{ pkgs, ... }: {

  console = { font = "Lat2-Terminus16"; keyMap = "it"; };

  environment = {
    pathsToLink = [ "/share/zsh" ];
    systemPackages = builtins.attrValues { inherit (pkgs) helix tmux vim; };
  };

  hardware = {
    bluetooth = { enable = true; package = pkgs.bluezFull; };
    opengl = { enable = true; driSupport = true; };
    raspberry-pi."4" = {
      # audio.enable = true; # AUDIO
      # fkms-3d.enable = true; # GPU
    };
  };

  i18n.defaultLocale = "it_IT.UTF-8";

  networking.hostName = "freya";
  networking.firewall = {
    enable = true;
    allowPing = true;
    allowedTCPPorts = [
      # 445 # SAMBA
      # 139 # SAMBA
      # 5357 # SAMBA-WSDD
      # 8123 # HOME ASSISTANT
      8384 # SYNCTHING
      # 8385 # SYNCTHING
    ];
    allowedUDPPorts = [
      137 # SYNCTHING
      138 # SYNCTHING
      # 3702 # SAMBA-WSDD
    ];
    # extraCommands =
    #   "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns";
  };

  programs = {
    dconf.enable = true;
    gnupg.agent = { enable = true; enableSSHSupport = true; };
    zsh.enable = true;
  };

  security.sudo.extraConfig = ''
    Defaults pwfeedback
  '';

  services = {
    avahi = {
      enable = true;
      openFirewall = true;
      nssmdns = true;
      publish = {
        enable = true;
        addresses = true;
        domain = true;
        userServices = true;
        workstation = true;
      };
      extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
    };
    blueman.enable = true;
    dbus.packages = [ pkgs.dconf ];
    gnome.gnome-keyring.enable = true;
    openssh = { enable = true; openFirewall = true; };
    # xserver = {
    #   enable = true;
    #   desktopManager.retroarch = { enable = true; package = pkgs.retroarchFull; };
    # };
  };

  time.timeZone = "Europe/Rome";

  users.users = {
    bertof = {
      isNormalUser = true;
      extraGroups = [
        "audio"
        "input"
        "docker"
        "libvirtd"
        "network"
        "networkmanager"
        "usb"
        "video"
        "wheel"
      ];
      shell = pkgs.zsh;
    };
  };

  systemd.services.bertof-garage = {
    description = "Mount S3 bucket in bertof's home";
    wantedBy = [ "default.target" ];
    wants = [ "network.target" "network-online.target" ];
    after = [ "network.target" "network-online.target" "local-fs.target" ];
    serviceConfig = {
      AssertPathIsDirectory = "/home/bertof/s3";
      ExecStart = "${pkgs.s3fs}/bin/s3fs -f -d bertof /home/bertof/s3 -o passwd_file=/home/bertof/s3_secret,use_path_request_style,url=http://localhost:3900";
      Type = "exec";
      User = "bertof";
    };
  };

  system.stateVersion = "22.11";
}