{ config, lib, pkgs, ... }:

{
  imports = [ ./nix-settings.nix ./networking.nix ];

  # Time and Locale
  time.timeZone = "UTC";
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };

  # Disable emergency mode so boot continues
  systemd.enableEmergencyMode = false;

  # Default Packages Set
  environment.systemPackages = with pkgs; [ git vim htop wget nftables wireguard-tools tmux fd ripgrep ];

  nixpkgs.config.allowUnfree = true;

  # Security
  networking.firewall.enable = false;
  security.sudo.wheelNeedsPassword = false;
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
  };

  virtualisation.oci-containers.backend = "podman";

  # CPU
  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
  hardware.cpu.amd.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
  hardware.cpu.intel.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;

  # System state version
  system.stateVersion = lib.mkDefault "23.05";
}