{ outputs, config, lib, ... }:

{
  security = {
    sudo.enable = true;
    polkit.enable = true;
  };

  services = {
    printing.enable = true;
    acpid.enable = true;
    upower.enable = true;

    openssh = {
      enable = true;
      # Forbid root login through SSH.
      # Use keys only. Remove if you want to SSH using password (not recommended)
      settings = {
        # permitRootLogin = "no";
        # passwordAuthentication = false;
        KbdInteractiveAuthentication = false;
        X11Forwarding = false;
      };
    };

    avahi = {
      enable = true;
      nssmdns4 = true; # 非常重要，允许系统解析 .local 地址
      openFirewall = true;
    };

    journald.extraConfig = ''
      SystemMaxUse=500M
      MaxFileSec=7day
    '';
  };

  nix = {
    settings = {
      # Enable flakes and new 'nix' command
      experimental-features = "nix-command flakes";
      substituters = [
        "https://mirrors.ustc.edu.cn/nix-channels/store"
        "https://nix-community.cachix.org"
        "https://cache.nixos.org/"
      ];
      trusted-public-keys = [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      trusted-users = [ "root" ];

      # Enable local binary cache
      keep-outputs = true;
      keep-derivations = true;

      max-jobs = "auto";
      cores = 0; # Use all available cores

      # Deduplicate and optimize nix store during build
      # auto-optimise-store = true;
    };

    gc = {
      automatic = true; # Enable automatic garbage collection
      dates = "weekly"; # Execute garbage collection weekly
      persistent = true; # Keep settings after reboot
      randomizedDelaySec = "15min"; # Add up to 15 minutes of random delay
      options = "--delete-older-than 30d"; # Delete files older than 30 days
    };

    # Automatically run garbage collection whenever there is not enough space left
    # Free up to 5GiB whenever there is less than 1GiB left:
    extraOptions = ''
      min-free = ${toString (1 * 1024 * 1024 * 1024)}
      max-free = ${toString (5 * 1024 * 1024 * 1024)}
    '';
  };

  nixpkgs = {
    # You can add overlays here
    overlays = [
      # Add overlays your own flake exports (from overlays and pkgs dir):
      outputs.overlays.additions
      outputs.overlays.modifications
      outputs.overlays.unstable-packages

      # You can also add overlays exported from other flakes:
      # neovim-nightly-overlay.overlays.default

      # Or define it inline, for example:
      # (final: prev: {
      #   hi = final.hello.overrideAttrs (oldAttrs: {
      #     patches = [ ./change-hello-to-hi.patch ];
      #   });
      # })
    ];
    # Configure your nixpkgs instance
    # 只有在没有使用外部创建的nixpkgs实例时才设置config
    config = {
      # Disable if you don't want unfree packages
      allowUnfree = true;
    };
  };
}