{ config, pkgs, lib, ... }: {
  # NixOS wants to enable GRUB by default
  boot.loader.grub.enable = false;

  # A bunch of boot parameters needed for optimal runtime on RPi 4B
  boot.kernelPackages = pkgs.linuxPackages_rpi4;
  boot.kernelParams =
    [ "zfs.zfs_arc_max=134217728" "console=TTYAMA0,115200" "console=tty1" ];
  boot.loader.raspberryPi = {
    enable = true;
    version = 4;
  };

  environment.systemPackages = with pkgs; [ raspberrypi-tools git htop vim ];

  # !!! Adding a swap file is optional, but strongly recommended!
  swapDevices = [{
    device = "/swapfile";
    size = 4096;
  }];

  # Configure basic SSH access
  services.openssh = {
    enable = true;
    permitRootLogin = "yes";
  };

  # Cleanup tmp on startup
  boot.cleanTmpDir = true;

  # Set hostname
  networking.hostName = "zion";

  # Create coolneng user
  users.users.coolneng = {
    isNormalUser = true;
    home = "/home/coolneng";
    extraGroups = [ "wheel" "docker" ];
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFzv7R6htlqGXLWjscOxbj8nDOZLf6v61IUngSD2XvwzRGjiMhDPKxUEhkoBR5SbDAR0901Aakaf+SYxE9zpG29yncIGP9lLfs2iBBnH4ZXmsbaaEq7zhlpOHQnuT2rzwx5v1WiCZ2o57zuUm+4sd6j3pxqXGOPnVb0SaTLbIRuPR23l8zLLGdlyMF6k6iEjYQ6THuaRQBKQ7c9Cvy1dWUDdE+n7R/ESX9O1sjNVIc5zZIjsqTz4DEt6mIChNXGVHnQD+NKYpK8K+0yIYdKxoCLz0/HeMsHAM+bwl+np+ovk7tK4RKVUZ3f6d+nVm40vc2UW/UCrO4KPv3yrH4fVay5bvc0wQQwxfnSHJv3pVE0HFvZAMFQZst+6QUtttOZvF4IbhK5k/Vi3D0aMCGNa5DIAsq1wCOhR8e9oY0LAGkMyxnt0izJXNTGRXeM1EcHrxy9omU/pWaoiB7Eg0iWNgyg2UePpabknaIUo02dWdxmYV2OV/uORvClKSEvsym880= coolneng@panacea"
    ];
    shell = "${pkgs.fish}/bin/fish";
  };

  # Set vim as default editor
  programs.vim.defaultEditor = true;

  # Set timezone and synchronize NTP
  time.timeZone = "Europe/Brussels";
  services.timesyncd.enable = true;

  # Enable ZFS support
  networking.hostId = "dca632d297f1";
  boot = {
    supportedFilesystems = [ "zfs" ];
    zfs.extraPools = [ "vault" ];
  };

  # Scrub zpool monthly
  services.zfs.autoScrub = {
    enable = true;
    interval = "monthly";
  };

  # Auto-upgrade the system and reboot if needed
  system.autoUpgrade = {
    enable = true;
    allowReboot = true;
  };

  # Run Nix garbage collector
  nix = {
    gc = {
      automatic = true;
      options = "--delete-older-than 14d";
    };
    extraOptions = ''
      keep-outputs = true
      gc-keep-outputs = true
    '';
  };

  # Configure fish shell
  programs.fish.enable = true;
  users.users.root = {
    shell = "${pkgs.fish}/bin/fish";
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFzv7R6htlqGXLWjscOxbj8nDOZLf6v61IUngSD2XvwzRGjiMhDPKxUEhkoBR5SbDAR0901Aakaf+SYxE9zpG29yncIGP9lLfs2iBBnH4ZXmsbaaEq7zhlpOHQnuT2rzwx5v1WiCZ2o57zuUm+4sd6j3pxqXGOPnVb0SaTLbIRuPR23l8zLLGdlyMF6k6iEjYQ6THuaRQBKQ7c9Cvy1dWUDdE+n7R/ESX9O1sjNVIc5zZIjsqTz4DEt6mIChNXGVHnQD+NKYpK8K+0yIYdKxoCLz0/HeMsHAM+bwl+np+ovk7tK4RKVUZ3f6d+nVm40vc2UW/UCrO4KPv3yrH4fVay5bvc0wQQwxfnSHJv3pVE0HFvZAMFQZst+6QUtttOZvF4IbhK5k/Vi3D0aMCGNa5DIAsq1wCOhR8e9oY0LAGkMyxnt0izJXNTGRXeM1EcHrxy9omU/pWaoiB7Eg0iWNgyg2UePpabknaIUo02dWdxmYV2OV/uORvClKSEvsym880= coolneng@panacea"
    ];
  };

  # Rotate logs after 7 days
  services.journald.extraConfig = "SystemMaxFiles=7";

  # Increase inotify limits
  boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };

  # Import other configuration modules
  imports = [
    ./modules/hardware-configuration.nix
    ./modules/networking.nix
    ./modules/datasync.nix
    ./modules/webstack.nix
    ./modules/devops.nix
    ./modules/monitoring.nix
    ./modules/periodic.nix
  ];

}