{ pkgs, ... }:

{
  imports = [
    ./users.nix
    ./motd.nix
    ./firewall.nix
  ];

  nix = {
    package = pkgs.lix;
    settings.experimental-features = [ "nix-command" "flakes" ];
  };

  nix.gc = {
    automatic = true;
    options = "--delete-older-than 14d";
    randomizedDelaySec = "30min";
  };

  environment.systemPackages = with pkgs; [
      vim
      wget
      curl
      htop
      tmux
      openssl
      git
      podman-tui
  ];

  programs.mtr.enable = true;
  programs.zsh.enable = true;
  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
    execWheelOnly = true;
  };

  services.earlyoom.enable = true;

  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
    };
    extraConfig = ''
      AllowTcpForwarding yes
      AllowAgentForwarding yes
      AllowStreamLocalForwarding yes
      AuthenticationMethods publickey
    '';
  };

  virtualisation.containers.enable = true;
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
    };
  };
  environment.etc = {
    "nixos/THIS-SERVER-IS-BUILT-EXTERNALLY-READ-ME" = {
      text = ''
      Nothing in this directory is the current config.
      Please see https://git.private.coffee/wolfgirls/nixos
      Or /run/current-system/
      '';
      mode = "0644";
    };
  };
}