{ config, pkgs, ... }:

{
  nixpkgs.config.allowUnfree = true;

  boot.loader = {
    timeout = 1;
    efi.canTouchEfiVariables = true;

    grub = {
      efiSupport = true;
      device = "nodev";
      configurationLimit = 5;
    };
  };

  powerManagement = {
    enable = true;
    cpuFreqGovernor = "conservative";
  };

  services.acpid = {
    enable = true;
    logEvents = true;
  };

  services.logind = {
    lidSwitch = "lock";
    extraConfig = ''
      HandlePowerKey=suspend-then-hibernate
      IdleAction=suspend-then-hibernate
    '';
  };

  services.fwupd.enable = true;

  services.gnome.gnome-keyring.enable = true;

  services.resolved.enable = true;

  networking.networkmanager.enable = true;

  programs = {
    appgate-sdp.enable = true;
    zsh.enable = true;
  };

  virtualisation.docker.enable = true;

  time.timeZone = "Europe/Berlin";
  services.timesyncd.enable = true;

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "de-latin1-nodeadkeys";
  };

  fonts.packages = with pkgs; [
    (nerdfonts.override { fonts = [ "DejaVuSansMono" "NerdFontsSymbolsOnly" ]; })
    dejavu_fonts
    fira-code
  ];

  hardware = {
    opengl.enable = true;

    sane = {
      enable = true;
      extraBackends = [ pkgs.sane-airscan ];
    };
  };

  security = {
    polkit.enable = true;
    rtkit.enable = true;
    pam.services.swaylock = { };

    pam.yubico = {
      enable = true;
      mode = "challenge-response";
      id = [ "23664350" ];
      control = "sufficient";
    };
  };

  environment.systemPackages = with pkgs; [
    neovim
    git
  ];

  environment.pathsToLink = [ "/share/zsh" ];

  xdg.portal = {
    enable = true;
    wlr.enable = true;
    extraPortals = [
      pkgs.xdg-desktop-portal-wlr
      pkgs.xdg-desktop-portal-gtk
    ];
    config = {
      common = {
        default = [ "wlr" "gtk" ];
      };
    };
  };

  services.udev.packages = [ pkgs.yubikey-personalization ];

  services.pipewire = {
    enable = true;
    wireplumber.enable = true;
    pulse.enable = true;
  };

  services.openssh = {
    enable = true;
    settings.X11Forwarding = true;
  };

  services.udisks2.enable = true;

  services.printing = {
    enable = true;
  };

  services.avahi = {
    enable = true;
    nssmdns = true;
  };

  nix = {
    package = pkgs.nixFlakes;
    extraOptions = ''
      experimental-features = nix-command flakes
      keep-outputs = true
      keep-derivations = true
    '';

    settings.auto-optimise-store = true;
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
  };

  system.stateVersion = "22.05";
}