{ config, lib, pkgs, nodes, ... }: { imports = [ ./hardware-configuration.nix ]; boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; kernel.sysctl."net.ipv4.ip_forward" = true; kernelModules = [ "kvm-intel" "kvm-amd" ]; }; kat.wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM="; systemd.network = { enable = true; networks = { "50-wg0" = { name = "wg0"; addresses = [ { Address = "10.42.0.1/16"; AddPrefixRoute = false; } ]; routes = [ { Destination = "10.42.0.0/16"; Source = "10.42.0.1"; } ]; }; }; netdevs = { "50-wg0" = { netdevConfig = { Name = "wg0"; Kind = "wireguard"; }; wireguardConfig = { PrivateKeyFile = "/etc/wg/private.key"; }; wireguardPeers = [ { Endpoint = "watcher.katvayor.net:1194"; AllowedIPs = [ "10.42.0.2/32" ]; PersistentKeepalive = 20; PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey; } ]; }; }; }; environment.systemPackages = with pkgs; [ dnsmasq tcpdump ]; services.openssh.enable = true; services.netbird.enable = true; programs.virt-manager.enable = true; virtualisation.libvirtd.enable = true; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; }; kat-proxies = { enable = true; internal-webroot = pkgs.runCommand "manah" { } '' mkdir -p $out/.kat-manah/ ln -nsf ${./error} $out/.kat-manah/error ''; }; services.weechat = { enable = true; binary = "${pkgs.weechat}/bin/weechat-headless"; }; networking.firewall = { allowedTCPPorts = [ 9000 9500 53 ]; allowedUDPPorts = [ 67 ]; }; system.stateVersion = "23.11"; }