{ config, pkgs, lib, ... }: { config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") { # Create symlink from home to storage systemd.tmpfiles.rules = [ "L+ /home/fred/storage - - - - /mnt/storage" ]; # Basic system packages environment.systemPackages = with pkgs; [ mergerfs wget util-linux javaPackages.compiler.temurin-bin.jre-25 unzip screen yt-dlp ghostty.terminfo usbutils lm_sensors (pkgs.writeShellScriptBin "transcode-hevc" '' export PATH="${pkgs.jellyfin-ffmpeg}/bin:${pkgs.coreutils}/bin:${pkgs.findutils}/bin:${pkgs.gnugrep}/bin:${pkgs.gawk}/bin:${pkgs.bc}/bin:${pkgs.curl}/bin:$PATH" exec ${pkgs.bash}/bin/bash ${../scripts/transcode-hevc.sh} "$@" '') (pkgs.writeShellScriptBin "record-update" '' export PATH="${pkgs.nvd}/bin:${pkgs.coreutils}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:$PATH" exec ${pkgs.bash}/bin/bash ${../scripts/record-update.sh} "$@" '') ]; # Basic networking networking.useDHCP = lib.mkForce false; # Allow fred to act as a remote Nix builder (trusted users can import # unsigned store paths sent by the build client). nix.settings.trusted-users = [ "root" "fred" ]; # Automatic daily system updates system.autoUpgrade = { enable = true; flake = "git+https://forg.gregersen.it/rope/nixos"; dates = "04:15"; allowReboot = true; }; # Open firewall for SSH networking.firewall.allowedTCPPorts = [ 22 11434 ]; services.openssh = { enable = true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; }; }; }; }