{ pkgs, ... }:
{
    security.polkit.enable = true;

    boot.loader.systemd-boot.memtest86.enable = true;
    boot.loader.systemd-boot.netbootxyz.enable = true;
    boot.loader.timeout = 1;
    boot.loader.efi.canTouchEfiVariables = true;

    services.thermald.enable = true;
    services.pcscd.enable = true;
    services.fwupd.enable = true;
    services.gvfs.enable = true;
    services.fstrim.enable = true;
    hardware.opengl = {
        enable = true;
        driSupport = true;
        driSupport32Bit = true;
    };

    programs.zsh.enable = true;

    services.openssh = {
        enable = true;
        settings = {
            PermitRootLogin = "no";
            PasswordAuthentication = false;
        };
    };

    fonts.packages = with pkgs; [
        noto-fonts
        noto-fonts-cjk
        noto-fonts-emoji
        iosevka
        nerdfonts
        roboto
        font-awesome
    ];

    networking.firewall.enable = false;

    services.greetd = {
        enable = true;
        settings = rec {
            initial_session = {
                command = "Hyprland";
                user = "user";
            };
            default_session = initial_session;
        };
    };

    security.rtkit.enable = true;
    services.pipewire = {
        enable = true;
        alsa.enable = true;
        alsa.support32Bit = true;
        pulse.enable = true;
        jack.enable = true;
    };
    environment.systemPackages = with pkgs; [
        wget
        curl
        git
        lm_sensors
        wireguard-tools

        # Podman
        dive
        podman-tui
        docker-compose
    ];
    services.udev.packages = [ pkgs.yubikey-personalization ];

    virtualisation.containers.enable = true;
    virtualisation = {
        podman = {
            enable = true;
            dockerCompat = true;
            defaultNetwork.settings.dns_enabled = true;
        };
    };

# Calendar
# Add the server using gnome-online-accounts:
# nix-shell -p gnome.gnome-control-center --run "gnome-control-center"
# Just add the main webdav server and gnome-calendar will automatically pick up all available calendars.
    programs.dconf.enable = true;
    services.gnome.evolution-data-server.enable = true;
    services.gnome.gnome-online-accounts.enable = true;
    services.gnome.gnome-keyring.enable = true;

    services.resolved = {
        enable = true;
        fallbackDns = [ "1.1.1.1" "1.0.0.1" ];
    };

    hardware.bluetooth.enable = true;
    hardware.bluetooth.powerOnBoot = true;
    services.blueman.enable = true;
    systemd.user.services.mpris-proxy = {
        description = "Mpris proxy";
        after = [ "network.target" "sound.target" ];
        wantedBy = [ "default.target" ];
        serviceConfig.ExecStart = "${pkgs.bluez}/bin/mpris-proxy";
    };
    hardware.bluetooth.settings = {
        General = {
            Experimental = true;
        };
    };

    fileSystems."/home/server" = {
        device = "10.1:/home/server";
        fsType = "nfs";
        options = [ "x-systemd.automount" "x-systemd.mount-timeout=1" "_netdev" "noauto" "timeo=1" ];
    };
    fileSystems."/home/user/Workspace" = {
        device = "10.1:/home/server/Workspace";
        fsType = "nfs";
        options = [ "x-systemd.automount" "x-systemd.mount-timeout=1" "_netdev" "noauto" "timeo=1" ];
    };
    fileSystems."/home/user/Documents" = {
        device = "10.1:/home/server/Storage/Thomas/Documents";
        fsType = "nfs";
        options = [ "x-systemd.automount" "x-systemd.mount-timeout=1" "_netdev" "noauto" "timeo=1" ];
    };
    fileSystems."/home/user/Pictures" = {
        device = "10.1:/home/server/Storage/Thomas/Pictures";
        fsType = "nfs";
        options = [ "x-systemd.automount" "x-systemd.mount-timeout=1" "_netdev" "noauto" "timeo=1" ];
    };
    fileSystems."/home/user/Videos" = {
        device = "10.1:/home/server/Storage/Thomas/Videos";
        fsType = "nfs";
        options = [ "x-systemd.automount" "x-systemd.mount-timeout=1" "_netdev" "noauto" "timeo=1" ];
    };

}