nixos-blueprint/modules/nixos/shared/services.nix

{lib, ...}: {
  services =
    lib.attrsets.recursiveUpdate {
      # hardware.openrgb.enable = true;
      avahi.enable = true;
      # dnscrypt-proxy.enable = true;
      flatpak.enable = true;
      fstrim.enable = true;
      fwupd.enable = true;
      kmscon.enable = true;
      opensnitch.enable = false;
      openssh.enable = true;
      scx.enable = true;
      userborn.enable = true;
    } {
      dnscrypt-proxy.settings = {
        bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
        require_dnssec = true;
        server_names = ["mullvad-doh"];
      };
      fstrim.interval = "daily";
      kmscon = {
        hwRender = true;
        extraOptions = "--drm";
      };
      logind.settings.Login = {
        HandleLidSwitch = "ignore";
        HandlePowerKey = "suspend";
      };
      opensnitch.settings = {
        DefaultAaction = "deny";
        Firewall = "iptables";
        InterceptUnknown = true;
        ProcMonitorMethod = "ebpf";
      };
      # scx.scheduler = "scx_rustland";
    };
}