{ pkgs, ... }: {
  nixpkgs.config.allowUnfree = true;
  ids.gids.nixbld = 350;
  security.pam.services.sudo_local.touchIdAuth = true;

  # 1Password SSH Socket
  environment.variables.SSH_AUTH_SOCK = "~/Library/Group Containers/2BU8OCWD5C.com.1password/t/agent.sock";

  # Set vim as default editor
  environment.variables.EDITOR = "vim";
  environment.variables.VISUAL = "vim";
  environment.variables.GIT_EDITOR = "vim";

  # Add Homebrew to PATH
  environment.systemPath = [ "/opt/homebrew/bin" "/opt/homebrew/sbin" ];

  # Biome config
  environment.etc."biome.json".source = ./config.biome.json;
  environment.etc."oxlintrc.json".source = ./config.oxlintrc.json;

  system.primaryUser = "matthew.bessette";
  users.users."matthew.bessette" = {
    name = "matthew.bessette";
    home = "/Users/matthew.bessette";
  };

  # Homebrew for Casks and specific binaries
  # In a nix-darwin setup, Homebrew packages are not actually stored inside the Nix store. 
  # Instead, nix-darwin acts as a manager that triggers the standard Homebrew installation 
  # process on your macOS system.
  homebrew = {
    enable = true;
    onActivation.cleanup = "uninstall";
    onActivation.autoUpdate = true;
    onActivation.upgrade = true;
    taps = [ "bufbuild/buf" "jacobjohansen/tap" ];
    brews = [
      "biome"
      "jacobjohansen/tap/rds-auth-proxy"
    ];
    casks = [
      "android-commandlinetools"
      "android-platform-tools"
      "bruno" 
      "kopiaui" 
      "libreoffice" 
      "signal" 
      "spotify"
      "yubico-yubikey-manager" 
      "zoom"
    ];
  };

  nix.settings.experimental-features = "nix-command flakes";
  system.stateVersion = 4;
}