{ pkgs, nodes, users, lib, sources, ... }: let inherit (lib) mkMerge; in { deployment.allowLocalDeployment = true; imports = [ ./hardware-configuration.nix users.catvayor # ./router.nix ]; fileSystems."/tmp" = { fsType = "tmpfs"; device = "tmpfs"; options = [ "nosuid" "nodev" "relatime" "size=12G" ]; }; boot = { kernel.sysctl."net.ipv4.ip_forward" = true; binfmt.emulatedSystems = [ "aarch64-linux" ]; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; nix.settings = mkMerge [ ((import sources.dgnum-infra { }).mkCacheSettings { caches = [ "infra" ]; }) { trusted-users = [ "root" "@wheel" ]; } ]; networking.networkmanager = { enable = true; unmanaged = [ "enp2s0" "wg0" ]; }; kat.wireguardPubKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4="; systemd.network = { wait-online.anyInterface = true; networks = { "50-wg0" = { name = "wg0"; address = [ "10.10.10.13/24" "10.42.1.1/16" ]; }; "10-enp2s0" = { name = "enp2s0"; DHCP = "ipv4"; networkConfig.IPv6AcceptRA = "yes"; dhcpV4Config.RouteMetric = 500; dhcpV6Config.RouteMetric = 500; ipv6AcceptRAConfig.RouteMetric = 500; }; }; netdevs."50-wg0" = { netdevConfig = { Name = "wg0"; Kind = "wireguard"; }; wireguardConfig.PrivateKeyFile = "/wg/private.key"; wireguardPeers = [ { AllowedIPs = [ "10.10.10.0/24" ]; PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es="; Endpoint = "129.199.129.76:1194"; PersistentKeepalive = 25; } { AllowedIPs = [ "10.42.0.0/16" ]; PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey; Endpoint = "watcher.katvayor.net:1194"; PersistentKeepalive = 25; } ]; }; }; nixpkgs.config.allowUnfree = true; security.rtkit.enable = true; hardware.bluetooth = { enable = true; powerOnBoot = false; }; environment.systemPackages = with pkgs; [ brightnessctl ]; fonts.packages = with pkgs; [ fira-code-nerdfont font-awesome ]; services = { pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; }; syncthing = { enable = true; systemService = true; dataDir = "/home/catvayor"; user = "catvayor"; group = "users"; openDefaultPorts = true; settings = { folders."essentials" = { path = "~/essentials"; id = "vgpwu-fk3ct"; devices = [ "katel" ]; }; devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ"; }; }; }; programs = { steam.enable = true; virt-manager.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; }; home-manager.users = { "root".kat.neovim.lsp = true; "catvayor".kat.neovim.lsp = true; }; virtualisation.libvirtd.enable = true; system.stateVersion = "23.11"; }