{ ... }:
{
  services.xserver = {
    enable = true;
    displayManager.gdm.enable = true;
    desktopManager.gnome.enable = true;
    xkb.layout = "us";
  };
  services.printing.enable = true;
  services.fwupd.enable = true;
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      UseDns = true;
      X11Forwarding = false;
      PermitRootLogin = "no";
    };
  };
  services.syncthing = {
    enable = true;
    user = "connor";
    dataDir = "/home/connor/Documents/sync";
    configDir = "/home/connor/.config/syncthing";
  };
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
  };
  services.fail2ban = {
    enable = true;
    maxretry = 5;
    bantime = "24h";
    bantime-increment = {
      enable = true;
      multipliers = "1 2 4 8 16 32 64";
      maxtime = "168h";
      # Calculate the bantime based on violations across all jails
      overalljails = true;
    };
  };
}

{ ... }:
{
  security.pam.enableEcryptfs = true;
  security.pki.certificates = [ "/etc/ssl/certs/custom/mathworks.pem" ];
  security.sudo.extraConfig = ''
    Defaults insults
  '';
  security.rtkit.enable = true;
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [
      53317 # LocalSend
    ];
    allowedUDPPorts = [
      34197 # Factorio
      53317 # LocalSend
    ];
  };
}

{ pkgs, ... }:
{
  environment.systemPackages =
    with pkgs;
    [
      cowsay
      feh
      firefox
      fish
      fortune
      gh
      git
      gnumake
      gparted
      helix
      home-manager
      htop
      keepassxc
      localsend
      nethack
      nixfmt-rfc-style
      p7zip
      powertop
      ripgrep
      rsync
      tree
      unison
      unzip
      vim
      vscode
      wget
      woof
      xsel
      zellij
      zip
    ];
}

{ pkgs, ... }:
{
  environment.systemPackages =
    with pkgs;
    [
      aspell
      asymptote
      authenticator
      backrest
      bcompare
      chromium
      clang
      darktable
      discord
      ecryptfs
      exiftool
      flameshot
      gcc
      gimp
      gnome-tweaks
      inkscape
      #mathematica
      neofetch
      obsidian
      obs-studio
      openconnect
      pijul
      protonvpn-gui
      python312Packages.ipython
      remmina
      restic
      rustup
      scribus
      signal-desktop
      steam
      texliveFull
      typst
      vlc
      vmware-horizon-client
      weechat
    ]
    ++ [
      (aspellWithDicts (
        dicts: with dicts; [
          en
          en-computers
          en-science
        ]
      ))
    ];
  fonts.packages = with pkgs; [
    font-awesome
  ];
  programs.steam.enable = true;
  nixpkgs.config.permittedInsecurePackages = [
    "electron-25.9.0" # Required by Obsidian
  ];
}

{ pkgs, ... }:
{
  # Configure Nix itself
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  nixpkgs.config.allowUnfree = true;
  nix.settings.auto-optimise-store = true;
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 7d";
  };
  # Configure users
  users.users.connor = {
    description = "Connor Glosser";
    home = "/home/connor";
    shell = pkgs.fish;
    isNormalUser = true;
    extraGroups = [
      "networkmanager"
      "wheel"
      "nixmgmt"
    ];
  };
  # Configure common packages
  environment.variables.EDITOR = "hx";
  environment.wordlist.enable = true;
  networking.networkmanager.enable = true;
  programs.firefox.enable = true;
  programs.fish.enable = true;
  # Configure text and locale
  fonts.enableDefaultPackages = true;
  fonts.packages = with pkgs; [ source-code-pro ];
  fonts.fontconfig.defaultFonts.monospace = [ "Source Code Pro" ];
  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };
}

{
  config,
  lib,
  pkgs,
  ...
}:
{
  imports = [
    ../hardware/yendor.nix
  ];
  networking.hostName = "yendor";
  # System-specific packages
  environment.systemPackages = with pkgs; [
    gnomeExtensions.burn-my-windows
    gnomeExtensions.desktop-cube
  ];
  # Configure the bootloader
  boot.loader = {
    efi.canTouchEfiVariables = true;
    grub = {
      enable = true;
      devices = [ "nodev" ];
      efiSupport = true;
      useOSProber = true;
    };
  };
  boot.kernelParams = [ "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ];
  # Configure NVIDIA Graphics
  hardware.graphics.enable = true;
  hardware.nvidia = {
    modesetting.enable = true;
    powerManagement.enable = false;
    open = true;
    nvidiaSettings = true;
    package = config.boot.kernelPackages.nvidiaPackages.beta;
  };
  services.xserver.videoDrivers = [ "nvidia" ];
  # Configure sound with Pipewire
  services.pulseaudio.enable = false;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;
    # use the example session manager (no others are packaged yet so this is enabled by default,
    # no need to redefine it in your config for now)
    #media-session.enable = true;
  };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.11"; # Did you read the comment?
}

{
  config,
  lib,
  pkgs,
  ...
}:
{
  imports = [
    ../hardware/antharia.nix
  ];
  networking.hostName = "antharia";
  # Configure the bootloader
  boot.kernelModules = [ "ecryptfs" ];
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  # Specific packages
  environment.systemPackages =
  with pkgs;
  [
    framework-tool
  ];
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system.
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "23.11"; # Did you read the comment?
}

# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
}:
{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usbhid"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/3ab3fd93-fb0d-4b40-9769-3e25f00ecc32";
    fsType = "ext4";
  };
  fileSystems."/nix" = {
    device = "/dev/disk/by-uuid/df7554af-69dc-45d7-b2c3-b53d8d59933a";
    fsType = "ext4";
  };
  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/af175bd6-fd5f-4e3b-9662-d36f11329d0d";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/F20A-6425";
    fsType = "vfat";
    options = [
      "fmask=0077"
      "dmask=0077"
    ];
  };
  swapDevices = [
    { device = "/dev/disk/by-uuid/d87e1322-e9c1-495d-8ed8-bbcfe4f8b6fa"; }
  ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{
  config,
  lib,
  pkgs,
  modulesPath,
  ...
}:
{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
  boot.initrd.availableKernelModules = [
    "nvme"
    "xhci_pci"
    "thunderbolt"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/9320f1f2-2bb0-4399-8676-8e169c80537d";
    fsType = "btrfs";
    options = [ "subvol=@" ];
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/8F7A-E5A4";
    fsType = "vfat";
    options = [
      "fmask=0022"
      "dmask=0022"
    ];
  };
  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/29a93097-ba3d-46af-9027-cb0c74656ea0";
    fsType = "btrfs";
  };
  swapDevices = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

{
  description = "Everyday flake configuration";
  inputs = {
    # NixOS official package source
    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
  };
  outputs =
    { self, nixpkgs, ... }@inputs:
    {
      nixosConfigurations.antharia = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [ 
          ./hosts/antharia.nix
          ./modules/common.nix
          ./modules/packages_core.nix
          ./modules/packages.nix
          ./modules/security.nix
          ./modules/services.nix
        ];
      };
      nixosConfigurations.yendor = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          ./hosts/yendor.nix
          ./modules/common.nix
          ./modules/packages_core.nix
          ./modules/packages.nix
          ./modules/security.nix
          ./modules/services.nix
        ];
      };
    };
}

{
  "nodes": {
    "nixpkgs": {
      "locked": {
        "lastModified": 1753749649,
        "narHash": "sha256-+jkEZxs7bfOKfBIk430K+tK9IvXlwzqQQnppC2ZKFj4=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "1f08a4df998e21f4e8be8fb6fbf61d11a1a5076a",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs"
      }
    }
  },
  "root": "root",
  "version": 7
}

# Summary
Rebuild the system with
```nix
sudo nixos-rebuild switch --flake "${HOME}/.config/nix-config"
```
or
```nix
sudo nixos-rebuild --upgrade switch --flake "${HOME}/.config/nix-config"
```
The flake system will automatically choose the configuration based on the current hostname.
# Modules
- `common.nix` -- Common configuration for Nix systems (such as users and fundamental environment items)
- `packages_core.nix` -- Core packages, used almost everywhere. `vim`, `ripgrep`, `htop` and such.
- `packages.nix` -- More sophisticated packages
- `security.nix` -- Security configurations: firewall, ssh, certificates, etc.
- `services.nix` -- Regularly-run services such as syncthing and fail2ban