{ pkgs, ... }: let username = "jolheiser"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj"; in { imports = [ ./hardware.nix ]; boot = { kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ "quiet" "splash" ]; loader.grub = { enable = true; device = "/dev/sda"; useOSProber = true; enableCryptodisk = true; }; }; boot.initrd.secrets = { "/crypto_keyfile.bin" = null; }; boot.initrd.luks.devices = { "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin"; "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = { device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb"; keyFile = "/crypto_keyfile.bin"; }; }; networking = { hostName = "gunpowder"; networkmanager.enable = true; firewall.enable = true; }; services = { xserver = { enable = true; displayManager.lightdm.enable = true; desktopManager.xfce.enable = true; }; openssh.enable = true; tailscale.enable = true; mullvad-vpn = { enable = true; package = pkgs.mullvad-vpn; }; resolved.enable = true; # media jellyfin = { enable = true; openFirewall = true; }; sonarr = { enable = true; openFirewall = true; }; radarr = { enable = true; openFirewall = true; }; bazarr = { enable = true; openFirewall = true; }; prowlarr = { enable = true; openFirewall = true; }; }; users = { users = { "${username}" = { extraGroups = [ "wheel" "docker" "storage" ]; isNormalUser = true; openssh.authorizedKeys.keys = [ key ]; }; "root".openssh.authorizedKeys.keys = [ key ]; }; groups.media.members = [ "jolheiser" "olheiser" "jellyfin" "radarr" "sonarr" ]; }; environment.systemPackages = with pkgs; [ qbittorrent ]; system.stateVersion = "22.11"; }