{ config, pkgs, ... }:

{
    nixpkgs.config.permittedInsecurePackages = [
        "zotero-6.0.27"
        "electron-25.9.0"
    ];
    nixpkgs.config.allowUnfree = true;

    boot.initrd.secrets = {
        "/crypto_keyfile.bin" = null;
    };

    nix.settings.experimental-features = [ "nix-command" "flakes" ];
    boot.kernelPackages = pkgs.linuxPackages_latest;

    hardware.opengl.enable = true;

    fonts.packages = with pkgs; [
        noto-fonts
            font-awesome
    ];

    security.polkit.enable = true;

    hardware.bluetooth.enable = true;
    services.blueman.enable = true;

    # Enable sound with pipewire.
    sound.enable = true;
    hardware.pulseaudio.enable = false;
    security.rtkit.enable = true;
    services.pipewire = {
        enable = true;
        alsa.enable = true;
        alsa.support32Bit = true;
        pulse.enable = true;
    };

    security.pam.services.swaylock = {};

    # enable nitrokeys
    services.udev.packages = [ pkgs.nitrokey-udev-rules ];
    programs = {
        ssh.startAgent = false;
        gnupg.agent = {
            enable = true;
            pinentryFlavor = "qt";
            enableSSHSupport = true;
        };
    };

    environment.systemPackages = with pkgs; [
    ];
    services.getty.autologinUser = "dm";
    programs.dconf.enable = true;

    services.syncthing = {
        enable = true;
        user = "dm";
        dataDir = "/home/dm/Documents";
        configDir = "/home/dm/Documents/.config/syncthing";
    };
    # syncthing ports
    networking.firewall.allowedTCPPorts = [ 22000 ];
    networking.firewall.allowedUDPPorts = [ 22000 21027 ];

    # automount usb
    services.gvfs.enable = true;
    services.udisks2.enable = true;
    services.devmon.enable = true;
}