{ config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./disks.nix ]; boot = { loader.grub = { enable = true; efiSupport = true; efiInstallAsRemovable = true; }; supportedFilesystems = [ "bcachefs" ]; kernelPackages = pkgs.linuxPackages_latest; }; time.timeZone = "Europe/Paris"; networking = { useNetworkd = true; useDHCP = false; }; systemd.network = { enable = true; networks."10-ens3" = { name = "ens3"; address = [ "51.83.69.54/32" "2001:41d0:305:2100::5c52/56" ]; routes = [ { Destination = "51.83.68.1/32"; } { Destination = "213.186.33.99/32"; Gateway = "51.83.68.1"; } { Gateway = "51.83.68.1"; } { Gateway = "2001:41d0:305:2100::1"; } ]; dns = [ "213.186.33.99" ]; }; }; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "fr"; }; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; }; services.nginx = let kat-r86s = "100.102.49.84"; vhosts = { "manah.katvayor.net" = null; "degette.katvayor.net" = 22000; "traque.katvayor.net" = 22001; "betamail.katvayor.net" = 22002; "test.traque.katvayor.net" = null; "son.katvayor.net" = null; }; in { enable = true; virtualHosts = let watcher-webroot = pkgs.runCommand "watcher" { } '' mkdir -p $out/.kat-watcher/ ln -nsf ${./error} $out/.kat-watcher/error ''; in { "watcher.katvayor.net" = { default = true; enableACME = true; addSSL = true; locations = { "/.kat-watcher" = { extraConfig = '' internal; error_page 404 =418 /.kat-watcher/error/418.html; ''; root = watcher-webroot; }; "/" = { extraConfig = '' return 418; error_page 418 =418 /.kat-watcher/error/418.html; ''; }; }; }; } // builtins.mapAttrs (_: _: { enableACME = true; forceSSL = true; acmeFallbackHost = kat-r86s; acmeFallbackRecommendedProxySettings = true; locations = { "/.kat-watcher" = { extraConfig = '' internal; error_page 404 =418 /.kat-watcher/error/418.html; ''; root = watcher-webroot; }; "/" = { recommendedProxySettings = true; proxyPass = "https://${kat-r86s}/"; extraConfig = '' proxy_set_header Connection '''; proxy_http_version 1.1; chunked_transfer_encoding off; proxy_buffering off; proxy_cache off; error_page 502 =599 "/.kat-watcher/error/599.html"; ''; }; }; }) vhosts; streamConfig = builtins.concatStringsSep "\n" ( lib.mapAttrsToList ( vhost: sshport: lib.optionalString (!isNull sshport) '' server { listen ${toString sshport}; proxy_pass ${kat-r86s}:${toString sshport}; } '' ) vhosts ) + '' server { listen 993; proxy_pass ${kat-r86s}:993; } server { listen 465; proxy_pass ${kat-r86s}:465; } ''; }; services.dbus.packages = with pkgs; [ dconf ]; programs.zsh.enable = true; environment.systemPackages = with pkgs; [ wget nix-search-cli git btop ranger screen ]; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; services.openssh.enable = true; services.netbird.enable = true; networking = { nftables.enable = true; firewall = { allowedTCPPorts = [ 22 80 443 993 465 ]; allowedTCPPortRanges = [ { from = 22000; to = 22100; } ]; }; }; system.stateVersion = "23.11"; }