{pkgs, ... }:
{
  system.stateVersion = "23.05";

  # Enables flakes and the updated `nix` command
  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  # Enables opengl support
  hardware.opengl.enable = true;

  sound.enable = true;
  services.jack.jackd.enable = true;
  services.jack.alsa.enable = true;

  # Includes packages needed for startx
  services.xserver = {
    enable = true;
    displayManager.autoLogin.user = "appuser";
    windowManager.fluxbox.enable = true;
  };

  environment.systemPackages = with pkgs; [
    git btop tmux
  ];
  
  users = {
    # No need to edit users on a single-purpose system.
    mutableUsers = false;
    users = {
      # My authorized keys are used for remote access
      #  CHANGE THIS if forking
      geekygay = {
        shell = pkgs.fish;
        isNormalUser = true;
        extraGroups = [ "wheel" "dialout" "jackaudio" ];
        password = "";
        openssh.authorizedKeys.keyFiles = [
          ./authorized_keys
        ];
      };
      # Unprivledged user for running the application.
      appuser = {
        isNormalUser = true;
        extraGroups = [ "jackaudio" ];
        password = "";
        packages = with pkgs; [
          puredata websocat
        ];
      };
    };
  };
  programs.fish.enable = true;

  security.sudo.wheelNeedsPassword = false; # Needed for colmena.
  nix.settings.trusted-users = [ "root" "@wheel" ];

  documentation.man.enable = false; # Takes way too long to build.

  # Allow SSH with authorized keys only!
  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
  };
}