1{
 2  hostname,
 3  config,
 4  pkgs,
 5  lib,
 6  ...
 7}:
 8{
 9  imports = [
10    ./boot.nix
11    ./console.nix
12    ./hardware.nix
13    ./locale.nix
14    ./nh.nix
15    ./network.nix
16    ./tpm.nix
17
18    # All my machine have this running
19    ../services/avahi.nix
20    ../services/openssh.nix
21    ../programs/age.nix
22    # ../services/wireguard.nix # or netbird
23  ];
24
25  networking = {
26    hostName = hostname;
27    # useDHCP = lib.mkDefault true;
28  };
29
30  environment.systemPackages = with pkgs; [
31    binutils
32    curl
33    # f2
34    file
35    htop
36    iotop
37    killall
38    lsof
39    netcat
40    pciutils
41    psmisc
42    pv
43    ripgrep
44    rsync
45    traceroute
46    tree
47    usbutils
48    vim
49    wget
50    yq-go
51  ];
52
53  programs = {
54    zsh.enable = true;
55  };
56
57  services = {
58    # Only keep the last 500MiB of systemd journal.
59    journald.extraConfig = "SystemMaxUse=500M";
60  };
61
62  security = {
63    polkit.enable = true;
64    rtkit.enable = true;
65  };
66
67  # Clear out /tmp after a fortnight and give all normal users a ~/tmp
68  # cleaned out weekly.
69  systemd.tmpfiles.rules = [
70    "d /tmp 1777 root root 14d"
71  ]
72  ++ (
73    let
74      mkTmpDir = n: u: "d ${u.home}/tmp 0700 ${n} ${u.group} 7d";
75    in
76    lib.mapAttrsToList mkTmpDir (lib.filterAttrs (_: u: u.isNormalUser) config.users.extraUsers)
77  );
78
79  services.fwupd.enable = true;
80}