config-perso/machines/kat-probook/configuration.nix

{
  pkgs,
  meta,
  users,
  lib,
  sources,
  ...
}:
let
  inherit (lib) mkMerge;
in
{
  deployment.allowLocalDeployment = true;

  imports = [
    ./hardware-configuration.nix
    users.catvayor
    # ./router.nix
  ];

  fileSystems."/tmp" = {
    fsType = "tmpfs";
    device = "tmpfs";
    options = [
      "nosuid"
      "nodev"
      "relatime"
      "size=12G"
    ];
  };
  boot = {
    kernel.sysctl."net.ipv4.ip_forward" = true;
    binfmt.emulatedSystems = [ "aarch64-linux" ];
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
  };

  nix.settings = mkMerge [
    ((import sources.dgnum-infra { }).mkCacheSettings {
      caches = [ "infra" ];
    })
    {
      trusted-users = [
        "root"
        "@wheel"
      ];
    }
  ];
  networking = {
    networkmanager = {
      enable = true;
      unmanaged = [
        "enp2s0"
        "wg0"
      ];
    };
    firewall.allowedUDPPorts = [ 67 53 ];
  };
  systemd.tmpfiles.rules = [
    "w /sys/devices/system/cpu/cpufreq/policy*/scaling_governor - - - - performance"
    "w /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference - - - - performance"
  ];
  systemd.network = {
    wait-online.anyInterface = true;
    networks = {
      "50-wg0" = {
        name = "wg0";
        address = [
          "10.42.1.1/16"
        ];
        networkConfig = {
          DNS = [
            "100.80.129.176"
          ];
          Domains = "dgnum";
        };
      };
      "50-wg1" = {
        name = "wg1";
        address = [
          "10.10.10.13/24"
        ];
      };
      "10-enp2s0" = {
        name = "enp2s0";
        DHCP = "ipv4";
        networkConfig.IPv6AcceptRA = "yes";
        dhcpV4Config.RouteMetric = 500;
        dhcpV6Config.RouteMetric = 500;
        ipv6AcceptRAConfig.RouteMetric = 500;
      };
    };
    netdevs = {
      "50-wg0" = {
        netdevConfig = {
          Name = "wg0";
          Kind = "wireguard";
        };
        wireguardConfig = {
          PrivateKeyFile = "/wg/private.key";
          RouteTable = "main";
          RouteMetric = 2000;
        };

        wireguardPeers = meta.lib.mkPeers;
      };
      "50-wg1" = {
        netdevConfig = {
          Name = "wg1";
          Kind = "wireguard";
        };
        wireguardConfig = {
          PrivateKeyFile = "/wg/private.key";
          RouteTable = "main";
          RouteMetric = 2000;
        };

        wireguardPeers = [
          {
            AllowedIPs = [
              "10.10.10.0/24"
            ];
            PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es=";
            Endpoint = "129.199.129.76:1194";
            PersistentKeepalive = 25;
          }
        ];
      };
    };
  };

  nixpkgs.config.allowUnfree = true;

  security.rtkit.enable = true;
  hardware.bluetooth = {
    enable = true;
    powerOnBoot = false;
  };

  environment.systemPackages = with pkgs; [ brightnessctl ];
  fonts.packages = with pkgs; [
    fira-code-nerdfont
    font-awesome
  ];

  services = {
    pipewire = {
      enable = true;
      alsa = {
        enable = true;
        support32Bit = true;
      };
      pulse.enable = true;
    };
    syncthing = {
      enable = true;
      systemService = true;
      dataDir = "/home/catvayor";
      user = "catvayor";
      group = "users";
      openDefaultPorts = true;
      settings = {
        folders."essentials" = {
          path = "~/essentials";
          id = "vgpwu-fk3ct";
          devices = [
            "katel"
          ];
        };
        devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ";
      };
    };
    udev.packages = [ pkgs.nitrokey-udev-rules ];
  };

  programs = {
    steam.enable = true;
    virt-manager.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
  };

  home-manager.users = {
    "root".kat.work-tooling = true;
    "catvayor".kat.work-tooling = true;
  };

  virtualisation.libvirtd = {
    enable = true;
    qemu.vhostUserPackages = [ pkgs.virtiofsd ];
  };

  system.stateVersion = "23.11";
}
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`{`
			`pkgs,`
feat(meta): get vpn-ip, wg-key and subnets 2025-01-06 15:29:31 +01:00			`meta,`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`users,`
feat: DGNum cache 2024-12-18 13:14:47 +01:00			`lib,`
			`sources,`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`...`
			`}:`
feat: DGNum cache 2024-12-18 13:14:47 +01:00			`let`
			`inherit (lib) mkMerge;`
			`in`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`{`
			`deployment.allowLocalDeployment = true;`

			`imports = [`
			`./hardware-configuration.nix`
			`users.catvayor`
~ 2024-12-06 17:36:37 +01:00			`# ./router.nix`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`];`

			`fileSystems."/tmp" = {`
			`fsType = "tmpfs";`
			`device = "tmpfs";`
			`options = [`
			`"nosuid"`
			`"nodev"`
			`"relatime"`
			`"size=12G"`
			`];`
			`};`
			`boot = {`
			`kernel.sysctl."net.ipv4.ip_forward" = true;`
			`binfmt.emulatedSystems = [ "aarch64-linux" ];`
			`loader = {`
			`systemd-boot.enable = true;`
			`efi.canTouchEfiVariables = true;`
			`};`
			`};`

feat: DGNum cache 2024-12-18 13:14:47 +01:00			`nix.settings = mkMerge [`
			`((import sources.dgnum-infra { }).mkCacheSettings {`
			`caches = [ "infra" ];`
			`})`
			`{`
			`trusted-users = [`
			`"root"`
			`"@wheel"`
			`];`
			`}`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`];`
feat(probook): virtiofs & vm networking 2025-01-23 11:03:29 +01:00			`networking = {`
			`networkmanager = {`
			`enable = true;`
			`unmanaged = [`
			`"enp2s0"`
			`"wg0"`
			`];`
			`};`
			`firewall.allowedUDPPorts = [ 67 53 ];`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`};`
feat(probook): cpu in performance mode 2024-12-28 22:56:53 +01:00			`systemd.tmpfiles.rules = [`
			`"w /sys/devices/system/cpu/cpufreq/policy*/scaling_governor - - - - performance"`
			`"w /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference - - - - performance"`
			`];`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`systemd.network = {`
			`wait-online.anyInterface = true;`
			`networks = {`
			`"50-wg0" = {`
			`name = "wg0";`
			`address = [`
			`"10.42.1.1/16"`
			`];`
feat(vpn): add dgnum vpn & firewall 2025-01-10 15:49:51 +01:00			`networkConfig = {`
			`DNS = [`
			`"100.80.129.176"`
			`];`
			`Domains = "dgnum";`
			`};`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`};`
feat(meta/vpn): internal routing 2025-01-07 11:27:06 +01:00			`"50-wg1" = {`
			`name = "wg1";`
			`address = [`
			`"10.10.10.13/24"`
			`];`
			`};`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`"10-enp2s0" = {`
			`name = "enp2s0";`
			`DHCP = "ipv4";`
			`networkConfig.IPv6AcceptRA = "yes";`
			`dhcpV4Config.RouteMetric = 500;`
			`dhcpV6Config.RouteMetric = 500;`
			`ipv6AcceptRAConfig.RouteMetric = 500;`
			`};`
			`};`
feat(meta/vpn): internal routing 2025-01-07 11:27:06 +01:00			`netdevs = {`
			`"50-wg0" = {`
			`netdevConfig = {`
			`Name = "wg0";`
			`Kind = "wireguard";`
			`};`
			`wireguardConfig = {`
			`PrivateKeyFile = "/wg/private.key";`
			`RouteTable = "main";`
			`RouteMetric = 2000;`
			`};`

			`wireguardPeers = meta.lib.mkPeers;`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`};`
feat(meta/vpn): internal routing 2025-01-07 11:27:06 +01:00			`"50-wg1" = {`
			`netdevConfig = {`
			`Name = "wg1";`
			`Kind = "wireguard";`
			`};`
			`wireguardConfig = {`
			`PrivateKeyFile = "/wg/private.key";`
			`RouteTable = "main";`
			`RouteMetric = 2000;`
			`};`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00
feat(meta/vpn): internal routing 2025-01-07 11:27:06 +01:00			`wireguardPeers = [`
			`{`
			`AllowedIPs = [`
			`"10.10.10.0/24"`
			`];`
			`PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es=";`
			`Endpoint = "129.199.129.76:1194";`
			`PersistentKeepalive = 25;`
			`}`
			`];`
			`};`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`};`
			`};`

			`nixpkgs.config.allowUnfree = true;`

			`security.rtkit.enable = true;`
			`hardware.bluetooth = {`
			`enable = true;`
			`powerOnBoot = false;`
			`};`

			`environment.systemPackages = with pkgs; [ brightnessctl ];`
			`fonts.packages = with pkgs; [`
			`fira-code-nerdfont`
			`font-awesome`
			`];`

			`services = {`
			`pipewire = {`
			`enable = true;`
			`alsa = {`
			`enable = true;`
			`support32Bit = true;`
			`};`
			`pulse.enable = true;`
			`};`
			`syncthing = {`
			`enable = true;`
			`systemService = true;`
			`dataDir = "/home/catvayor";`
			`user = "catvayor";`
			`group = "users";`
			`openDefaultPorts = true;`
			`settings = {`
			`folders."essentials" = {`
			`path = "~/essentials";`
			`id = "vgpwu-fk3ct";`
			`devices = [`
			`"katel"`
			`];`
			`};`
			`devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ";`
			`};`
			`};`
chore: begin ssh key rotation 2025-01-14 16:54:44 +01:00			`udev.packages = [ pkgs.nitrokey-udev-rules ];`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`};`

			`programs = {`
			`steam.enable = true;`
			`virt-manager.enable = true;`
chore: begin ssh key rotation 2025-01-14 16:54:44 +01:00			`ssh.startAgent = false;`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`gnupg.agent = {`
			`enable = true;`
			`enableSSHSupport = true;`
			`};`
			`};`

			`home-manager.users = {`
feat(work-tools): init with numbat 2025-01-17 17:40:29 +01:00			`"root".kat.work-tooling = true;`
			`"catvayor".kat.work-tooling = true;`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00			`};`

feat(probook): virtiofs & vm networking 2025-01-23 11:03:29 +01:00			`virtualisation.libvirtd = {`
			`enable = true;`
			`qemu.vhostUserPackages = [ pkgs.virtiofsd ];`
			`};`
feat: made some node stable, and npins update 2024-12-05 17:03:42 +01:00
			`system.stateVersion = "23.11";`
			`}`