{
  lib,
  pkgs,
  config,
  inputs,
  ...
}: {
  imports = [
    inputs.nixos-hardware.nixosModules.framework-11th-gen-intel
  ];

  nixpkgs.config.allowUnfree = true;

  boot = {
    initrd = {
      availableKernelModules = ["usb_storage" "sd_mod"];
    };
    kernelModules = ["sg"];

    # Bootloader.
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
  };

  host = {
    users = {
      leyla = {
        isDesktopUser = true;
        isTerminalUser = true;
        isPrincipleUser = true;
      };
      eve.isDesktopUser = true;
    };

    hardware = {
      directAccess.enable = true;
    };

    ai = {
      enable = true;
      models = {
        "Llama 3.1 8B" = {
          model = "lamma3.1:8b";
          roles = ["chat" "edit" "apply"];
          apiBase = "http://twilight:11434";
        };

        "qwen2.5-coder:1.5b-base" = {
          model = "qwen2.5-coder:1.5b-base";
          roles = ["autocomplete"];
          apiBase = "http://twilight:11434";
        };

        "nomic-embed-text:latest" = {
          model = "nomic-embed-text:latest";
          roles = ["embed"];
          apiBase = "http://twilight:11434";
        };
      };
    };
  };

  environment.systemPackages = with pkgs; [
    cachefilesd
    webtoon-dl
  ];
  services.cachefilesd.enable = true;

  programs = {
    adb.enable = true;
    steam = {
      enable = true;
      remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
      dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
    };
  };

  networking = {
    networkmanager.enable = true;
    hostName = "horizon"; # Define your hostname.
  };
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

  hardware = {
    graphics.enable = true;
  };

  sops.secrets = {
    "vpn-keys/tailscale-authkey/horizon" = {
      sopsFile = "${inputs.secrets}/vpn-keys.yaml";
    };
  };

  services = {
    # sudo fprintd-enroll
    fprintd = {
      enable = true;
    };
    # firmware update tool
    fwupd = {
      enable = true;
    };
    tailscale = {
      enable = true;
      authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path;
      useRoutingFeatures = "client";
    };

    syncthing.enable = true;
  };

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.05"; # Did you read the comment?
}