dotfiles/defaults/base/default.nix

{ config, lib, pkgs, ... }:

let metausers = (import ../../meta).users;
in {
  imports = [ ../../modules ./unfree.nix ./applications.nix ./overlays.nix ];

  boot.loader.timeout = 2;
  boot.tmpOnTmpfs = true;
  boot.kernelPackages = pkgs.linuxPackages_latest;

  console.keyMap = "de_CH-latin1";
  i18n.defaultLocale = "en_US.UTF-8";

  users.mutableUsers = false;
  users.groups = metausers.groups;
  users.users = metausers.users // {
    root.openssh.authorizedKeys.keys = with lib;
      concatLists (mapAttrsToList (name: user:
        if elem "wheel" user.extraGroups then
          user.openssh.authorizedKeys.keys
        else
          [ ]) metausers.users);
  };

  # Package management
  nix = {
    trustedUsers = [ "root" "@wheel" ];
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
    package = pkgs.nixFlakes;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };

  system.autoUpgrade.enable = true;
  system.autoUpgrade.allowReboot = false;

  # System Services
  services.btrfs.autoScrub.enable = true;
  services.fwupd.enable = true;

  # Network services
  networking.firewall = {
    allowPing = true;
    allowedTCPPorts = [ 22 ];
  };

  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };

  security.acme = {
    acceptTerms = true;
    email = "sysadmin@qo.is";
  };

  # Default Settings
  environment.etc = {
    gitconfig.source = ./etc/gitconfig;
    vimrc.source = ./etc/vimrc;
  };

  programs.autojump.enable = true;
  programs.vim.defaultEditor = true;
}