{
  lib,
  inputs,
  ...
}: let
  inherit (lib.attrsets) filterAttrs mapAttrs;
  inherit (lib.types) isType;

  flakeInputs = filterAttrs (name: value: (isType "flake" value) && (name != "self")) inputs;
in {
  nix = {
    # pin the registry to avoid downloading and evaluating a new nixpkgs version everytime
    registry = mapAttrs (_: flake: {inherit flake;}) flakeInputs;

    gc = {
      automatic = true;
      options = "--delete-older-than 7d";
    };

    channel.enable = false;

    settings = {
      min-free = 5 * 1024 * 1024 * 1024;
      max-free = 20 * 1024 * 1024 * 1024;

      # automatically optimise symlinks
      # Disable auto-optimise-store because of this issue:
      # https://github.com/NixOS/nix/issues/7273
      auto-optimise-store = true;

      # users or groups which are allowed to do anything with the Nix daemon
      allowed-users = ["@wheel"];
      # users or groups which are allowed to manage the nix store
      trusted-users = ["@wheel"];

      # we don't want to track the registry, but we do want to allow the usage
      # of the `flake:` references, so we need to enable use-registries
      use-registries = true;
      flake-registry = "";

      max-jobs = "auto";

      # build inside sandboxed environments
      sandbox = true;

      # supported system features
      system-features = [
        "nixos-test"
        "kvm"
        "recursive-nix"
        "big-parallel"
      ];

      keep-going = true;

      # show more log lines for failed builds, as this happens alot and is useful
      log-lines = 30;

      # https://docs.lix.systems/manual/lix/nightly/contributing/experimental-features.html
      experimental-features = [
        # enables flakes, needed for this config
        "flakes"

        # enables the nix3 commands, a requirement for flakes
        "nix-command"

        # allow nix to call itself
        "recursive-nix"

        # allow nix to build and use content addressable derivations, these are nice because
        # they prevent rebuilds when changes to the derivation do not result in changes to the derivation's output
        "ca-derivations"

        # Allows Nix to automatically pick UIDs for builds, rather than creating nixbld* user accounts
        # which is BEYOND annoying, which makes this a really nice feature to have
        "auto-allocate-uids"

        # allows Nix to execute builds inside cgroups
        # remember you must also enable use-cgroups in the nix.conf or settings
        "cgroups"

        # allow passing installables to nix repl, making its interface consistent with the other experimental commands
        "repl-flake"

        # allow usage of the pipe operator in nix expressions
        "pipe-operator"

        # enable the use of the fetchClosure built-in function in the Nix language
        "fetch-closure"

        # dependencies in derivations on the outputs of derivations that are themselves derivations outputs
        "dynamic-derivations"

        # allow parsing TOML timestamps via builtins.fromTOML
        "parse-toml-timestamps"
      ];

      warn-dirty = false;

      http-connections = 50;

      # whether to accept nix configuration from a flake without prompting
      # literally a CVE waiting to happen <https://x.com/puckipedia/status/1693927716326703441>
      accept-flake-config = false;

      # build from source if the build fails from a binary source
      fallback = true;

      # this defaults to true, however it slows down evaluation and I'm pretty sure it's not needed (yet?)
      allow-import-from-derivation = false;

      keep-derivations = true;
      keep-outputs = true;

      use-xdg-base-directories = true;
    };
  };
}