{ config, pkgs, ... }:

{
  fileSystems."/" =
    { device = "/dev/disk/by-partlabel/primary";
      fsType = "btrfs";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-partlabel/ESP";
      fsType = "vfat";
    };

  # hardware
  hardware.enableRedistributableFirmware = true;
  services.fwupd.enable = true;

  # Network
  networking = {
    extraHosts = "";
    networkmanager = {
      enable = true;
      plugins = with pkgs; [
        networkmanager-openvpn
        networkmanager-openconnect
      ];
    };
    useDHCP = false; # Depreciated
  };

  # Bootloader
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Kernel
  boot.kernelPackages = pkgs.linuxPackages_latest;

  # Nix
  nix = {
    # Automate garbage collection
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
    package = pkgs.nixVersions.stable;
    settings = {
      auto-optimise-store = true;
      trusted-users = [ "root" "jsutter" ];
      experimental-features = [ "nix-command" "flakes" ];
    };
  };

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # Set your time zone.
  time.timeZone = "America/Los_Angeles";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  # Enable CUPS to print documents (disabled for headless)
  # services.printing.enable = true;

  # Enable sound (disabled for headless)
  # sound.enable = true;
  # hardware.pulseaudio.enable = false;
  # security.rtkit.enable = true;
  # services.pipewire = {
  #   enable = true;
  #   alsa.enable = true;
  #   alsa.support32Bit = true;
  #   pulse.enable = true;
  # };

  # Define a user account. Don't forget to set a password with 'passwd'.
  users.defaultUserShell = pkgs.zsh;
  programs.zsh.enable = true;

  # System state version
  system.stateVersion = "24.05";

  # List packages installed in system profile
  environment.systemPackages = with pkgs; [
    # Essential CLI tools for server management
    vim
    git
    curl
    wget
    htop
    iotop
    nethogs
    ncdu
    tree
    unzip
    zip
    jq
    yq
    tmux
    screen
    lsof
    netcat
    nmap
    tcpdump
    iftop
    dnsutils
    whois
    rsync
    pciutils
    sysstat
    powertop
    gnupg
    p7zip
    openssl
    gnumake
    kopia
    dig
    python3
    pv
    stress
    s-tui
    clinfo
    fwupd
  ];

  # No GUI services for headless
  # services.flatpak.enable = false; # Explicitly disabled

  # No fonts needed for headless
  # fonts.packages = []; # No GUI fonts needed

  # Disable X server completely for headless
  services.xserver.enable = false;
  
  # Disable documentation to save space
  documentation.nixos.enable = false; 

  # Network optimizations
  systemd.network.wait-online.enable = false;
  boot.initrd.systemd.network.wait-online.enable = false;
}