{ config, lib, pkgs, nodes, ... }: { imports = [ ./hardware-configuration.nix ]; boot.kernel.sysctl."net.ipv4.ip_forward" = true; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "bcachefs" ]; boot.kernelPackages = pkgs.linuxPackages_latest; kat.wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM="; systemd.network = { enable = true; networks = { "50-wg0" = { name = "wg0"; addresses = [ { Address = "10.42.0.1/16"; AddPrefixRoute = false; } ]; routes = [ { Destination = "10.42.0.0/16"; Source = "10.42.0.1"; } ]; }; }; netdevs = { "50-wg0" = { netdevConfig = { Name = "wg0"; Kind = "wireguard"; }; wireguardConfig = { PrivateKeyFile = "/etc/wg/private.key"; }; wireguardPeers = [ { Endpoint = "watcher.katvayor.net:1194"; AllowedIPs = [ "10.42.0.2/32" ]; PersistentKeepalive = 20; PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey; } ]; }; }; }; time.timeZone = "Europe/Paris"; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "fr"; }; services.dbus.packages = with pkgs; [ dconf ]; nixpkgs.config.allowUnfree = true; programs.zsh.enable = true; environment.systemPackages = with pkgs; [ wget brightnessctl nix-search-cli git btop ranger dnsmasq screen ]; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; services.openssh.enable = true; services.netbird.enable = true; boot.kernelModules = [ "kvm-intel" "kvm-amd" ]; programs.virt-manager.enable = true; virtualisation.libvirtd.enable = true; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; }; kat-proxies = { enable = true; internal-webroot = pkgs.runCommand "manah" { } '' mkdir -p $out/.kat-manah/ ln -nsf ${./error} $out/.kat-manah/error ''; }; services.weechat = { enable = true; binary = "${pkgs.weechat}/bin/weechat-headless"; }; networking.firewall = { allowedTCPPorts = [ 9000 9500 53 ]; allowedUDPPorts = [ 67 ]; }; system.stateVersion = "23.11"; }