{ config, lib, pkgs, system, inputs, ... }: {
  options.snowflake = {
    extraPackages = lib.mkOption {
      type = lib.types.listOf lib.types.package;
      default = [ ];
      description = "Extra packages to be installed system-wide";
    };
  };

  config = {
    # roots ssh keys
    users.users.root.openssh.authorizedKeys.keys = [
      # change this to your ssh key
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C eden-thinkpad-zephyrus-cell"
    ];

    # base packages required everywhere
    environment = {
      shells = with pkgs; [ bash zsh fish ];
      systemPackages = with pkgs;
        map lib.lowPrio [
          # base packages
          ## ssl
          openssl

          ## data transfer
          rsync
          curl
          wget
          aria2 # torrent

          ## editor
          neovim

          ## version management
          git

          ## disk space utility management
          ncdu

          ## disk utility management
          gptfdisk

          ## monitoring utility
          htop
          btop

          ## battery management
          acpi

          ## system info
          neofetch
          inxi

          ## networking utility
          inetutils # for telnet
          mtr # for latency and network path monitoring
          dig # for dns query
          whois # for domain name ownership query
          prettyping # for latency monitoring
          ethtool # for network interface monitoring
          wol # for wakeonlan

          ## file interaction
          fzf
          ripgrep
          jq
          file
          tree
          eza

          ## generic linux utils
          coreutils
          unixtools.xxd # for generating uuid
          file # for checking filetype

          ## pci utilities
          pciutils
          lshw

          ## usb utilities
          usbutils

          ## nix specific
          # nix-output-monitor # pretty build outputs # removing since taken care of by nh
        ] ++ config.snowflake.extraPackages;
    };

    programs.bash.shellAliases = {
      d = "docker";
      v = "nvim";
      dco = "docker compose";
    };

    programs.neovim = {
      enable = true;
      defaultEditor = true;
      viAlias = true;
      vimAlias = true;
    };

    nix = {
      settings = {
        experimental-features = [ "nix-command" "flakes" ];
        sandbox = true;
        auto-optimise-store = true;
      };
    };

    # higher openssh security
    services.openssh = {
      settings.PasswordAuthentication = false;
      settings.KbdInteractiveAuthentication = false;
    };

    documentation = {
      enable = true;
      man = {
        enable = true;
        man-db.enable = false;
        mandoc.enable = true;
        generateCaches = true;
      };
    };

    programs.nh = {
      enable = true;
      clean.enable = true;
      clean.extraArgs = "--keep-since 7d --keep 7";
    };

    system.activationScripts.diff = {
      supportsDryActivation = true;
      text = ''
        ${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
        "${
          inputs.nixos-needtoreboot.packages."${system}".default
        }/bin/nixos-needsreboot"
      '';
    };
  };
}