1{
 2  hostname,
 3  config,
 4  pkgs,
 5  lib,
 6  ...
 7}:
 8{
 9  imports = [
10    ./boot.nix
11    ./console.nix
12    ./hardware.nix
13    ./locale.nix
14    ./nh.nix
15    ./network.nix
16    ./tpm.nix
17
18    # All my machine have this running
19    ../services/avahi.nix
20    ../services/openssh.nix
21    ../programs/age.nix
22    # ../services/wireguard.nix # or netbird
23  ];
24
25  networking = {
26    hostName = hostname;
27    # useDHCP = lib.mkDefault true;
28  };
29
30  environment.systemPackages = with pkgs; [
31    binutils
32    curl
33    detach # For detached session management
34    # f2
35    file
36    htop
37    iotop
38    killall
39    lsof
40    netcat
41    pciutils
42    psmisc
43    pv
44    ripgrep
45    rsync
46    shpool-ssh-wrapper # For smart shpool SSH session management
47    traceroute
48    tree
49    usbutils
50    vim
51    wget
52    yq-go
53  ];
54
55  programs = {
56    zsh.enable = true;
57  };
58
59  services = {
60    # Only keep the last 500MiB of systemd journal.
61    journald.extraConfig = "SystemMaxUse=500M";
62  };
63
64  security = {
65    polkit.enable = true;
66    rtkit.enable = true;
67    pam.sshAgentAuth.enable = true;
68  };
69
70  # Clear out /tmp after a fortnight and give all normal users a ~/tmp
71  # cleaned out weekly.
72  systemd.tmpfiles.rules = [
73    "d /tmp 1777 root root 14d"
74  ]
75  ++ (
76    let
77      mkTmpDir = n: u: "d ${u.home}/tmp 0700 ${n} ${u.group} 7d";
78    in
79    lib.mapAttrsToList mkTmpDir (lib.filterAttrs (_: u: u.isNormalUser) config.users.extraUsers)
80  );
81
82  services.fwupd.enable = true;
83}