{ system = "x86_64-linux"; nixpkgsStable = true; domain = "infra.zaphyra.eu"; sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEMrPGa6PIx0UpVnbVYWR+TTbNyZPd8htTTzjQ5NBI3"; hardware = { cpuVendor = "amd"; allowHibernation = false; }; networking = { ip4IsPrivate = true; ip4Address = "192.168.2.110"; ip4PrefixLength = 24; defaultGateway4 = "192.168.2.1"; ip6IsPrivate = false; ip6Address = "2a03:4000:4d:5e:acab::3"; ip6PrefixLength = 112; hasDN42 = true; dn42Address = "fd6b:6174:6a61::10"; }; configuration = { config, lib, hostConfig, ... }: { imports = [ ./dn42.nix ./floractl.nix ]; boot.initrd.systemd.emergencyAccess = true; boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/e6ad3c7a-f1a5-4e10-a9f6-53e39297b1a3"; fileSystems."/" = { device = "/dev/disk/by-uuid/d9856f85-c995-4d85-a614-cb2977fea1de"; fsType = "btrfs"; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/2B4A-D88C"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = true; systemd.network = { config.networkConfig = { IPv6Forwarding = true; }; netdevs."5-netcup" = { netdevConfig = { Kind = "dummy"; Name = "netcup"; }; }; netdevs."20-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; }; wireguardConfig = { PrivateKeyFile = config.sops.secrets."dn42/wgPrivateKey".path; ListenPort = 51820; }; wireguardPeers = [ { Endpoint = "novus.infra.zaphyra.eu:51820"; PublicKey = "J+kRRNU65JGc0yk04v6P3tFwHSQOIfq8EkfD2gFupg4="; AllowedIPs = [ "::/0" ]; PersistentKeepalive = 10; } ]; }; networks."5-enp3s0f0" = { enable = true; name = "enp3s0f0"; dns = [ "1.1.1.1" "8.8.8.8" "9.9.9.9" ]; gateway = [ hostConfig.networking.defaultGateway4 ]; address = [ "${hostConfig.networking.ip4Address}/${toString hostConfig.networking.ip4PrefixLength}" ]; routingPolicyRules = [ ]; networkConfig.IPv6AcceptRA = true; }; networks."10-netcup" = { enable = true; name = "netcup"; address = [ "${hostConfig.networking.ip6Address}/${toString hostConfig.networking.ip6PrefixLength}" ]; routingPolicyRules = [ # { # From = "2a03:4000:4d:5e:acab::/112"; # Table = 254; # Priority = 1900; # SuppressPrefixLength = 0; # } { From = "2a03:4000:4d:5e:acab::/112"; Table = 1234; Priority = 2000; } ]; }; networks."20-wg0" = { matchConfig.Name = "wg0"; linkConfig.RequiredForOnline = false; routes = [ { Destination = "::/0"; Table = "1234"; } ]; }; }; networking.firewall = { checkReversePath = "loose"; }; modules = { presets = { base.enable = true; zaphyra = { enable = true; syncthing.enable = true; }; }; websites = { # "restic.pratorum.infra.zaphyra.eu".enable = true; "music.zaphyra.dn42".enable = true; "continuwuity-migration.zaphyra.eu".enable = true; #old fedi-instance "ctu.cx".enable = true; "fedi.ctu.cx".enable = true; }; users.zaphyra.enable = true; }; system.stateVersion = "25.05"; home-manager.users.zaphyra.home.stateVersion = "25.05"; }; }