{ config, nixpkgs, pkgs, lib, ... }:

{
  imports = [
    ./users
    ./crypto
    ./wireguard
    ./nix-settings.nix
  ];

  # Time and Locale
  time.timeZone = "UTC";
  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };

  # Default Packages Set
  environment.systemPackages = with pkgs; [ vim htop wget nftables wireguard-tools ];

  # Wireguard
  wireguard = {
    enable = lib.mkDefault false;
    v4 = { network = lib.mkDefault "10.10.0.0"; };
    v6 = {
      ula = lib.mkDefault "fd15:3d8c:d429:beef";
      gua = lib.mkDefault "2a0f:9400:8020:beef";
    };
  };

  # Security
  networking.firewall.enable = false;
  security.sudo.wheelNeedsPassword = false;
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
    permitRootLogin = "no";
  };

  # CPU
  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
  hardware.cpu.amd.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;
  hardware.cpu.intel.updateMicrocode =
    lib.mkDefault config.hardware.enableRedistributableFirmware;

  # System state version
  system.stateVersion = lib.mkDefault "23.05";
}