{ self, ... } @ inputs: { modulesPath, lib, ... }: # let # pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux; # in { imports = [ "${modulesPath}/profiles/qemu-guest.nix" ../../users/root ../../users/erwin ]; eboskma = { users.erwin = { enable = true; server = true; }; headscale = { enable = true; baseDomain = "asgard.datarift.nl"; serverUrl = "https://heimdall.datarift.nl"; }; nix-common = { enable = true; }; }; networking = { hostName = "heimdall"; domain = "datarift.nl"; nameservers = [ "8.8.8.8" ]; defaultGateway = "172.31.1.1"; defaultGateway6 = { address = "fe80::1"; interface = "eth0"; }; dhcpcd.enable = false; usePredictableInterfaceNames = lib.mkForce false; interfaces = { eth0 = { ipv4.addresses = [ { address = "159.69.211.175"; prefixLength = 32; } ]; ipv6.addresses = [ { address = "2a01:4f8:1c1e:5fb2::1"; prefixLength = 64; } { address = "fe80::9400:2ff:fe12:a2eb"; prefixLength = 64; } ]; ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }]; ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }]; }; }; }; services.udev.extraRules = '' ATTR{address}=="96:00:02:12:a2:eb", NAME="eth0" ''; ### Hetzner stuff boot = { cleanTmpDir = true; loader.grub.device = "/dev/sda"; initrd = { availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; kernelModules = [ "nvme" ]; }; }; fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; zramSwap.enable = true; ### END Hetzner stuff time.timeZone = "Europe/Amsterdam"; system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; services.openssh = { enable = true; settings = { PasswordAuthentication = false; }; }; services.tailscale.enable = true; security.apparmor = { enable = true; killUnconfinedConfinables = true; }; security.protectKernelImage = true; # sops.defaultSopsFile = ./secrets.yaml; # sops.secrets = { # wireguard_key = { }; # }; system.stateVersion = "23.05"; }