{ lib, pkgs, ... }: {
  imports = [ ./audio.nix ./tailscale.nix ./bluetooth.nix ./printing.nix ];

  # use nix version 2.22
  nix = {
    package = pkgs.nixVersions.nix_2_22;

    settings = {
      auto-optimise-store = lib.mkDefault true;
      experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
    };
  };

  users.users.lu.extraGroups = [ "audio" ];

  # auto mount external drives
  services.devmon.enable = true;
  services.gvfs.enable = true;
  services.udisks2.enable = true;

  # use initrd systemd boot
  boot.initrd.systemd.enable = true;

  # use a tmpfs
  boot.tmp.useTmpfs = true;
  systemd.services.nix-daemon = { environment.TMPDIR = "/var/tmp"; };

  # use fstrim for ssds
  services.fstrim.enable = true;

  # use dbus-broker for faster dbus
  services.dbus.implementation = "broker";

  systemd.services.NetworkManager-wait-online.enable = false;

  # set up a keyring
  services.gnome.gnome-keyring.enable = true;

  # set up ausweisapp for online german government login
  programs.ausweisapp = {
    enable = true;
    openFirewall = true;
  };

  # use nh for easier nix stuff
  programs.nh = {
    enable = true;
    clean.enable = true;
    clean.extraArgs = "--keep 3";
  };
}