{pkgs, ... }:
{
  system.stateVersion = "23.05";

  # Enables flakes and the updated `nix` command
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  environment.systemPackages = with pkgs; [
    zellij tmux minicom tio lrzsz python3Packages.pyserial btop
  ];
  programs.fish.enable = true;

  users = {
    # No need to edit users on a single-purpose system.
    mutableUsers = false;
    users = {
      geekygay = {
        shell = pkgs.fish;
        isNormalUser = true;
        extraGroups = [ "wheel" "dialout" ];
        password = "";
        openssh.authorizedKeys.keyFiles = [
          ./authorized_keys
        ];
      };
    };
  };

  security.sudo.wheelNeedsPassword = false; # Needed for colmena.
  nix.settings.trusted-users = [ "root" "@wheel" ];

  documentation.man.enable = false; # Takes way too long to build.

  # Allow SSH with authorized keys only!
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
  };

  # Start tmux session for serial console on boot.
  systemd.services.tmux-serial = {
    description   = "Tmux Serial Server Service";
    wantedBy      = [ "multi-user.target" ];
    after         = [ "network.target" ];


    serviceConfig = {
      Restart = "always";
      User    = "geekygay";
      Type = "forking";
      WorkingDirectory = "~";
      GuessMainPID = true;
      ExecStart = "${pkgs.tmux}/bin/tmux new -d ${pkgs.python3Packages.pyserial}/bin/pyserial-miniterm /dev/ttyS1 115200 --eol lf --raw";
    };
  };
}