# All configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
{
  nix = {
    settings.auto-optimise-store = true;
    settings.allowed-users = [ "@wheel" ];
    gc = {
      automatic = true;
      dates = "weekly";
      persistent = true;
      options = "--delete-older-than 30d";
    };
    package = pkgs.nixFlakes;
    registry.nixpkgs.flake = inputs.nixpkgs;
    extraOptions = ''
      experimental-features = nix-command flakes
      keep-outputs = true
      keep-derivations = true
    '';
  };
  nixpkgs.config.allowUnfree = true;

  networking.networkmanager.enable = true;

  time.timeZone = "America/Los_Angeles";
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  services = {
    cron = {
      enable = true;
      systemCronJobs = [
        # Clean logs older than 2d
        "0 20 * * * root journalctl --vacuum-time=2d"
      ];
    };
    openssh = {
      enable = true;
      settings = {
        PasswordAuthentication = false;
        KbdInteractiveAuthentication = false;
        PermitRootLogin = "no";
      };
      allowSFTP = false; # Don't set this if you need sftp
      extraConfig = ''
        AllowTcpForwarding yes
        X11Forwarding no
        AllowAgentForwarding no
        AllowStreamLocalForwarding no
        AuthenticationMethods publickey
      '';
    };
  };

  # Define a user account. Don't forget to set a password with ‘passwd’
  users.users.${user.name} = {
    isNormalUser = true;
    extraGroups = [ "networkmanager" "wheel" ];
    initialPassword = "hunter2";
    packages = with pkgs; [
      eva
      gotop
      links2
      nix-du
      nmap
      ranger
    ];
  };

  programs = {
    mtr.enable = true;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
    git = {
      enable = true;
    };
    neovim = {
      enable = true;
      defaultEditor = true;
      viAlias = true;
      vimAlias = true;
    };
    tmux = {
      enable = true;
    };
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment = {
    defaultPackages = with pkgs; [
      perl
      rsync
      strace
    ];
    systemPackages = with pkgs; [
      curl
      wget
    ];
  };
  system = {
    #autoUpgrade = {
    #  enable = true;
    #  allowReboot = false;
    #  channel = "https://channels.nixos.org/nixos-unstable";
    #  flake = "<git repo url>";
    #  flags = [
    #  "--update-input"
    #  "nixpkgs"
    #  "--commit-lockfile"
    #  ];
    #};
    stateVersion = "22.11";
  };
}