config-perso/machines/kat-probook/default.nix

{
  config,
  lib,
  pkgs,
  mods,
  sources,
  nodes,
  users,
  ...
}:
{
  deployment.allowLocalDeployment = true;

  imports = [
    ./hardware-configuration.nix
    users.catvayor
    # ./router.nix
  ];

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  fileSystems."/tmp" = {
    fsType = "tmpfs";
    device = "tmpfs";
    options = [
      "nosuid"
      "nodev"
      "relatime"
      "size=12G"
    ];
  };
  boot.loader = {
    systemd-boot.enable = true;
    efi.canTouchEfiVariables = true;
  };

  nix.settings.trusted-users = [
    "root"
    "@wheel"
  ];
  networking.networkmanager = {
    enable = true;
    unmanaged = [
      "enp2s0"
      "wg0"
    ];
  };
  kat.wireguardPubKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
  systemd.network = {
    wait-online.anyInterface = true;
    networks = {
      "50-wg0" = {
        name = "wg0";
        address = [
          "10.10.10.13/24"
          "10.42.1.1/16"
        ];
      };
      "10-enp2s0" = {
        name = "enp2s0";
        DHCP = "ipv4";
        networkConfig.IPv6AcceptRA = "yes";
        dhcpV4Config.RouteMetric = 500;
        dhcpV6Config.RouteMetric = 500;
        ipv6AcceptRAConfig.RouteMetric = 500;
      };
    };
    netdevs."50-wg0" = {
      netdevConfig = {
        Name = "wg0";
        Kind = "wireguard";
      };
      wireguardConfig.PrivateKeyFile = "/wg/private.key";

      wireguardPeers = [
        {
          AllowedIPs = [
            "10.10.10.0/24"
          ];
          PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es=";
          Endpoint = "129.199.129.76:1194";
          PersistentKeepalive = 25;
        }
        {
          AllowedIPs = [
            "10.42.0.0/16"
          ];
          PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
          Endpoint = "watcher.katvayor.net:1194";
          PersistentKeepalive = 25;
        }
      ];
    };
  };

  nixpkgs.config.allowUnfree = true;

  security.rtkit.enable = true;
  hardware.bluetooth = {
    enable = true;
    powerOnBoot = false;
  };

  environment.systemPackages = with pkgs; [ brightnessctl ];
  fonts.packages = with pkgs; [
    fira-code-nerdfont
    font-awesome
  ];

  services = {
    pipewire = {
      enable = true;
      alsa = {
        enable = true;
        support32Bit = true;
      };
      pulse.enable = true;
    };
    syncthing = {
      enable = true;
      systemService = true;
      dataDir = "/home/catvayor";
      user = "catvayor";
      group = "users";
      openDefaultPorts = true;
      settings = {
        folders."essentials" = {
          path = "~/essentials";
          id = "vgpwu-fk3ct";
          devices = [
            "katel"
          ];
        };
        devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ";
      };
    };
  };

  programs = {
    steam.enable = true;
    virt-manager.enable = true;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
  };

  system.stateVersion = "23.11";
}