{ config, lib, pkgs, ... }: { deployment = { targetHost = "www.kat"; tags = [ "kat-vms" ]; }; imports = [ ./hardware-configuration.nix ./disks.nix ]; boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; kernelParams = [ "console=ttyS0" ]; }; kat = { fqdn = "website.katvayor.net"; proxies = { aliases = [ "www.katvayor.net" "katvayor.net" "netbox.katvayor.net" ]; ip = "192.168.122.7"; }; }; systemd.network.enable = lib.mkForce false; networking = { useNetworkd = lib.mkForce false; interfaces."enp1s0" = { useDHCP = false; ipv4.addresses = [ { address = "192.168.122.7"; prefixLength = 24; } ]; ipv6.addresses = [ { address = "fe80::7"; prefixLength = 64; } ]; }; defaultGateway = "192.168.122.1"; defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; }; nameservers = [ "192.168.122.1" "fe80::1%enp1s0" ]; }; networking.firewall.enable = false; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; certs."website.katvayor.net".extraDomainNames = [ "netbox.katvayor.net" ]; }; services = { openssh.enable = true; qemuGuest.enable = true; nginx = { enable = true; virtualHosts = { "website.katvayor.net" = { serverAliases = [ "www.katvayor.net" "katvayor.net" ]; enableACME = true; addSSL = true; locations."/" = { alias = "/var/lib/www/"; index = "index.html"; }; }; "netbox.katvayor.net" = { useACMEHost = "website.katvayor.net"; addSSL = true; locations = { "/" = { recommendedProxySettings = true; proxyPass = "http://localhost:8001"; }; "/static/".alias = "${config.services.netbox.dataDir}/static/"; }; }; }; }; netbox = { enable = true; package = pkgs.netbox_4_1; listenAddress = "127.0.0.1"; secretKeyFile = "${config.services.netbox.dataDir}/secret.key"; }; }; users.users.nginx.extraGroups = [ "netbox" ]; system.stateVersion = "23.11"; }