{
  pkgs,
  config,
  lib,
  inputs,
  ...
}: {
  imports = [
    inputs.autoaspm.nixosModules.default
  ];

  # set timezone
  time.timeZone = "America/Chicago";

  nix = {
    # garbage collect & remove builds older then 14 days
    gc = {
      automatic = true;
      dates = "daily";
      options = "--delete-older-than 14d";
      persistent = true;
    };
    # optimise nix store, dedupe and such
    optimise = {
      automatic = true;
      dates = [ "daily" ];
    };
    # the goats
    settings.experimental-features = lib.mkDefault [
      "nix-command"
      "flakes"
    ];
  };

  # allow proprietary packages
  nixpkgs = {
    config = {
      allowUnfree = true;
      allowUnfreePredicate = _: true;
    };
  };

  # power management
  services.autoaspm.enable = true;
  powerManagement.powertop.enable = true;

  # things are better this way
  users.defaultUserShell = pkgs.zsh;

  # base system package install list
  environment.systemPackages = with pkgs; [
    wget
    curl
    dig
    nmap
    rsync
    iperf3
    jq
    git
    age
    vim
    ncdu
    btop
    powertop
    iotop
    cifs-utils
    usbutils
    pciutils
    lm_sensors
  ];

  # nice to have passwordless sudo
  security.sudo = {
    extraRules = [
      {
        users = ["blake"];
        commands = [
          {
            command = "/run/current-system/sw/bin/nixos-rebuild";
            options = ["NOPASSWD"];
          }
          {
            command = "/run/current-system/sw/bin/systemctl";
            options = ["NOPASSWD"];
          }
          {
            command = "/run/current-system/sw/bin/journalctl";
            options = ["NOPASSWD"];
          }
          {
            command = "/run/current-system/sw/bin/tailscale";
            options = ["NOPASSWD"];
          }
          {
            command = "/etc/profiles/per-user/blake/bin/nom";
            options = ["NOPASSWD"];
          }
        ];
      }
    ];
    extraConfig = ''
      Defaults insults
    '';
  };
}