{ pkgs, ... }: { imports = [ ./hardware-configuration.nix ../common/users/lkk-admin ../common/base ./services ]; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only services.openssh.enable = true; services.openssh.settings.PasswordAuthentication = false; networking = { hostName = "lkk-nix-1"; firewall.enable = true; firewall.allowedTCPPortRanges = [{ from = 3000; to = 3100; }]; firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ]; firewall.allowedUDPPorts = [ 53 51820 41641 ]; firewall.allowedUDPPortRanges = [{ from = 3478; to = 3481; }]; }; environment.systemPackages = with pkgs; [ podman-compose ]; programs.fish.enable = true; age = { secrets = { mj-smtp-user.file = ../../secrets/mj-smtp-user.age; mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age; tailscale-key.file = ../../secrets/tailscale-key.age; vaultwarden-env = { file = ../../secrets/vaultwarden-env.age; mode = "770"; }; metabase-env = { file = ../../secrets/metabase-env.age; mode = "770"; }; n8n-env = { file = ../../secrets/n8n-env.age; mode = "770"; }; ordercollector-env = { file = ../../secrets/ordercollector-env.age; mode = "770"; }; traefik-env = { file = ../../secrets/traefik-env.age; mode = "770"; owner = "traefik"; }; baserow-env = { file = ../../secrets/baserow-env.age; mode = "770"; }; littlelink-lanakk-env = { file = ../../secrets/littlelink-lanakk-env.age; mode = "770"; }; pgadmin = { file = ../../secrets/pgadmin.age; mode = "770"; owner = "pgadmin"; }; }; identityPaths = [ "/etc/ssh/ssh_host_rsa_key" ]; }; nix = { gc = { automatic = true; options = "--delete-older-than 30d"; }; optimise.automatic = true; }; system.stateVersion = "22.11"; # Did you read the comment? }