{ config, pkgs, ... }:

{
  imports =
    [
      /etc/nixos/hardware-configuration.nix
      ./basic-tools.nix
      ./common-sw.nix
    ];

  boot.kernelPackages = pkgs.linuxPackages_latest;

  nix.useSandbox = true;
  nix.binaryCaches = [ https://cache.nixos.org ];
  nix.trustedBinaryCaches = [ https://cache.nixos.org ];
  nix.extraOptions = ''
    auto-optimise-store = true
    binary-caches-parallel-connections = 10
  '';

  networking.networkmanager.enable = true;
  networking.firewall.enable = true;

  time.timeZone = "Europe/Vienna";

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    permitRootLogin = "no";
    passwordAuthentication = false;
  };
  programs.ssh.startAgent = false;

  # Enable CUPS to print documents.
  services.avahi.enable = true; # cups browsing support
  services.printing = {
    enable = true;
    browsing = true;
    drivers = [ pkgs.hplip ];
  };
  # services.colord.enable = true;

  boot.kernel.sysctl = {
    "kernel.perf_event_paranoid" = "0";
    "kernel.kptr_restrict" = pkgs.lib.mkForce "0";

    # IntelliJ
    "fs.inotify.max_user_watches" = 524288;
  };

  # gapt: `ulimit -n` was 256
  security.pam.loginLimits = [
    { domain = "*"; type = "-"; item = "nofile"; value = "4096"; }
  ];

  fileSystems."/mnt/vaccaria" = {
    device = "//vaccaria.mtlaa.gebner.org/export";
    fsType = "cifs";
    options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/vaccaria" "vers=1.0" ];
  };

  fileSystems."/mnt/aplysia" = {
    device = "//aplysia.mtlaa.gebner.org/export";
    fsType = "cifs";
    options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/aplysia" "vers=1.0" ];
  };

  fileSystems."/mnt/aruanus" = {
    device = "//aruanus.htdf.gebner.org/export";
    fsType = "cifs";
    options = [ "noauto" "x-systemd.automount" "credentials=/etc/smbcredentials/aruanus" "vers=1.0" ];
  };

  users.extraUsers.gebner = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" "audio" "transmission" ];
    # shell = "${pkgs.zsh}/bin/zsh";
    shell = "/run/current-system/sw/bin/fish";

    password = if config.virtualisation != null then "" else null;
  };

  services.nscd.enable = false;

  system.fsPackages = with pkgs; [
    ntfs3g
    exfat
  ];

}