{
  description = "Home Manager configuration flake for JSL";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    home-manager = {
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    _1password-shell-plugins.url = "github:1Password/shell-plugins";
  };

  outputs = { self, nixpkgs, ... }@inputs:
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
      lib = pkgs.lib;

      userOptions = config: {
        openssh.authorizedKeys.keyFiles = lib.optionals config.ssh [ ./personal_keys ];
        extraGroups = lib.optionals config.root [ "wheel" ];
        shell = lib.mkIf config.shell pkgs.zsh;
      };
    in
    {
      homeManagerModules.default = { ... }: {
        imports = [
          ./nixosModules/options.nix
          ./home.nix
          inputs._1password-shell-plugins.hmModules.default
        ];
        nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
          "1password-cli"
        ];
        
        home.packages = with pkgs; [
          (writeShellScriptBin "nhmu" ''
            nix flake update --flake ~/.config/home-manager
            nix run home-manager -- switch --flake ~/.config/home-manager
          '')
        ];
      };

      nixosModules.default = { config, ... }: {
        imports = [
          ./nixosModules/options.nix
          ./nixosModules/scripts.nix
          inputs.home-manager.nixosModules.default
        ];
        nix.settings.trusted-users = [ "root" "@wheel" ];
        users.users.${config.user} = {
          isNormalUser = true;
        } // userOptions config;

        users.users.root = lib.mkIf config.root (userOptions config);
        security.sudo-rs = lib.mkIf config.root {
          enable = true;
          execWheelOnly = false;
          wheelNeedsPassword = false;
          extraConfig = "Defaults        timestamp_timeout=1440";
        };

        programs.zsh.enable = lib.mkIf config.shell true;

        home-manager = {
          useUserPackages = true;
          extraSpecialArgs = { inherit inputs; };
          users.root.programs.git = {
            stateVersion = config.stateVersion;
            extraConfig.credential.helper = "store --file ~/.git-credentials";
          };
          users.${config.user} = {
            imports = [
              self.homeManagerModules.default {
                user = config.user;
                stateVersion = config.stateVersion;
                profile = config.profile;
                shell = config.shell;
                ssh = config.ssh;
                _1password = config._1password;
              }
            ] ++ config.extraImports;
          };
        };
      };
    };
}