nix/hosts/jupiter/default.nix

{ inputs, ... }:
{
  nixpkgs.overlays = [
    inputs.lib.overlays.default
    inputs.self.overlays.default
    inputs.nur.overlays.default
  ];

  imports = [
    inputs.disko.nixosModules.disko
    ./format.nix
    ./hardware

    ../common/configs/system

    ../common/configs/system/boot
    ../common/configs/system/brightnessctl
    ../common/configs/system/btrbk
    ../common/configs/system/btrfs
    ../common/configs/system/documentation
    ../common/configs/system/git
    ../common/configs/system/impermanence
    ../common/configs/system/lanzaboote
    ../common/configs/system/neovim
    ../common/configs/system/networkmanager
    ../common/configs/system/nix
    ../common/configs/system/nix-cleanup
    ../common/configs/system/nixpkgs
    ../common/configs/system/ntp
    ../common/configs/system/podman
    ../common/configs/system/power
    ../common/configs/system/smartmontools
    ../common/configs/system/sops
    ../common/configs/system/ssh
    ../common/configs/system/sshd
    ../common/configs/system/sudo
    ../common/configs/system/system
    ../common/configs/system/users
    ../common/configs/system/zsh

    ./configs/btrbk
    ./configs/ssh
    ./configs/tv
    ./configs/wireguard

    ./users/storm
    ./users/nick
  ];

  networking.hostName = "jupiter";

  boot.initrd = {
    luks.devices = {
      main.keyFile = "/usb/keyfile";
      storage0.keyFile = "/usb/keyfile";
      storage1.keyFile = "/usb/keyfile";
    };

    systemd.contents."/etc/fstab".text = ''
      UUID=8E50-CD43 /usb vfat ro,umask=0377
    '';
  };

  # echo $(( (0x$(echo -n "storage" | sha256sum | cut -c1-8) % 999 ) + 1 ))
  users.groups.storage.gid = 694;

  systemd.tmpfiles.rules = [
    "v  /mnt/storage/public  2770 root storage - -"
    "a+ /mnt/storage/public  -    -    -       - d:g:storage:rwx"
    "v  /mnt/storage/private 0755 root root    - -"
  ];

  users.users.root.openssh.authorizedKeys.keyFiles = [
    "${inputs.secrets}/domains/personal/id_ed25519.pub"
  ];
}