{ pkgs, lib, config, ... }:
let
  inherit (config) networking;
  inherit (config.security) gnupg;
in
{
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database servers.
# You should change this only after NixOS release notes say you should.
system.stateVersion = "19.09"; # Did you read the comment?

# Avoid the use of systemd-run --user --scope tmux
# and let mosh work smoothly.
services.logind.killUserProcesses = false;

nix.gc.dates = "weekly";
nix.gc.options = "--delete-older-than 7d";
nix.extraOptions = ''
  secret-key-files = ${gnupg.secrets."nix/binary-cache-key/1".path}
'';
security.gnupg.secrets."nix/binary-cache-key/1" = {
  systemdConfig = {
    before = [ "nix-daemon.service" ];
    wantedBy = [ "nix-daemon.service" ];
  };
};

documentation.nixos = {
  enable = false; # NOTE: useless on a server, and CPU intensive.
};

boot.kernelParams = [
  # Rotate the consoles anti-clockwise.
  "fbcon=rotate:3"
];

environment.systemPackages = with pkgs; [
  cryptsetup
  direnv
  f3
  file
  fio
  gdb
  git
  gptfdisk
  #hey
  home-manager
  lm_sensors
  rsync
  smartctl-tbw
  socat
  sanoid
  #iptables-nftables-compat
  pkgs.gnupg
  miniupnpc
  audit
  python
];
}