{
  pkgs,
  inputs,
  ...
}: {
  imports = [
    inputs.nixos-hardware.nixosModules.common-cpu-intel
    inputs.nixos-hardware.nixosModules.common-gpu-nvidia
    inputs.nixos-hardware.nixosModules.common-pc-laptop
    inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
    inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call
    inputs.self.nixosModules.homeManagerConfig
    inputs.custom-udev-rules.nixosModule
    ../../hardware/thinkpad-p1-gen3.nix
    ../../modules/light-actkbd.nix
    ../../modules/nvidia-fixed.nix
  ];

  config = {
    boot = {
      # Use the systemd-boot EFI boot loader.
      loader = {
        systemd-boot.enable = true;
        efi.canTouchEfiVariables = true;
      };
    };

    networking = {
      hostName = "helix-texta";
      networkmanager.enable = true;
    };

    nixpkgs.overlays = [
      inputs.nixpkgs-wayland.overlay
    ];

    system.fsPackages = [pkgs.sshfs];

    settings.minimalGnome.enable = true;
    settings.batteryStuff.enable = true;

    # Pipewire for my wayland
    sound.enable = false;
    security.rtkit.enable = true;
    services.pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
      jack.enable = true;

      # config.pipewire-pulse."stream.properties" = {
      #   "channelmix.upmix" = true;
      #   "channelmix.lfe-cutoff" = 150;
      # };

      # config.pipewire = {"default.clock.allowed-rates" = [48000 44100];};

      # media-session.config.media-session = lib.recursiveUpdate options.services.pipewire.media-session.config.media-session.default {
      #   "session.modules".default = options.services.pipewire.media-session.config.media-session.default."session.modules".default ++ ["default-profile"];
      # };

      # media-session.config.alsa-monitor = {
      #   rules = [
      #     {
      #       matches = [
      #         {
      #           "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
      #         }
      #       ];
      #       actions = {
      #         update-props = {
      #           #"audio.rate" = 96000;
      #           "api.alsa.headroom" = 1024;
      #         };
      #       };
      #     }
      #   ];
      # };
    };
    xdg.portal = {
      enable = true;
      extraPortals = with pkgs; [xdg-desktop-portal-gtk];
    };

    services.udev.customRules = [
      # Rename the Scarlett Solo using udev
      {
        name = "85-scarlett-solo";
        rules = ''
          SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo"
        '';
      }
      {
        name = "85-yubikey";
        rules = ''
          SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey"
        '';
      }
    ];

    security.pam = {
      yubico = {
        control = "sufficient";
        mode = "challenge-response";
        debug = false;
      };
      # TODO: Update once my PR lands
      services.login.yubicoAuth = true;
      services.login.fprintAuth = true;
      services.sshd.fprintAuth = false;
    };
    # TODO: This is not good
    services.fprintd.enable = true;

    users.mutableUsers = false;
    users.custom.malte.enable = true;

    # Use some fonts
    fonts = {
      enableDefaultPackages = true;
      packages = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
      fontconfig = {
        enable = true;
        defaultFonts.monospace = ["Hack NF FC Ligatured"];
      };
    };

    # Configure GPG with SSH support and enable the yubikey
    programs.gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      pinentryFlavor = "qt";
    };

    # TODO: This defaults to true, why does it not work with virtualisation.containers.enable?
    boot.enableContainers = false;
    virtualisation = {
      podman = {
        enable = true;
        # Create a `docker` alias for podman, to use it as a drop-in replacement
        dockerCompat = true;
        dockerSocket.enable = true;
        defaultNetwork.settings.dns_enabled = true;
      };
    };

    programs.steam = {
      enable = true;
      remotePlay.openFirewall = true;
    };

    nixpkgs.config.packageOverrides = pkgs: {
      steam = pkgs.steam.override {extraPkgs = pkgs: [pkgs.openssl];};
    };

    services.udev.packages = with pkgs; [yubikey-personalization chrysalis];

    environment.systemPackages = with pkgs; [
      thunderbolt
      qt5.qtwayland
      chrysalis
    ];
    # TODO: Remove when firefox' RDD is fixed (allows libva)
    environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1";

    services.fwupd.enable = true;
    services.devmon.enable = true;

    sops.defaultSopsFile = ../../secrets/hosts/helix-texta/secrets.yaml;
    sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];

    # This value determines the NixOS release from which the default
    # settings for stateful data, like file locations and database versions
    # on your system were taken. It‘s perfectly fine and recommended to leave
    # this value at the release version of the first install of this system.
    # Before changing this value read the documentation for this option
    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
    system.stateVersion = "20.09"; # Did you read the comment?
  };
}