{ config, pkgs, lib, inputs, ... }: with config.lyn.lib; { imports = [ ./hardware-configuration.nix ./../../users/lyn ]; lyn.kernel.latest.enable = true; lyn.kernel.hardened.enable = true; lyn.profiles.base.enable = true; # Use UEFI boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; # Firewall stuff: networking.firewall.enable = true; networking.firewall.allowPing = true; networking.hostName = "supernova"; system.stateVersion = "24.05"; # FDE stuff boot.initrd = { availableKernelModules = [ "virtio-pci" ]; secrets = {"/root/initrd-ssh-key" = "/root/initrd-ssh-key";}; network = { udhcpc.enable = true; flushBeforeStage2 = true; enable = true; ssh = { enable = true; port = 2222; hostKeys = [ /boot/initrd/ssh_host_rsa_key ]; # this includes the ssh keys of all users in the wheel group, but you can just specify some keys manually # authorizedKeys = [ "ssh-rsa ..." ]; authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users); }; postCommands = '' echo 'cryptsetup-askpass' >> /root/.profile ''; }; } }