{ pkgs, inputs, ... }:
let
  username = "ryan";

  defaultBrowser = "zen";

  pinnedNixpkgs = pkgs.writeText "flake-registry.json" (builtins.toJSON {
    version = 2;
    flakes = [
      {
        from = { type = "indirect"; id = "nixpkgs"; };
	to = {
	  type = "path";
	  path = inputs.nixpkgs.outPath;
	  lastModified = inputs.nixpkgs.lastModified;
	  narHash = inputs.nixpkgs.narHash;
	};
      }
    ];
  });

in {
  # Define the system's user and home dir location
  users.users."${username}" = {
    name = "${username}";
    home = "/Users/${username}";
  };

  system.primaryUser = "${username}";

  # Install the /etc/nix/flake-registry.json file we made above
  environment.etc."nix/flake-registry.json".source = pinnedNixpkgs;

  # Install RyanCA Root
  security.pki.certificateFiles = [
    ../../files/CACerts/RyanCA.crt
  ];

  # Need to disable native nix handling because of Determinate nix
  determinateNix = {
    enable = true;
    customSettings = {
      flake-registry = "/etc/nix/flake-registry.json";
    };
  };

  # Determines the nix-darwin release compatibility
  system.stateVersion = 6;

  # System profile programs
  programs = {
	zsh.enable = true;
  };

  # Install homebrew casks/apps
  homebrew = {
    enable = true;

    onActivation = {
      cleanup = "zap";
      extraFlags = [ "--force-cleanup" ];
    };

    casks = [
      "utm"
      "ghostty"
      "zen"
    ];
  };

  # Keyboard shortcuts using skhd
  services.skhd = {
    enable = true;
    skhdConfig = ''
      alt - d : osascript -e 'tell application "System Events" to key code 49 using {command down}'
      alt - return : open -na /Applications/Ghostty.app
    '';
    };

  # System configuration
  time.timeZone = "America/New_York";

  system.defaults = {
    NSGlobalDomain = {
      # 24 hour time
      AppleICUForce24HourTime = true;

      # Dark Mode
      AppleInterfaceStyle = "Dark";

      # Key repeat rate
      KeyRepeat = 4;
      InitialKeyRepeat = 30;

      # Swap F1-12 to be default
      "com.apple.keyboard.fnState" = true;

      # Disable Keyboard bullcrap
      NSAutomaticCapitalizationEnabled = false;
      NSAutomaticDashSubstitutionEnabled = false;
      NSAutomaticPeriodSubstitutionEnabled = false;
      NSAutomaticQuoteSubstitutionEnabled = false;
      NSAutomaticSpellingCorrectionEnabled = false;
      ApplePressAndHoldEnabled = false;
    };

    # Control center stuff
    controlcenter = {
      BatteryShowPercentage = true;
    };

    # Clock settings
    menuExtraClock = {
      Show24Hour = true;
      ShowDate = 1; # Always
      ShowDayOfWeek = true;
      ShowSeconds = true;
    };

    # Screen capture settings
    screencapture = {
      target = "clipboard";
      type = "png";
    };

    # finder good settings
    finder = {
      AppleShowAllExtensions = true;
      AppleShowAllFiles = true;
      ShowPathbar = true;
      FXEnableExtensionChangeWarning = false;
      _FXShowPosixPathInTitle = true;
      NewWindowTarget = "Home";
      ShowExternalHardDrivesOnDesktop = false;
      ShowHardDrivesOnDesktop = false;
      ShowMountedServersOnDesktop = false;
      ShowRemovableMediaOnDesktop = false;
      ShowStatusBar = true;
    };

    # Login Window Settings
    loginwindow = {
      GuestEnabled = false;
      DisableConsoleAccess = true;
    };

    # dock settings
    dock = {
      magnification = true;
      largesize = 96;
      tilesize = 32;
      minimize-to-application = false;
      orientation = "bottom";
      autohide = true;
      persistent-apps = [
        { app = "/Applications/Zen.app"; }
        #{ app = "/System/Applications/Launchpad.app"; }
        { app = "/System/Applications/Messages.app"; }
        { app = "/System/Applications/Facetime.app"; }
        { app = "/System/Applications/Calendar.app"; }
        { app = "/System/Applications/App Store.app"; }
        { app = "/System/Applications/System Settings.app"; }
        { app = "/Applications/UTM.app"; }
      ];
      persistent-others = [
        { folder = { path = "/Users/${username}/Downloads"; showas = "grid"; arrangement = "date-created"; }; }
        { folder = { path = "/Applications"; showas = "grid"; arrangement = "name"; }; }
      ];
      show-recents = false;
    };

    # Custom preferences
    CustomUserPreferences = {
      NSGlobalDomain = {
        # Always show menu bar
        AppleMenuBarVisibleInFullscreen = true;
      };

      "com.apple.symbolichotkeys" = {
        AppleSymbolicHotKeys = {
          "64" = {
            enabled = true; # skhd needs this for its shortcut
          };
        };
      };
    };
  };

  # Post-Activation scripts
  system.activationScripts.postActivation.text = ''
    echo "Configuring NTP servers..."
    systemsetup -setnetworktimeserver pool.ntp.org > /dev/null 2>&1 || true
    systemsetup -setusingnetworktime on > /dev/null 2>&1 || true

    ryancasum="$(${pkgs.openssl}/bin/openssl x509 -in "${../../files/CACerts/RyanCA.crt}" -noout -fingerprint -sha1 | sed 's/.*=//; s/://g')"
    if ! /usr/bin/security find-certificate -a -Z "/Library/Keychains/System.keychain" | tr -d ':' | grep -iq "$ryancasum"; then
      echo "Installing RyanCA Certificate..."
      /usr/bin/security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${../../files/CACerts/RyanCA.crt}
    fi

    echo "Reloading Preferences DB..."
    /System/Library/PrivateFrameworks/SystemAdministration.framework/Resources/activateSettings -u

    echo "Setting default browser"
    ${pkgs.defaultbrowser}/bin/defaultbrowser ${defaultBrowser}

    # this is fragile so it goes at the bottom
    echo "Reloading skhd..."
    sudo -iu ${username} ${pkgs.skhd}/bin/skhd -r
  '';

}