{ config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./disks.nix ]; boot = { loader.grub = { enable = true; efiSupport = true; efiInstallAsRemovable = true; }; supportedFilesystems = [ "bcachefs" ]; kernelPackages = pkgs.linuxPackages_latest; }; time.timeZone = "Europe/Paris"; networking = { useNetworkd = true; useDHCP = false; }; systemd.network = { enable = true; networks."10-ens3" = { name = "ens3"; address = [ "51.83.69.54/32" "2001:41d0:305:2100::5c52/56" ]; routes = [ { Destination = "51.83.68.1/32"; } { Destination = "213.186.33.99/32"; Gateway = "51.83.68.1"; } { Gateway = "51.83.68.1"; } { Gateway = "2001:41d0:305:2100::1"; } ]; dns = [ "213.186.33.99" ]; }; }; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "fr"; }; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; }; services.nginx = { enable = true; virtualHosts = { "degette.katvayor.net" = { enableACME = true; forceSSL = true; acmeFallbackHost = "100.102.49.84"; locations."/" = { recommendedProxySettings = true; proxyPass = "https://100.102.49.84/"; }; }; "traque.katvayor.net" = { enableACME = true; forceSSL = true; locations."/" = { recommendedProxySettings = true; proxyPass = "http://100.102.49.84/"; }; }; }; streamConfig = '' upstream kat-virt { server 100.102.49.84:22000; } server { listen 22000; proxy_pass kat-virt; } upstream kat-traque { server 100.102.49.84:22001; } server { listen 22001; proxy_pass kat-virt; } ''; }; services.dbus.packages = with pkgs; [ dconf ]; programs.zsh.enable = true; environment.systemPackages = with pkgs; [ wget nix-search-cli git btop ranger screen ]; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; services.openssh.enable = true; services.netbird.enable = true; networking = { nftables.enable = true; firewall = { allowedTCPPorts = [ 22 80 443 ]; allowedTCPPortRanges = [ { from = 22000; to = 22100; } ]; }; }; system.stateVersion = "23.11"; }