nixos/systems/common.nix

{ config, pkgs, ... }:
{
  # hardware
  hardware.enableRedistributableFirmware = true;
  services.fwupd.enable = true;

  # Network
  networking = {
    networkmanager = {
      enable = true;
      plugins = with pkgs; [
        networkmanager-openvpn
        networkmanager-openconnect
      ];
    };
  };

  # Bootloader
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Kernel
  boot.kernelPackages = pkgs.linuxPackages_latest;

  # Nix
  nix = {
    # Automate garbage collection
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
    package = pkgs.nixVersions.stable;
    settings = {
      auto-optimise-store = true;
      trusted-users = [ "root" "jsutter" ];
      experimental-features = [ "nix-command" "flakes" ];
      keep-outputs = true;
      keep-derivations = true;
    };
  };
  system.stateVersion = "25.11";
  nixpkgs.config.allowUnfree = true;
  nixpkgs.config.nvidia.acceptLicense = true;
  nixpkgs.config.nvidia.libsOnly = true;

  # Location & internationalisation
  time.timeZone = "America/Los_Angeles";
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  # Services
  security.rtkit.enable = true;
  services.openssh.enable = true;
  security.polkit.enable = true;
  programs.zsh.enable = true;
  security.sudo.wheelNeedsPassword = false;

  # System packages
  environment.systemPackages = with pkgs; [
    fzf
    git
    curl
    file
    gdb
    unar
    lsof
    pciutils
    htop
    sysstat
    nmap
    powertop
    gnupg
    p7zip
    rsync
    bumblebee
    libgdiplus
    unzip
    clinfo
    s-tui
    stress
    wget
    openssl
    gnumake
    kopia
    dig
    python3
    pv
    whois
    fwupd
    usbutils      # lsusb
    pciutils      # lspci
    util-linux    # lsblk, lscpu
    hwinfo        # lsdev, lshal, hwinfo
    lshw          # lshw
    nvme-cli
    smartmontools
    ripgrep
  ];

  documentation.nixos.enable = false;

  systemd.network.wait-online.enable = false;
  boot.initrd.systemd.network.wait-online.enable = false;

  services.udev.extraRules = ''
    # Allow plugdev group full access to USB devices
    SUBSYSTEM=="usb", MODE="0664", GROUP="plugdev"
  '';

  nix.settings.download-buffer-size = "512M";

}