server-configuration/configuration.nix

{
  pkgs,
  inputs,
  modulesPath,
  lib,
  ...
}: {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix") # Temporary
  ];

  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = true;

  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
    timeout = 0;
  };

  nix.settings.experimental-features = ["nix-command" "flakes"];
  nix.gc = {
    automatic = true;
    options = "--delete-older-than 30d";
  };
  nix.optimise = {
    automatic = true;
    dates = ["05:00"];
  };

  networking.hostName = "enis";
  networking.hostId = "2ead098f";
  networking.networkmanager.enable = true;
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [];
    allowedUDPPorts = [];
  };

  home-manager = {
    extraSpecialArgs = {inherit inputs;};
    users = {
      "enis" = import ./home.nix;
    };
  };

  users.users."enis" = {
    isNormalUser = true;
    hashedPasswordFile = "./password";
    extraGroups = [
      "networkmanager"
      "audio"
      "wheel"
    ];

    shell = pkgs.zsh;
  };

  programs.zsh = {
    enable = true;
    enableGlobalCompInit = true;
  };

  programs.ssh.startAgent = true;
  programs.nano.enable = false;

  environment.systemPackages = with pkgs; [
    wget
    curl
    git
    vim
  ];

  environment.variables = {
    EDITOR = "vim";
  };

  time.timeZone = "Europe/Copenhagen";

  security.sudo = {
    enable = true;
    extraConfig = ''
      Defaults  lecture = never
    '';
  };

  programs.mtr.enable = true;
  programs.gnupg.agent.enable = true;

  services.thermald.enable = true;

  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      AllowUsers = ["enis"];
      PermitRootLogin = "no";
    };
  };

  system.stateVersion = "24.11";
}