{
  pkgs,
  lib,
  inputs,
  ...
}:
let
  userList = [
    "root"
    "thehedgehog"
    "pyrox"
  ];
  flakeInputs = lib.filterAttrs (name: value: (value ? outputs) && (name != "self")) inputs;
in
{
  nix = {
    enable = true;
    gc.automatic = true;
    registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs;
    settings = {
      # Don't auto-accept flake-defined nix settings, they're a CVE waiting to happen.
      accept-flake-config = false;
      # Allow these users to access the daemon
      allowed-users = userList;
      # No pre-defined nixbld users
      auto-allocate-uids = true;
      # Always optimize the store
      auto-optimise-store = true;
      # Compress build logs to save space
      compress-build-log = true;
      # Use all available cores to build
      cores = lib.mkDefault 8;
      experimental-features = [
        # Use auto-generated uids instead of users in the nixbld group
        "auto-allocate-uids"
        # Can allow saving space in the store by content-addressing instead of input-addressing derivations
        "ca-derivations"
        # Build inside cgroups
        "cgroups"
        # Duh
        "flakes"
        # Nix3 CLI
        "nix-command"
        # Disallow URL Literals as they are deprecated
        "no-url-literals"
      ];
      # Build from source if substitution fails
      fallback = true;
      # Write an empty flake registry
      flake-registry = pkgs.writers.writeJSON "registry-empty.json" {
        flakes = [ ];
        version = 2;
      };
      # allow keeping direnv gc roots
      keep-derivations = true;
      # Keep going even if a build fails, so that all possible succeeding builds do
      keep-going = true;
      # More direnv gc root stuff
      keep-outputs = true;
      log-lines = 20;
      # Limit the max amount of builds
      max-jobs = lib.mkDefault 4;
      # Extra system features
      system-features = [
        "big-parallel"
        "kvm"
        "nixos-test"
      ];
      # The pubkeys of the below substituters
      trusted-public-keys = [
        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      # Extra substituters
      trusted-substituters = [
        "https://cache.nixos.org"
        "https://nix-community.cachix.org"
      ];
      # These users have additional daemon rights
      trusted-users = userList;
      # Use cgroups for building
      use-cgroups = true;
      # Allow use of the registry
      use-registries = true;
      # XDG base dirs to avoid cluttering $HOME
      use-xdg-base-directories = true;
      # I almost always work in a dirty tree, I know it's dirty
      warn-dirty = false;
    };
  };
}