{ pkgs, meta, users, lib, sources, ... }: let inherit (lib) mkMerge; in { deployment.allowLocalDeployment = true; imports = [ ./hardware-configuration.nix users.catvayor # ./router.nix ]; fileSystems."/tmp" = { fsType = "tmpfs"; device = "tmpfs"; options = [ "nosuid" "nodev" "relatime" "size=12G" ]; }; boot = { kernel.sysctl."net.ipv4.ip_forward" = true; binfmt.emulatedSystems = [ "aarch64-linux" ]; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; nix.settings = mkMerge [ ((import sources.dgnum-infra { }).mkCacheSettings { caches = [ "infra" ]; }) { trusted-users = [ "root" "@wheel" ]; } ]; networking = { networkmanager = { enable = true; unmanaged = [ "enp2s0" "wg0" ]; }; firewall.allowedUDPPorts = [ 67 53 ]; }; systemd.tmpfiles.rules = [ "w /sys/devices/system/cpu/cpufreq/policy*/scaling_governor - - - - performance" "w /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference - - - - performance" ]; systemd.network = { wait-online.anyInterface = true; networks = { "50-wg0" = { name = "wg0"; address = [ "10.42.1.1/16" ]; networkConfig = { DNS = [ "100.80.129.176" ]; Domains = "dgnum"; }; }; "50-wg1" = { name = "wg1"; address = [ "10.10.10.13/24" ]; }; "10-enp2s0" = { name = "enp2s0"; DHCP = "ipv4"; networkConfig.IPv6AcceptRA = "yes"; dhcpV4Config.RouteMetric = 500; dhcpV6Config.RouteMetric = 500; ipv6AcceptRAConfig.RouteMetric = 500; }; }; netdevs = { "50-wg0" = { netdevConfig = { Name = "wg0"; Kind = "wireguard"; }; wireguardConfig = { PrivateKeyFile = "/wg/private.key"; RouteTable = "main"; RouteMetric = 2000; }; wireguardPeers = meta.lib.mkPeers; }; "50-wg1" = { netdevConfig = { Name = "wg1"; Kind = "wireguard"; }; wireguardConfig = { PrivateKeyFile = "/wg/private.key"; RouteTable = "main"; RouteMetric = 2000; }; wireguardPeers = [ { AllowedIPs = [ "10.10.10.0/24" ]; PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es="; Endpoint = "129.199.129.76:1194"; PersistentKeepalive = 25; } ]; }; }; }; nixpkgs.config.allowUnfree = true; security.rtkit.enable = true; hardware.bluetooth = { enable = true; powerOnBoot = false; }; environment.systemPackages = with pkgs; [ brightnessctl ]; fonts.packages = with pkgs; [ fira-code-nerdfont font-awesome ]; services = { pipewire = { enable = true; alsa = { enable = true; support32Bit = true; }; pulse.enable = true; }; syncthing = { enable = true; systemService = true; dataDir = "/home/catvayor"; user = "catvayor"; group = "users"; openDefaultPorts = true; settings = { folders."essentials" = { path = "~/essentials"; id = "vgpwu-fk3ct"; devices = [ "katel" ]; }; devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ"; }; }; udev.packages = [ pkgs.nitrokey-udev-rules ]; }; programs = { steam.enable = true; virt-manager.enable = true; ssh.startAgent = false; gnupg.agent = { enable = true; enableSSHSupport = true; }; }; home-manager.users = { "root".kat.work-tooling = true; "catvayor".kat.work-tooling = true; }; virtualisation.libvirtd = { enable = true; qemu.vhostUserPackages = [ pkgs.virtiofsd ]; }; system.stateVersion = "23.11"; }