{ lib, ... }:
{
  imports = [
    ./boot
    ./system
  ];

  programs = {
    git.enable = true;
    dconf.enable = true;
    vim = {
      defaultEditor = true;
    };
  };


  # This setups a SSH server. Very important if you're setting up a headless system.
  # Feel free to remove if you don't need it.
  services = {
    openssh = {
      enable = true;
      # Forbid root login through SSH.
      # Use keys only. Remove if you want to SSH using password (not recommended)
      settings = {
        # permitRootLogin = "no";
        # passwordAuthentication = false;
        KbdInteractiveAuthentication = false;
        X11Forwarding = false;
      };
    };

    journald.extraConfig = ''
      SystemMaxUse=500M
      MaxFileSec=7day
    '';
  };


  # Configure firewall
  networking.firewall = lib.mkDefault {
    enable = true;
    allowedTCPPorts = [ 22 80 443 ];  # 根据需要调整
    allowedUDPPorts = [ 53 ];  # 根据需要调整
    # 如果需要，可以添加特定服务的规则
    allowedTCPPortRanges = [
      { from = 1714; to = 1764; }  # KDE Connect
    ];
  };

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "zh_CN.UTF-8";
    LC_IDENTIFICATION = "zh_CN.UTF-8";
    LC_MEASUREMENT = "zh_CN.UTF-8";
    LC_MONETARY = "zh_CN.UTF-8";
    LC_NAME = "zh_CN.UTF-8";
    LC_NUMERIC = "zh_CN.UTF-8";
    LC_PAPER = "zh_CN.UTF-8";
    LC_TELEPHONE = "zh_CN.UTF-8";
    LC_TIME = "zh_CN.UTF-8";
  };

  time.timeZone = "Asia/Shanghai";
}