{
  lib,
  namespace,
  ...
}:
{
  imports = [
    ./boot.nix
    # ./networking.nix - moved to modules/nixos/network
    ./users.nix
    ./sops.nix
  ];

  security.tpm2 = {
    enable = true;
  };

  ${namespace} = {
    services.home-assistant.enable = true;
    hardware.disko = {
      enable = true;
      filesystem = "bcachefs";
    };
    impermanence.enable = true;
    network = {
      hostName = "nuc-nixos";
      useNetworkd = false;
      ipv4 = {
        method = "manual";
        address = "10.0.1.4/24";
        gateway = "10.0.1.1";
        dns = "10.0.1.1";
      };
      wifi = {
        enable = true;
        profiles = {
          "Joey's Jungle 6G" = {
            ssid = "Joey's Jungle 6G";
            keyMgmt = "sae";
          };
        };
      };
      firewall = {
        enable = true;
        allowPing = true;
        allowedTCPPorts = [ 8192 ];
        allowedUDPPorts = [ 8192 ];
      };
    };
  };

  # Enable nix flakes and nix-command tools
  nix = {
    settings = {
      substituters = [
        "https://nix-community.cachix.org"
        "https://cache.nixos.org/"
      ];
      trusted-public-keys = [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      warn-dirty = lib.mkForce false;
      experimental-features = lib.mkForce [
        "nix-command"
        "flakes"
      ];
      trusted-users = [ "@wheel" ];
    };

    # Garbage collect automatically every week
    gc.automatic = lib.mkDefault true;
    gc.options = lib.mkDefault "--delete-older-than 30d";

    optimise.automatic = lib.mkDefault true;
  };
}