{
  pkgs,
  username,
  hostname,
  ...
}:
{
  system.stateVersion = "25.05";

  imports = [
    ./disk-config.nix
    ./hardware-configuration.nix
    ../../modules/core/grub.nix
    ../../modules/optionnals/sops-desktop.nix
  ];

  boot.kernelPackages = pkgs.linuxPackages_latest;

  time.timeZone = "Europe/Paris";

  nix = {
    settings = {
      ## Enable flakes
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      ## Users trusted to use flake command
      trusted-users = [
        "root"
        "${username}"
      ];
    };
  };

  users.users = {
    ${username} = {
      isNormalUser = true;
      createHome = true;
      password = "toto";
      description = "Admin account";
      extraGroups = [
        "wheel"
      ];
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
      ];
    };
    root = {
      password = null;
    };
  };

  system.activationScripts.setup-ssh-keys = {
    text = ''
      mkdir -p /home/${username}/.ssh
      chown ${username}:users /home/${username}/.ssh
      chmod 700 /home/${username}/.ssh
    '';
  };

  security.sudo = {
    enable = true;
    extraRules = [
      {
        users = [ "${username}" ];
        host = "ALL";
        runAs = "ALL:ALL";
        commands = [
          {
            command = "ALL";
            options = [ "NOPASSWD" ];
          }
        ];
      }
    ];
    #extraConfig = "#includedir /etc/sudoers.d";
  };
  environment.systemPackages = [
    pkgs.neovim
    pkgs.git
    pkgs.curl
    pkgs.nixos-anywhere
    pkgs.nixos-generators
    pkgs.ssh-to-age
    pkgs.htop
  ];

  services.openssh.enable = true;

  networking.hostName = "${hostname}";
}