nix-config/hosts/nimbus/configuration.nix

{
  inputs,
  pkgs,
  config,
  lib,
  ...
}:
{
  imports = [
    inputs.agenix.nixosModules.default
    ./hardware-configuration.nix
    ../../modules/nixos/tailscale.nix
    ../../modules/nixos/matrix.nix
  ];

  # Workaround for https://github.com/NixOS/nix/issues/8502
  services.logrotate.checkConfig = false;

  boot = {
    tmp.cleanOnBoot = true;
  };

  zramSwap.enable = true;

  security.sudo.extraConfig = ''
    Defaults lecture = never
    Defaults pwfeedback
    Defaults env_keep += "DISPLAY EDITOR PATH"
  '';

  networking = {
    hostName = "nimbus";
    networkmanager.enable = true;
    domain = "subnet03200816.vcn03200816.oraclevcn.com";
  };

  nix = {
    settings = {
      experimental-features = [
        "nix-command"
        "flakes"
      ];
      trusted-users = [ "jan" ];
    };
  };

  users.users.jan = {
    isNormalUser = true;
    description = "Jan Kremer";
    extraGroups = [
      "networkmanager"
      "wheel"
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE jan@malus"
    ];
  };

  services = {
    openssh = {
      enable = true;
      settings = {
        PermitRootLogin = "no"; # Root-Login sperren
        PasswordAuthentication = false; # Nur SSH-Keys
      };
    };
  };

  programs = {
    git = {
      enable = true;
      lfs = {
        enable = true;
        enablePureSSHTransfer = true;
      };
    };

    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };

    nh = {
      enable = true;
      clean = {
        enable = true;
        extraArgs = "--keep-since 7d --keep 3";
      };
      flake = "${config.users.users.jan.home}/.config/nix";
    };
  };

  # environment.systemPackages = with pkgs; [
  #   helix
  #   claude-code
  # ];

  nixpkgs.config.allowUnfreePredicate =
    pkg:
    builtins.elem (lib.getName pkg) [
      "claude-code"
    ];

  time.timeZone = "Europe/Berlin";

  i18n.defaultLocale = "de_DE.UTF-8";

  system.stateVersion = "23.11"; # Don't change!
}