{ pkgs, ... }:
{
    security.polkit.enable = true;
    security.rtkit.enable = true;
    programs.zsh.enable = true;
    networking.firewall.enable = false;

    boot.loader.systemd-boot.memtest86.enable = true;
    boot.loader.systemd-boot.netbootxyz.enable = true;
    boot.loader.timeout = 1;
    boot.loader.efi.canTouchEfiVariables = true;
    systemd.extraConfig = "DefaultTimeoutStopSec=10s";
    systemd.services.systemd-user-sessions.enable = false;
    boot.kernelPackages = pkgs.linuxPackages_latest;
    boot.tmp.cleanOnBoot = true;

    services.thermald.enable = true;
    services.pcscd.enable = true;
    services.fwupd.enable = true;
    services.gvfs.enable = true;
    services.fstrim.enable = true;
    services.openssh = {
        enable = true;
        settings = {
            PermitRootLogin = "no";
            PasswordAuthentication = false;
        };
    };

    fonts.packages = with pkgs; [
        noto-fonts
        noto-fonts-cjk
        noto-fonts-emoji
        iosevka
        roboto
        font-awesome
        # (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
    ];

    environment.systemPackages = with pkgs; [
        wget
        curl
        git
        lm_sensors
        wireguard-tools

        # Podman
        dive
        podman-tui
        docker-compose
    ];

    virtualisation.containers.enable = true;
    virtualisation = {
        podman = {
            enable = true;
            dockerCompat = true;
            defaultNetwork.settings.dns_enabled = true;
        };
    };

    services.resolved = {
        enable = true;
        fallbackDns = [ "1.1.1.1" "1.0.0.1" ];
    };
    networking.nameservers = ["1.1.1.1" "1.0.0.1"];
}