{ config, lib, pkgs, modules, sources, ... }:

{
  imports = [
    ../modules
    ./users.nix
  ];

  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
  boot.kernelParams = [ "quiet" ];

  networking.domain = lib.mkDefault "hacc.space";

  services.journald.extraConfig = ''
    SystemMaxUse=512M
    MaxRetentionSec=48h
  '';
  nix.gc.automatic = lib.mkDefault true;
  nix.gc.options = lib.mkDefault "--delete-older-than 7d";
  nix.settings.trusted-users = [ "root" "@wheel" ];
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';
  environment.variables.EDITOR = "vim";

  services.openssh = {
    enable = true;
    ports = lib.mkDefault [ 62954 ];
    settings = {
      X11Forwarding = true;
      PermitRootLogin = "prohibit-password";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      StreamLocalBindUnlink = true;
    };
  };
  programs.mosh.enable = true;
  programs.fish.enable = true;
  security.sudo.wheelNeedsPassword = lib.mkDefault false;

  i18n.defaultLocale = "en_IE.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "de";
  };
  programs.mtr.enable = true;

  environment.systemPackages = with pkgs; [
    smartmontools lm_sensors htop tcpdump nload iftop
    bottom 
    ripgrep vgrep
    git wget
    kitty.terminfo
    rsync pv progress
    parallel bc
    usbutils pciutils
    cryptsetup gptfdisk
    zstd p7zip
    file
    whois
    iperf
    fd
    eza
    socat
    tmux
    gnupg
    vim neovim
    patchelf
    binutils
    dnsutils
    flashrom ifdtool cbfstool nvramtool
    nmap
    s-tui stress
    ffmpeg-full
    bat 
    niv
  ];

  security.acme.defaults.email = "info+acme@hacc.space";
  security.acme.acceptTerms = true;

  services.nginx.appendHttpConfig = ''
    access_log off;
    add_header Permissions-Policy "interest-cohort=()";
  '';

  networking.nftables.enable = true;
}