{ config, pkgs, lib, inputs, ... }: with config.lyn.lib; {
  imports =
    [
      ./hardware-configuration.nix
      ./../../users/lyn
    ];
  lyn.kernel.latest.enable = true; 
  lyn.kernel.hardened.enable = true;
  lyn.profiles.base.enable = true;
  # Use UEFI
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Firewall stuff:
  networking.firewall.enable = true;
  networking.firewall.allowPing = true;
  networking.hostName = "supernova";
  system.stateVersion = "24.05"; 

  # FDE stuff
  networking.firewall.allowedTCPPorts = [ 2222 ];
  systemd.services.sshd.wantedBy = [ "cryptsetup.target" ];
  networking.useDHCP = true;
  boot.initrd = {
    availableKernelModules = [ "virtio-pci" ];
    secrets = {"/root/initrd-ssh-key" = "/root/initrd-ssh-key";};
    network = {

    #udhcpc.enable = true;
    #flushBeforeStage2 = true;


    enable = true;
    ssh = {
      enable = true;
      port = 2222;
      hostKeys = [ /root/initrd-ssh-key ];
      # this includes the ssh keys of all users in the wheel group, but you can just specify some keys manually
      # authorizedKeys = [ "ssh-rsa ..." ];
      authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
    };
    #postCommands = ''
    #  echo 'cryptsetup-askpass' >> /root/.profile
    #'';
  };
  };
  
  
}