{ config, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs.devNodes = "/dev/disk/by-label"; }; environment.systemPackages = with pkgs; [ signal-desktop ]; imports = [ ./hardware-configuration.nix ../common/core ../common/optional/db.nix ../common/optional/dev.nix ../common/optional/ebooks.nix ../common/optional/games.nix ../common/optional/google-authenticator.nix ../common/optional/misc.nix ../common/optional/multimedia.nix ../common/optional/pipewire.nix ../common/optional/sdr.nix ../common/optional/services/openssh.nix ../common/optional/services/xorg.nix ../common/optional/sound.nix ../common/optional/zfs.nix ../common/users/nipsy ../common/users/root ]; networking = { hostId = "2ae4c89f"; hostName = "arrakis"; nftables.enable = true; }; services.openssh = { openFirewall = true; settings.X11Forwarding = true; }; services.xserver.videoDrivers = [ "nvidia" ]; #sops = { # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # defaultSopsFile = ../secrets/arrakis.yaml; # secrets = { # "nftables/ssh" = {}; # }; #}; system.stateVersion = "23.11"; #systemd.services."nftables-extra" = { # description = "nftables extra firewall rules"; # script = '' # ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} # ''; # serviceConfig = { # RemainAfterExit = true; # Type = "oneshot"; # }; # unitConfig = { # ConditionPathExists = config.sops.secrets."nftables/ssh".path; # }; # wantedBy = [ "multi-user.target" ]; #}; #systemd.paths."nftables-extra" = { # pathConfig = { # PathExists = config.sops.secrets."nftables/ssh".path; # }; # wantedBy = [ "multi-user.target" ]; #}; }