{ lib, pkgs, secrets, self, ... }: let primaryUser = "ebisu"; in { imports = [ "${self}/modules/core" "${self}/modules/options" ]; config = { time.timeZone = secrets.i18n.timezone; system.stateVersion = "24.05"; raspberry-pi-nix.kernel-version = "v6_10_12"; environment.systemPackages = with pkgs; [ fastfetch htop ]; users = { groups.${primaryUser} = { }; users = let defaultOptions = { initialHashedPassword = secrets.initial_hashed_password; openssh.authorizedKeys.keys = [ secrets.kioku_openssh_public_key ]; }; in { root = defaultOptions; ${primaryUser} = defaultOptions // { group = primaryUser; isNormalUser = true; }; }; }; zramSwap = { enable = true; priority = 100; memoryMax = 268435456; algorithm = "lz4"; memoryPercent = 50; }; networking = { firewall.enable = lib.mkForce false; hostName = "kioku"; useDHCP = lib.mkDefault true; wireless = let network = builtins.elemAt secrets.wifi 0; in { enable = true; interfaces = [ "wlan0" ]; networks."${network.ssid}".psk = network.psk; }; }; services = { openssh.settings.PermitRootLogin = "prohibit-password"; samba = { enable = true; openFirewall = true; settings = { usb = { browseable = "yes"; path = "/mnt/usb_share"; "guest ok" = "no"; "read only" = "no"; "create mask" = "777"; "directory mask" = "777"; "valid users" = primaryUser; }; }; }; samba-wsdd = { enable = true; openFirewall = true; }; }; systemd.services.usbshare = { description = "USB Share Watchdog"; wantedBy = [ "multi-user.target" ]; serviceConfig = let usb_share_script = pkgs.fetchurl { url = "https://gist.githubusercontent.com/davidhoness/0f45ef6a41bac6311614f109acbf92db/raw/970badd0ae4b097e3af8d5142e65c34b21f5cfab/usb_share.py"; sha256 = "sha256-Z8HoOmzK3UjZac6hB3297fCDrbLwiFFNwxhqzr1WMSo"; }; in { ExecStart = "${pkgs.python3.withPackages (ps: [ ps.watchdog ])}/bin/python3 ${usb_share_script}"; Restart = "always"; Type = "simple"; Environment = "PATH=${pkgs.kmod}/bin:${pkgs.coreutils}/bin"; }; }; }; }