{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: {
  environment.systemPackages = with pkgs; [ vim nixfmt ];

  imports = [ ../../git ../../mercurial ];
  services.nix-daemon.enable = true;
  nix = {
    useDaemon = true;
    gc.automatic = true;
    package = pkgs.nixUnstable;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };

  fonts.fontDir.enable = true;
  fonts.fonts = with pkgs; [
    (fetchzip {
      name = "berkeley-mono-fonts";
      url = "file:///" + ../../fonts.zip;
      postFetch = ''
        mkdir -p $out/share/fonts
        unzip -j $downloadedFile \*.otf -d $out/share/fonts/opentype
      '';
      sha256 = "sha256-y+j3iHGXJP1pdylLJTlxbhyQ1oFAwini3o3ljLzOsoM=";
    })
    nerdfonts
    fira-code
    font-awesome
    material-icons
    powerline-fonts
    source-code-pro
    weather-icons
  ];
  security.pki.certificateFiles = [
    "/Users/Shared/form3-certs/form3-palo-alto.pem"
    "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
  ];
  environment.variables = {
    NIX_SSL_CERT_FILE = "/Users/cyryl/certs/bundle.crt";
  };
  programs.zsh.enable = true; # default shell on catalina

  system.stateVersion = 4;

  home-manager.users.cyryl = { ... }: {
    imports = [ ];
    home.packages = with pkgs; [ awscli ];
    programs.git.userEmail = lib.mkForce "cyryl.plotnicki@form3.tech";
    programs.git.extraConfig.user.signingkey =
      "6441B1BC81F8FB1561C9AFF5534222210FE423ED";
    programs.git.extraConfig.commit.gpgsign = true;
    programs.git.extraConfig."url \"git@github.com:\"".insteadOf =
      "https://github.com/";
    programs.gpg.enable = true;
    programs.gpg.homedir = "/Users/cyryl/.gnupg";
    programs.zsh.loginExtra = ''
      eval "$(/opt/homebrew/bin/brew shellenv)"
    '';
  };
}