{
  config,
  lib,
  pkgs,
  outputs,
  ...
}:
{
  imports = [
    # TODO: auto-import via `outputs.modules.nixos`
    outputs.modules.global.nix-config

    ./system
    ./services
    ./users
  ]
  ++ (builtins.attrValues outputs.modules.nixos);

  security.sudo.wheelNeedsPassword = false;

  # Services configuration
  services = {
    openssh = {
      enable = true;
      openFirewall = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
        X11Forwarding = false;
      };
    };

    nullmailer = {
      enable = true;
      setSendmail = true;
      remotesFile = config.age.secrets."odin/services/nullmailer".path;
      config = {
        me = "odin.t5.st";
        defaulthost = "odin.t5.st";
        defaultdomain = "odin.t5.st";
        allmailfrom = "odin@t5.st";
        adminaddr = "odin@t5.st";
      };
    };
  };

  # # Container runtime
  # virtualisation = {
  #   docker = {
  #     enable = true;
  #     storageDriver = "btrfs";
  #     autoPrune = {
  #       enable = true;
  #       dates = "weekly";
  #       flags = [ "--all" "--force" "--volumes" ];
  #     };
  #   };
  # };

  programs.fish = {
    enable = true;
    vendor = {
      completions.enable = true;
      config.enable = true;
      functions.enable = true;
    };
  };

  environment.shells = [
    config.programs.fish.package
  ];

  # System packages
  environment.systemPackages = with pkgs; [
    # System utilities
    git
    htop
    btop
    iotop
    powertop
    lsof
    pciutils
    usbutils

    # Network tools
    curl
    wget
    rsync

    # File system tools
    btrfs-progs
    xfsprogs
    smartmontools
    hdparm

    # # Container tools
    # docker-compose

    # Monitoring
    lm_sensors
    nvme-cli
  ];

  # System identification
  networking.hostName = "odin";
  networking.useDHCP = lib.mkDefault true;
  # Time synchronization
  services.timesyncd.enable = true;
  time.timeZone = "Europe/Vienna";

  # System state version
  system.stateVersion = "25.05";
}