{ config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./disks.nix ]; boot = { loader.grub = { enable = true; efiSupport = true; efiInstallAsRemovable = true; }; supportedFilesystems = [ "bcachefs" ]; kernelPackages = pkgs.linuxPackages_latest; }; time.timeZone = "Europe/Paris"; networking = { useNetworkd = true; useDHCP = false; }; systemd.network = { enable = true; networks."10-ens3" = { name = "ens3"; address = [ "51.83.69.54/32" "2001:41d0:305:2100::5c52/56" ]; routes = [ { Destination = "51.83.68.1/32"; } { Destination = "213.186.33.99/32"; Gateway = "51.83.68.1"; } { Gateway = "51.83.68.1"; } { Gateway = "2001:41d0:305:2100::1"; } ]; dns = [ "213.186.33.99" ]; }; }; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "fr"; }; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; }; services.nginx = let kat-r86s = "100.102.49.84"; vhosts = { "degette.katvayor.net" = 22000; "traque.katvayor.net" = 22001; "betamail.katvayor.net" = 22002; }; in { enable = true; virtualHosts = builtins.mapAttrs (_: _: { enableACME = true; forceSSL = true; acmeFallbackHost = kat-r86s; acmeFallbackRecommendedProxySettings = true; locations."/" = { recommendedProxySettings = true; proxyPass = "https://${kat-r86s}/"; }; }) vhosts; streamConfig = builtins.concatStringsSep "\n" ( lib.mapAttrsToList (vhost: sshport: '' server { listen ${toString sshport}; proxy_pass ${kat-r86s}:${toString sshport}; } '') vhosts ); }; services.dbus.packages = with pkgs; [ dconf ]; programs.zsh.enable = true; environment.systemPackages = with pkgs; [ wget nix-search-cli git btop ranger screen ]; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; services.openssh.enable = true; services.netbird.enable = true; networking = { nftables.enable = true; firewall = { allowedTCPPorts = [ 22 80 443 ]; allowedTCPPortRanges = [ { from = 22000; to = 22100; } ]; }; }; system.stateVersion = "23.11"; }