UTF-8";
  i18n.supportedLocales = ["en_AU.UTF-8/UTF-8"];
  console = {
    font = "Lat2-Terminus16";
    useXkbConfig = true; # use xkbOptions in tty.
  };

  hardware.opengl.enable = true;
  hardware.opengl.driSupport32Bit = true;

  #input stuff
  services.xserver.enable = false;
  services.xserver.xkbOptions = "caps:escape";
  services.xserver.layout = "us";
  services.xserver.libinput.enable = true;
  services.xserver.displayManager.lightdm.enable = false; # gets installed by default..

  services.greetd = {
    enable = true;
    settings = {
      default_session = {
        command = "${pkgs.greetd.tuigreet}/bin/tuigreet -r -g \"what's good\" --time --sessions ${config.services.xserver.displayManager.sessionData.desktops}/share/wayland-sessions";
        user = "greeter";
      };
    };
  };

  security.polkit.enable = true;

  programs.dconf.enable = true;

  xdg.autostart.enable = true;

  services.resolved = {
    enable = true;
    fallbackDns = ["103.1.206.179" "168.138.8.38" "168.138.12.137"];
    dnssec = "false";
  };

  # Enable sound.
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # jack.enable = true;
  };

  qt.enable = true;
  qt.platformTheme = "gtk2";
  qt.style = "gtk2";

  programs.zsh.enable = true;
  users.defaultUserShell = pkgs.zsh;

  services.tailscale.enable = true;

  environment.systemPackages = with pkgs; [
    rnix-lsp

    tailscale

    home-manager
    cachix

    # helix
    ark

    curl

    git

    zsh

    nix-index
    comma

    cachix

    alejandra
  ];

  # services.mullvad-vpn.enable = true;

  networking.wg-quick.interfaces = {
    mullvad = {
      address = ["10.67.227.64/32"];
      dns = ["10.64.0.1"];
      privateKey = "OOPAlePjy7x2DVpg6d7BoBqpST3lDJSYght185tSUl8=";
      peers = [
        {
          publicKey = "LXuRwa9JRTt2/UtldklKGlj/IVLORITqgET4II4DRkU=";
          allowedIPs = ["0.0.0.0/0"];
          endpoint = "146.70.200.194:51820";
          persistentKeepalive = 25;
        }
      ];
    };
  };

  networking.firewall.enable = true;
  networking.firewall = {
    trustedInterfaces = ["tailscale0"];
    checkReversePath = "loose";
  };

  systemd.services.fixNetworkingForTailscale = {
    wantedBy = ["multi-user.target"];
    after = ["network.target" "mullvad-daemon.service"];
    description = "fix the damn routing table";
    serviceConfig = {
      Type = "oneshot";
      User = "root";
      ExecStart = ''        ${pkgs.bash}/bin/bash -c 'if [[ "$( ${pkgs.iproute2}/bin/ip rule | grep -e "62:.*52" | wc -l)" -eq 0 ]]; then ${pkgs.iproute2}/bin/ip rule add pref 62 table 52; fi''';
                      # ExecStop = ''${pkgs.iproute2}/bin/ip rule del pref 62 table 52'';
    };
  };

  security.pam.services.waylock = {
    text = ''
      auth include login
    '';
  };

  system.stateVersion = "23.05"; # Did you read the comment? # lol no
}