nix-infra/common/linux-specific.nix

{ config, ... }:
{
  imports = [ ./users ];

  ## Optimizations

  # Clean /tmp
  boot.tmp.cleanOnBoot = true;

  # Garbage collection
  nix.gc.dates = "weekly";

  # Limit journald logs
  services.journald.extraConfig = ''
    SystemMaxUse=100M
    MaxFileSec=1month
  '';

  # Fix terminfo
  environment.enableAllTerminfo = true;
  environment.variables.COLORTERM = "truecolor";

  ## Locale/Timezone

  time.timeZone = "Europe/Berlin";
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "de_DE.UTF-8";
    LC_IDENTIFICATION = "de_DE.UTF-8";
    LC_MEASUREMENT = "de_DE.UTF-8";
    LC_MONETARY = "de_DE.UTF-8";
    LC_NAME = "de_DE.UTF-8";
    LC_NUMERIC = "de_DE.UTF-8";
    LC_PAPER = "de_DE.UTF-8";
    LC_TELEPHONE = "de_DE.UTF-8";
    LC_TIME = "de_DE.UTF-8";
  };

  # Configure keymap in X11
  services.xserver = {
    layout = "us";
    xkbVariant = "";
  };

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    banner = ''
      Hello mistress ^,,^
    '';
    settings.PasswordAuthentication = false;
  };

  services.earlyoom = {
    enable = true;
    freeSwapThreshold = 5;
    freeMemThreshold = 5;
    extraArgs = [
      "-g"
      "--avoid '^(sshd|systemd.*|tailscale.*|)$'"
    ];
  };
  # Fix Wireguard and Tailscale with NetworkManager
  networking.firewall = {
    checkReversePath = "loose";
    trustedInterfaces = [ "tailscale0" ];
    allowedUDPPorts = [ config.services.tailscale.port ];
  };
  services.tailscale.enable = true;
}