{ pkgs, depot, lib, rebuilder, ... }: let inherit (lib) mkDefault; in { hardware.enableRedistributableFirmware = true; nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "us"; time.timeZone = mkDefault "Etc/UTC"; environment.systemPackages = with pkgs; [ vim mercurial rxvt_unicode.terminfo rebuilder ]; networking.firewall = { allowPing = true; }; nixpkgs.config = { allowUnfree = true; }; users.mutableUsers = false; users.users = let secrets = depot.ops.secrets; in { root.hashedPassword = secrets.passwordHashes.root; lukegb = { isNormalUser = true; uid = 1000; extraGroups = [ "wheel" ]; hashedPassword = secrets.passwordHashes.lukegb; }; }; programs.mtr.enable = true; services.openssh.enable = true; boot = { kernelModules = [ "tcp_bbr" ]; kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; kernel.sysctl."net.core.default_qdisc" = "fq_codel"; }; }