{ inputs, pkgs, config, lib, ... }: { imports = [ inputs.agenix.nixosModules.default inputs.copyparty.nixosModules.default ./hardware-configuration.nix ../../modules/nixos/tailscale.nix ../../modules/nixos/jellyfin.nix ../../modules/nixos/immich.nix ../../modules/nixos/paperless.nix ../../modules/nixos/copyparty.nix ../../modules/nixos/samba.nix ]; boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; security.sudo.extraConfig = '' Defaults lecture = never Defaults pwfeedback Defaults env_keep += "DISPLAY EDITOR PATH" ''; networking = { hostName = "galanthus"; networkmanager.enable = true; }; nix = { settings = { experimental-features = [ "nix-command" "flakes" ]; trusted-users = [ "jan" ]; }; }; ## Create media group users.groups.media = { gid = 976; }; users.users.jan = { isNormalUser = true; description = "Jan Kremer"; extraGroups = [ "networkmanager" "wheel" "media" "render" "video" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE jan@malus" ]; }; services = { openssh = { enable = true; settings = { PermitRootLogin = "no"; # Root-Login sperren PasswordAuthentication = false; # Nur SSH-Keys }; }; tailscale.extraUpFlags = [ "--ssh" ]; }; programs = { git = { enable = true; lfs = { enable = true; enablePureSSHTransfer = true; }; }; gnupg.agent = { enable = true; enableSSHSupport = true; }; nh = { enable = true; clean = { enable = true; extraArgs = "--keep-since 7d --keep 3"; }; flake = "${config.users.users.jan.home}/.config/nix"; }; }; environment.systemPackages = with pkgs; [ yt-dlp spotdl ffmpeg helix claude-code ]; nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "claude-code" ]; time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "de_DE.UTF-8"; system.stateVersion = "25.11"; # Don't change! }