iac/hosts/common.nix

{ config, lib, pkgs, ... }:

{
  nix = {
    optimise = {
      automatic = true;
    };
    settings = {
      auto-optimise-store = true;
      experimental-features = [ "nix-command" "flakes" ];
    };
    gc = {
      automatic = true;
      options = "--delete-older-than 7d";
    };
  };

  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    kernelPackages = pkgs.linuxPackages_latest;
  };

  networking = {
    search = [ "xengi.de" ];
    useNetworkd = true;
    nftables.enable = true;
    dhcpcd.enable = false;
    useDHCP = false;
    nameservers = [
      "2606:4700:4700::1111#one.one.one.one"
      "2620:fe::fe#dns.quad9.net"
    ];
    firewall.enable = true;
  };

  services.resolved = {
    enable = true;
    fallbackDns = [
      "1.1.1.1#one.one.one.one"
      "9.9.9.9#dns.quad9.net"
    ];
    llmnr = "false";
    extraConfig = ''
      MulticastDNS=false
    '';
    dnssec = "allow-downgrade";
    dnsovertls = "true"; #"opportunistic";
  };

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

  time.timeZone = "Europe/Berlin";

  console = {
    font = "Lat2-Terminus16";
    useXkbConfig= true;
  };

  environment.systemPackages = with pkgs; [
    vim
    git
  ];

  programs = {
    vim = {
      enable = true;
      defaultEditor = true;
    };
    mtr.enable = true;
    htop = {
      enable = true;
      settings = {
        highlight_base_name = true;
        show_cpu_frequency = true;
        show_cpu_temperature = true;
        update_process_names = true;
        color_scheme = "6";
      };
    };
    tmux = {
      enable = true;
      terminal = "screen-256color";
      shortcut = "a";
      plugins = with pkgs.tmuxPlugins; [ sensible ];
      newSession = true;
      historyLimit = 10000;
      clock24 = true;
    };
  };

  security.sudo.execWheelOnly = true;
}