{ config, lib, pkgs, ... }: let zfsCompatibleKernelPackages = lib.filterAttrs ( name: kernelPackages: (builtins.match "linux_[0-9]+_[0-9]+" name) != null && (builtins.tryEval kernelPackages).success && (!kernelPackages.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken) ) pkgs.linuxKernel.packages; latestKernelPackage = lib.last ( lib.sort (a: b: (lib.versionOlder a.kernel.version b.kernel.version)) ( builtins.attrValues zfsCompatibleKernelPackages ) ); in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ../common (import ../../modules).leviathan ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.kernelPackages = lib.mkForce latestKernelPackage; boot.supportedFilesystems = ["zfs"]; networking = { useDHCP = false; hostName = "leviathan"; hostId = "abcd1234"; interfaces.enp1s0.useDHCP = true; nameservers = [ "1.1.1.1" ]; firewall.allowedTCPPorts = [8000 8123 8095]; }; environment.systemPackages = with pkgs; [ helix kitty # For terminfo lazygit ]; containers.radarr = { autoStart = true; bindMounts = { "/data" = { hostPath = "/store/media"; mountPoint = "/store/media"; isReadOnly = false; }; }; config = { config, pkgs, lib, ... }: { services.radarr = { enable = true; user = "root"; group = "root"; }; system.stateVersion = "24.11"; }; }; services.openssh.settings.PermitRootLogin = "yes"; security.rtkit.enable = true; users.groups."media".name = "media"; services = { copyparty = { enable = true; settings = { i = "100.64.214.3"; }; accounts = { }; volumes = { "/" = { path = "/srv/copyparty"; access = { rw = "*"; }; }; }; }; jellyfin = { enable = true; group = "media"; }; music-assistant = { enable = true; providers = [ "builtin_player" "chromecast" "hass" "hass_players" "soundcloud" "spotify" "spotify_connect" "ytmusic" ]; }; pipewire = { enable = true; pulse.enable = true; alsa.enable = true; alsa.support32Bit = true; wireplumber.enable = true; }; }; programs.virt-manager.enable = true; virtualisation = { libvirtd = { enable = true; allowedBridges = ["br0"]; }; oci-containers = { backend = "podman"; containers.homeassistant = { volumes = ["home-assistant:/config"]; environment.TZ = "Europe/Berlin"; image = "ghcr.io/home-assistant/home-assistant:2025.10.2"; extraOptions = [ # Use the host network namespace for all sockets "--network=host" # Pass devices into the container, so Home Assistant can discover and make use of them "--device=/dev/ttyUSB0:/dev/ttyUSB0" ]; }; }; }; # systemd.services.libvirt-default-network = { # description = "Start libvirt bridge network"; # after = ["libvirtd.service"]; # wantedBy = ["multi-user.target"]; # serviceConfig = { # Type = "oneshot"; # RemainAfterExit = true; # ExecStart = "${pkgs.libvirt}/bin/virsh net-start bridged-network"; # ExecStop = "${pkgs.libvirt}/bin/virsh net-destroy bridged-network"; # User = "root"; # }; # }; # systemd.services.libvirt-home-assistant = { # description = "Start home assistant VM"; # after = ["libvirt-default-network.service"]; # wantedBy = ["multi-user.target"]; # serviceConfig = { # Type = "oneshot"; # RemainAfterExit = true; # ExecStart = "${pkgs.libvirt}/bin/virsh start hass"; # ExecStop = "${pkgs.libvirt}/bin/virsh destroy hass"; # User = "root"; # }; # }; system.stateVersion = "25.05"; # Did you read the comment? }