{
  lib,
  pkgs,
  ...
}: {
  boot.tmp.cleanOnBoot = lib.mkDefault true;

  console.font = "${pkgs.spleen}/share/consolefonts/spleen-16x32.psfu";

  environment = {
    ldso32 = null;
    memoryAllocator.provider = "mimalloc";
    variables = {
      LESS = "-R --mouse";
    };
  };

  networking.networkmanager.enable = true;

  services.openssh = {
    settings.X11Forwarding = false;
    settings.KbdInteractiveAuthentication = false;
    settings.PasswordAuthentication = false;
    settings.UseDns = false;
    # unbind gnupg sockets if they exists
    settings.StreamLocalBindUnlink = true;

    # Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
    settings.KexAlgorithms = [
      "curve25519-sha256"
      "curve25519-sha256@libssh.org"
      "diffie-hellman-group16-sha512"
      "diffie-hellman-group18-sha512"
      "sntrup761x25519-sha512@openssh.com"
    ];
  };

  services.journald.extraConfig = ''
    SystemMaxUse=1G
  '';
  systemd.coredump.extraConfig = ''
    Storage=none
    ProcessSizeMax=0
  '';
}