{ pkgs, ... }:
{
  environment.systemPackages = with pkgs; [
    pciutils
    usbutils
    lshw
  ];

  hardware = {
    enableAllFirmware = true;
    bluetooth.enable = true;

    # OpenGL + Vulkan
    graphics = {
      enable = true;
      extraPackages = with pkgs; [
        mesa.drivers
      ];
    };

    amdgpu = {
      initrd.enable = true;
      opencl.enable = true;
      # Temp disabled as it breaks GTK
      # amdvlk.enable = true;
    };
  };
  services = {
    fwupd.enable = true;

    hardware.bolt.enable = true;

    fprintd = {
      enable = true;
      # fprintd test suite fails
      package = pkgs.fprintd.overrideAttrs {
        mesonCheckFlags = [
          "--no-suite"
          "fprintd:TestPamFprintd"
        ];
      };
    };

    # Video Driver
    xserver = {
      videoDrivers = [ "displaylink" ];
      dpi = 280;
    };

    # SSD Trim
    fstrim.enable = true;

    # Power Management
    upower.enable = true;
    thermald.enable = true;
  };

  # hardware.trackpoint.enable = true;

  # FS
  fileSystems."/".options = [ "compress=zstd" ];

  powerManagement = {
    enable = true;
    powertop.enable = true;
  };
  security = {
    tpm2 = {

      # tpm
      enable = true;
      pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
      tctiEnvironment.enable = true;
    };
  }; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
  users.users.vivian.extraGroups = [ "tss" ]; # tss group has access to TPM devices
}