{lib, ...}: {
  environment = {
    ldso32 = null;
    memoryAllocator.provider = "mimalloc";
    variables = {
      LESS = "-R --mouse";
    };
  };

  networking.networkmanager.enable = true;

  boot.tmp.cleanOnBoot = lib.mkDefault true;

  services.openssh = {
    settings.X11Forwarding = false;
    settings.KbdInteractiveAuthentication = false;
    settings.PasswordAuthentication = false;
    settings.UseDns = false;
    # unbind gnupg sockets if they exists
    settings.StreamLocalBindUnlink = true;

    # Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
    settings.KexAlgorithms = [
      "curve25519-sha256"
      "curve25519-sha256@libssh.org"
      "diffie-hellman-group16-sha512"
      "diffie-hellman-group18-sha512"
      "sntrup761x25519-sha512@openssh.com"
    ];
  };
}