{ adminUser, pkgs, lib, config, ... }: { imports = [ ../profiles/authelia.nix ../profiles/core-metrics.nix ../profiles/defaults.nix ../profiles/disk/btrfs-on-luks.nix ../profiles/git-server.nix ../profiles/hardware/framework-desktop.nix ../profiles/home-manager.nix ../profiles/miniflux.nix ../profiles/monitoring.nix ../profiles/remote-unlock.nix ../profiles/restic-backup.nix ../profiles/server.nix ../profiles/storage-media.nix ../profiles/users/builder.nix ../profiles/users/admin-user.nix ../profiles/users/home-manager.nix ../profiles/wireguard.nix ]; boot.kernelModules = [ "sg" ]; networking.hostName = "rivendell"; networking.networkmanager.enable = true; networking.useDHCP = lib.mkDefault true; systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; services = { website = { enable = true; openFirewall = true; }; restic.backups.local.paths = [ "/var/lib/gitolite/repositories" ]; restic.backups.synology.paths = [ "/data/archives" "/data/media/music" "/var/lib/gitolite/repositories" ]; samba = { enable = true; openFirewall = true; settings = { global = { security = "user"; workgroup = "WORKGROUP"; "server string" = config.networking.hostName; "netbios name" = config.networking.hostName; "hosts allow" = "192.168.1.0/24 10.100.0.0/24 localhost"; "guest account" = "nobody"; "map to guest" = "bad user"; "use sendfile" = "yes"; "load printers" = "no"; "vfs objects" = "catia fruit streams_xattr"; "fruit:metadata" = "stream"; }; media = { path = "/data/media"; browseable = "yes"; "read only" = "yes"; "guest ok" = "yes"; }; }; }; avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; jellyfin = { enable = true; openFirewall = true; }; }; environment.systemPackages = with pkgs; [ ffmpeg imagemagick makemkv ]; users.users.${adminUser.name}.extraGroups = [ "cdrom" ]; system.stateVersion = "23.11"; home-manager.users.${adminUser.name} = { home.homeDirectory = "/home/${adminUser.name}"; imports = [ ../home/profiles/minimal.nix ]; }; }