{ ... }: { boot.initrd.network = { enable = true; ssh = { enable = true; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOv7i4ChPUm+DmELG6uRx0co4quhQ+h7QB4fgcxcC3qx contact@elliehigh.com" ]; shell = "/bin/cryptsetup-askpass"; hostKeys = [ "/etc/initrd-ssh/ssh_host_ed25519_dropbear" ]; }; }; boot.initrd.preLVMCommands = '' iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -j DROP ''; fileSystems."/media" = { device = "/dev/mapper/crypted"; fsType = "btrfs"; options = [ "subvol=/media" "compress=zstd" "noatime" ]; }; disko.devices.disk.main = { type = "disk"; device = "/dev/sda"; content = { "type" = "gpt"; partitions = { ESP = { size = "512M"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ "umask=0077" ]; }; }; luks = { size = "100%"; content = { type = "luks"; name = "crypted"; settings = { allowDiscards = true; }; content = { type = "btrfs"; # extraArgs = [ "-f" ]; subvolumes = { "/root" = { mountpoint = "/"; mountOptions = [ "compress=zstd" "noatime" ]; }; "/home" = { mountpoint = "/home"; mountOptions = [ "compress=zstd" "noatime" ]; }; "/jellyfin" = { mountpoint = "/jellyfin"; mountOptions = [ "compress=zstd" "noatime" ]; }; "/swap" = { mountpoint = "/.swapvol"; swap.swapfile.size = "36G"; }; }; }; }; }; }; }; }; }