{ config, lib, pkgs, nodes, ... }: { imports = [ ./hardware-configuration.nix ./disks.nix ]; boot.loader.grub = { enable = true; efiSupport = true; efiInstallAsRemovable = true; }; kat.wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg="; networking = { useDHCP = false; firewall.allowedUDPPorts = [ 1194 ]; }; systemd.network = { enable = true; networks = { "10-ens3" = { name = "ens3"; address = [ "51.83.69.54/32" "2001:41d0:305:2100::5c52/56" ]; routes = [ { Destination = "51.83.68.1/32"; } { Destination = "213.186.33.99/32"; Gateway = "51.83.68.1"; } { Gateway = "51.83.68.1"; } { Gateway = "2001:41d0:305:2100::1"; } ]; dns = [ "213.186.33.99" ]; }; "50-wg0" = { name = "wg0"; addresses = [ { Address = "10.42.0.2/16"; AddPrefixRoute = false; } ]; routes = [ { Destination = "10.42.0.0/16"; Source = "10.42.0.2"; } ]; }; }; netdevs = { "50-wg0" = { netdevConfig = { Name = "wg0"; Kind = "wireguard"; }; wireguardConfig = { ListenPort = 1194; PrivateKeyFile = "/etc/wg/private.key"; }; wireguardPeers = [ { AllowedIPs = [ "10.42.0.1/32" ]; PublicKey = nodes.kat-manah.config.kat.wireguardPubKey; } { AllowedIPs = [ "10.42.1.1/32" ]; PublicKey = nodes.kat-probook.config.kat.wireguardPubKey; } ]; }; }; }; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; }; kat-proxies = { enable = true; internal-webroot = pkgs.runCommand "watcher" { } '' mkdir -p $out/.kat-watcher/ ln -nsf ${./error} $out/.kat-watcher/error ''; }; environment.systemPackages = with pkgs; [ tcpdump ]; services = { openssh.enable = true; netbird.enable = true; }; system.stateVersion = "23.11"; }