{ lib, pkgs, ... }: let pubKeys = lib.filesystem.listFilesRecursive ../../users/keys; container_name = "jellyfin"; container_ip = "10.0.10.6"; in { environment.persistence."/persist" = { hideMounts = true; directories = [ "/var/lib/nixos-containers/${container_name}" ]; }; networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; networking.nat.externalInterface = "br0"; containers.postgres = { autoStart = true; privateNetwork = true; hostBridge = "br0"; nixpkgs = pkgs.path; config = { pkgs, lib, ... }: { networking = { defaultGateway = "10.0.10.1"; interfaces.eth0.ipv4.addresses = [ { "address" = "${container_ip}"; "prefixLength" = 24; } ]; firewall = { enable = true; allowedTCPPorts = [ 5432 ]; }; useHostResolvConf = lib.mkForce false; }; services.resolved.enable = true; services.jellyfin = { enable = true; openFirewall = true; }; environment.systemPackages = [ pkgs.jellyfin pkgs.jellyfin-web pkgs.jellyfin-ffmpeg pkgs.lsof ]; services.openssh = { enable = true; settings.PasswordAuthentication = false; }; users.users.root = { openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); }; system.stateVersion = "24.05"; }; }; }