{ config, lib, pkgs, modules, ... }:

let
  sources = import ../nix/sources.nix;
in {
  imports = [
    ../modules
    ./users.nix
    (sources.home-manager + "/nixos")
    modules.network.nftables
  ];

  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
  boot.kernelParams = [ "quiet" ];

  networking.domain = lib.mkDefault "hacc.space";

  services.journald.extraConfig = ''
    SystemMaxUse=512M
    MaxRetentionSec=48h
  '';
  nix.gc.automatic = lib.mkDefault true;
  nix.gc.options = lib.mkDefault "--delete-older-than 1w";
  nix.trustedUsers = [ "root" "@wheel" ];
  environment.variables.EDITOR = "vim";

  services.openssh = {
    enable = true;
    ports = lib.mkDefault [ 62954 ];
    passwordAuthentication = false;
    challengeResponseAuthentication = false;
    permitRootLogin = lib.mkDefault "prohibit-password";
    extraConfig = "StreamLocalBindUnlink yes";
    forwardX11 = true;
  };
  security.sudo.wheelNeedsPassword = lib.mkDefault false;

  i18n.defaultLocale = "en_IE.UTF-8";
  time.timeZone = "UTC";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "de";
  };
  programs.mtr.enable = true;

  environment.systemPackages = with pkgs; [
    smartmontools lm_sensors htop tcpdump nload iftop
#   bottom 
    ripgrep
    git wget
    kitty.terminfo
    rsync pv progress
    parallel bc
    usbutils pciutils
    cryptsetup gptfdisk
    zstd p7zip
    file
    whois
    iperf
    fd
    exa
    socat
    tmux
    gnupg
    vim
    patchelf
    binutils
    dnsutils
    flashrom ifdtool cbfstool nvramtool
    nmap
    s-tui stress
    ffmpeg-full
  ];

  security.acme.email = "info+acme@hacc.space";
  security.acme.acceptTerms = true;

  services.nginx.appendHttpConfig = ''
    access_log off;
  '';

  networking.nftables.enable = true;
}