{ config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; boot.kernel.sysctl."net.ipv4.ip_forward" = true; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.supportedFilesystems = [ "bcachefs" ]; boot.kernelPackages = pkgs.linuxPackages_latest; time.timeZone = "Europe/Paris"; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "fr"; }; services.dbus.packages = with pkgs; [ dconf ]; nixpkgs.config.allowUnfree = true; programs.zsh.enable = true; environment.systemPackages = with pkgs; [ wget brightnessctl nix-search-cli git btop ranger dnsmasq screen ]; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; services.openssh.enable = true; services.netbird.enable = true; boot.kernelModules = [ "kvm-intel" "kvm-amd" ]; programs.virt-manager.enable = true; virtualisation.libvirtd.enable = true; security.acme = { acceptTerms = true; defaults.email = "root@katvayor.net"; }; services.nginx = let vhosts = { "degette.katvayor.net" = { vm = "192.168.122.2"; sshport = 22000; }; "betamail.katvayor.net" = { vm = "192.168.122.3"; sshport = 22002; }; "catvayor.sh" = { vm = "192.168.122.3"; sshport = null; }; "traque.dgnum.eu" = { vm = "192.168.122.4"; sshport = null; }; "traque.katvayor.net" = { vm = "192.168.122.4"; sshport = 22001; }; "test.traque.katvayor.net" = { vm = "192.168.122.4"; sshport = null; }; "son.katvayor.net" = { vm = "192.168.122.5"; sshport = null; }; "orchid.katvayor.net" = { vm = "192.168.122.6"; sshport = 22042; }; }; in { enable = true; virtualHosts = let manah-webroot = pkgs.runCommand "manah" { } '' mkdir -p $out/.kat-manah/ ln -nsf ${./error} $out/.kat-manah/error ''; in { "manah.katvayor.net" = { default = true; enableACME = true; addSSL = true; locations = { "/.kat-manah" = { extraConfig = '' internal; error_page 404 =418 /.kat-manah/error/418.html; ''; root = manah-webroot; }; "/" = { extraConfig = '' return 418; error_page 418 =418 /.kat-manah/error/418.html; ''; }; }; }; } // builtins.mapAttrs ( _: { vm, ... }: { enableACME = true; addSSL = true; acmeFallbackHost = vm; acmeFallbackRecommendedProxySettings = true; locations = { "/.kat-manah" = { extraConfig = '' internal; error_page 404 =418 /.kat-manah/error/418.html; ''; root = manah-webroot; }; "/" = { recommendedProxySettings = true; proxyPass = "https://${vm}/"; extraConfig = '' proxy_set_header Connection '''; proxy_http_version 1.1; chunked_transfer_encoding off; proxy_buffering off; proxy_cache off; error_page 502 =599 "/.kat-manah/error/599.html"; ''; }; }; } ) vhosts; streamConfig = builtins.concatStringsSep "\n" ( lib.mapAttrsToList ( vhost: { vm, sshport }: lib.optionalString (!isNull sshport) '' server { listen ${toString sshport}; proxy_pass ${vm}:22; } '' ) vhosts ) + '' server { listen 993; proxy_pass 192.168.122.3:993; } server { listen 465; proxy_pass 192.168.122.3:465; } server { listen 25; proxy_pass 192.168.122.3:25; } ''; }; networking.firewall = { allowedTCPPorts = [ 22 25 53 80 443 465 993 ]; allowedTCPPortRanges = [ { from = 22000; to = 22100; } ]; allowedUDPPorts = [ 67 ]; }; system.stateVersion = "23.11"; }