{ inputs, lib,  pkgs, hostname, stateVersion, username, desktop, system, ... }: {
  imports = [ 
    # Modules
    inputs.disko.nixosModules.disko
    
    # Services
    ./common/services/openssh.nix
    ./common/services/fail2ban.nix
    ./common/services/tailscale.nix
    ./common/services/promtail.nix
    ./common/services/telegraf.nix

    # Software
    ./common/software/cli/scripts.nix
    ./common/packages/small.nix

    # NixOS Modules
    ./common/modules/networking.nix      # Initial Networking configs
    ./common/modules/nixos.nix           # Common NixOS Configurations
    ./common/modules/remote-builders.nix # Add remote builders

    ./users/${username}
    ./hosts/${hostname}
  ] ++ lib.optional (builtins.isString desktop) ./common/desktops/${desktop};
 
  programs.fish.enable = true;

  # NOTE:  This user is used to remotely build NixOS using deploy-rs
  #        The private key needs to be manually copied to /home/deploy/.ssh/id_ed25519 
  #        on any machine being used to deploy from.  It is located in secrets.yaml -> 
  #        deploy/ssh_key

  # Configure the user 
  users.users.deploy = {
    isNormalUser = true;
    createHome = true;
    home = "/home/deploy";
    # Only add the minimum required groups
    extraGroups = [ "deploy" "nixbld" ]; # Create a dedicated group
    # Disable interactive login
    # TODO:  Need to re-enable this when things are working
    # shell = "/run/current-system/sw/bin/nologin";
    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyjI22cErvcrjDGkdqnnDDh/L6+5GemXL0l/sGXPuIJ deploy" ];
  };

  # Anyone in the deploy group is allowed to connect to the Nix daemon
  nix.settings.trusted-users = [ "@deploy" ];

  # Create a dedicated group
  users.groups.deploy = {};

security.sudo = {
  enable = true;
  extraRules = [{
    users = [ "deploy" ];
    commands = [
      {
        command = "/run/current-system/sw/bin/nixos-rebuild";
        options = [ "NOPASSWD" ];
      }
      {
        command = "/run/current-system/sw/bin/home-manager";
        options = [ "NOPASSWD" ];
      }
      {
        command = "/nix/store/*/bin/switch-to-configuration";
        options = [ "NOPASSWD" ];
      }
      {
        command = "/nix/store/*-system/bin/switch-to-configuration";
        options = [ "NOPASSWD" ];
      }
      {
        command = "/run/current-system/sw/bin/nix-env";
        options = [ "NOPASSWD" ];
      }
      {
        command = "/run/current-system/sw/bin/nix-store";
        options = [ "NOPASSWD" ];
      }
      {
        command = "/run/current-system/sw/bin/nix-daemon";
        options = [ "NOPASSWD" ];
      }
    ];
  }];
};
 
  # Sets permissions  
  systemd.tmpfiles.rules = [ "Z /etc/nixos/git - deploy deploy" ]; 
}