nix-config/nixos/common/global/default.nix

# Global NixOS configuration shared across all hosts.
# This module provides base system settings, nixpkgs configuration, and core imports
# that every host in this configuration inherits.
{outputs, lib, ...}: {
  imports = [
    ./age.nix # Secret management with agenix
    ./env.nix # Environment variables and shell configuration
    ./nix.nix # Nix daemon settings, features, and garbage collection
    ./ssh.nix # SSH server configuration and authorized keys
  ];

  # Nixpkgs configuration - applies overlays and sets package acceptance policy
  nixpkgs = {
    # Apply custom overlays to extend/modify the package set
    overlays = [
      # Overlays our own flake exports
      outputs.overlays.additions      # Custom packages from pkgs/
      outputs.overlays.modifications  # Package patches and modifications
      outputs.overlays.unstable-packages # Unstable channel packages
    ];

    config = {
      # Default to free software only - unfree packages must be explicitly allowed
      allowUnfree = false;

      # Centralized unfree package allowlist for NixOS system configuration.
      # Note: nixpkgs.config.allowUnfreePredicate doesn't merge across modules - only the
      # last definition wins. To maintain explicit control over unfree packages, we list
      # all allowed packages here rather than scattering predicates across system modules.
      allowUnfreePredicate = pkg:
        builtins.elem (lib.getName pkg) [
          # Gaming
          "steam"
          "steam-unwrapped"
          # Services
          "minecraft-server"
        ];
    };
  };

  # Localization settings - Australian English locale and Perth timezone
  i18n.defaultLocale = "en_AU.UTF-8";
  time.timeZone = "Australia/Perth";

  # Network configuration - default domain for host FQDNs
  networking.domain = "kanto.dev";

  # Enable non-free firmware for hardware compatibility (WiFi, GPU drivers, etc.)
  hardware.enableRedistributableFirmware = true;
}