{ config, lib, pkgs, rpi5-kernel, ... }: let modules = builtins.map (mod: modules/${mod}.nix); in { imports = modules [ "acme" "fail2ban" "forgejo" ]; boot.kernelPackages = rpi5-kernel.legacyPackages.aarch64-linux.linuxPackages_rpi5; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = false; nix.package = pkgs.nixVersions.latest; nix.settings.experimental-features = [ "nix-command" "flakes" ]; time.timeZone = "America/New_York"; networking.hostName = "toki-aether"; networking.wireless.iwd.enable = true; networking.wireless.iwd.settings = { Settings.AutoConnect = true; Network.EnableIPv6 = false; General.EnableNetworkConfiguration = true; }; services.openssh.enable = true; services.openssh.settings = { PasswordAuthentication = false; PermitRootLogin = "yes"; }; users.mutableUsers = false; users.users.root = { hashedPassword = "$y$j9T$LHeAgn5XytQM5DLfGSDT30$9OD3eIua5vEy4/GFBbT1oe1UnlNxDHt9thqsiqcGXy7"; openssh.authorizedKeys.keys = (import secrets/secrets.nix).keys; }; networking.firewall.allowedTCPPorts = [ 22 80 443 ]; environment.systemPackages = with pkgs; [ openssl rsync curl git wget ]; system.stateVersion = "24.05"; }