{ system = "x86_64-linux"; nixpkgsStable = true; id = 4; domain = "fc9f.de"; sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANWOi6NMsfZ8wXOj/DXc092yajzG3VjPfRE0M9pViGh"; wgPublicKey = "CdnaBQL7c7zX0ORKhYyXp3HZ1kjqoEIGW03/mCCwAgI="; syncthingId = "JUIJQZE-AWVYZIZ-CR6E66M-TAJIRDH-NEPEPZW-FHO37MJ-QM2MV5Q-OFJTEQI"; hardware = { cpuVendor = "amd"; allowHibernation = false; }; networking = { primaryInterface = "enp3s0f0"; ip4IsPrivate = true; ip4Address = "192.168.2.110"; ip4PrefixLength = 24; defaultGateway4 = "192.168.2.1"; ip6IsPrivate = false; ip6Address = "2a03:4000:4d:5e:acab::4"; ip6PrefixLength = 128; dn42 = { ip6Address = "fd6b:6174:6a61::4"; ip6PrefixLength = 128; }; }; nixosConfiguration = { lib, pkgs, ... }: { boot.initrd.systemd.emergencyAccess = true; boot.initrd.availableKernelModules = [ "ehci_pci" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "uas" ]; boot.initrd.luks.devices = { data.device = "/dev/disk/by-partlabel/cuvier-data"; backup.device = "/dev/disk/by-partlabel/cuvier-backup"; }; systemd.tmpfiles.settings."mounts" = { "/mnt/music".d = { mode = "0755"; user = "zaphyra"; group = "users"; }; "/mnt/syncthing".d = { mode = "0750"; user = "zaphyra"; group = "users"; }; "/mnt/restic".d = { mode = "0700"; user = "restic"; group = "restic"; }; }; fileSystems = { "/mnt/music" = { device = "/dev/mapper/data"; options = [ "subvol=music" "compress=zstd" "discard=async" ]; }; "/mnt/syncthing" = { device = "/dev/mapper/data"; options = [ "subvol=syncthing" "compress=zstd" "discard=async" ]; }; "/mnt/restic" = { device = "/dev/mapper/backup"; options = [ "subvol=restic" "discard=async" ]; }; }; services.syncthing.settings.folders.zaphyra-music-orig.path = "/mnt/music"; sops.secrets = { wgPrivateKey = { owner = "systemd-network"; group = "systemd-network"; }; }; systemd.services.docker.path = [ pkgs.nftables ]; security.lockKernelModules = lib.mkForce false; networking.firewall.trustedInterfaces = [ "docker0" "br-88669f4be391" ]; virtualisation.docker = { enable = true; package = pkgs.docker_29; storageDriver = "btrfs"; daemon.settings = { firewall-backend = "nftables"; data-root = "/persist/system/var/lib/docker"; }; }; users.users.zaphyra.extraGroups = [ "docker" ]; services.auto-cpufreq.enable = true; common = { profiles = { nvme.enable = true; }; security = { kernel.enable = false; }; configure = { primaryNetworkInterface = { enable = true; acceptRouterAdvertisements = true; ip6Address = null; }; rootDisk.swap = { enable = true; size = "2G"; }; }; }; zpha = { websites = { "ctu.cx".enable = true; "fedi.ctu.cx".enable = true; "hass.zaphyra.eu".enable = true; "gomuks.zaphyra.eu".enable = true; "things.zaphyra.eu".enable = true; "music.zaphyra.eu".enable = true; "memories.zaphyra.eu".enable = true; "links.zaphyra.eu".enable = true; }; configure = { netcupTunnel.enable = true; syncthing.enable = true; floraCtl.enable = true; syncthingBackup.enable = true; }; profiles = { zaphyra.enable = true; dn42.enable = true; resticBackupTarget = { enable = true; path = "/mnt/restic"; keys = { cuvier-syncthing-zaphyra-zaphyra-db-richtlinien = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuRCzv8FO3EaUY9R36cg7RNRaRsMNEdxbUAMrU8hXXX"; cuvier-syncthing-zaphyra-documents = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPu2w5POF//j3FWQJ/h5+Upal9hqe4ytDWUX6Nsoow+1"; cuvier-syncthing-zaphyra-pictures = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZCB0e1RLyEJlu7gk45R7Y35Kal5VXOCGE+gYvVm1A+"; cuvier-syncthing-zaphyra-videos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPbM811C0WvdN+19JBm3ulyb0SMoYIhT+GLU2pXPiEA"; cuvier-syncthing-zaphyra-audiobooks = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE6+dtNnZuVqnP7Get7pQWTPRrgf4H+L/d4I69y9+M40"; cuvier-syncthing-zaphyra-music-orig = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAAvOyzZz6YgbUuYRFZH1oHbboVUAXQM0hSTXJYFFwA"; cuvier-syncthing-zaphyra-media = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjf9rztvIBVjtuJIMaSCo8nIZuLNjrlA5NoNH/0S+YK"; cuvier-navidrome = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0vCwn4H04RqiLFUVK06N1ZOhEvNgdBod1Eedu82LHP"; cuvier-things = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG9ME2e9a2BbFgTxVY5OSL0VupYxZ10SjcLeO27qBBIF"; cuvier-gotosocial = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvl23IonsUnU5nDVMjNp0W56HcT1TTuXRvFrkOay0iM"; cuvier-immich = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA8a7B0GzYf1J1Of8iwSMFQUON6CWCwnJW94K3uX95ij"; isodon-gotosocial = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID85l2Im1ff0JGp8vH8IngnjKB3K/cFiur/grPxWJbUE"; isodon-navidrome = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv54uqcNCmcbYWzA1mGPeKrh29E2+/sr08caX3jihQc"; cautus-gotosocial = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIADOmcKGelaxzS9oObFMOdfUdm/PWS6Og9IJFZlLrsvm"; cautus-memos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJZ4Y87FvE9ejTh2X01u73+iUYAbSxHz0SzgQ/oMW7W"; cautus-continuwuity = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICnwja11WL5lX7uUnuapINM5NydD9reJ1N6uIR8IrUnO"; cautus-radicale = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK98eqmXaUpbm6PrRi/n2WmQ+Oo0x8z/JQathF8OPzNU"; cautus-prosody = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDe5En9owlKsj15sgWoq0zOFuAfc7VX3ON5DJ8TPIXAP"; cautus-vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJrsALG/N1wAA9T4MzMkbdA8LKNSsi38I4AsrmKi3eN2"; cautus-gitolite = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrxAUyM6a7Rw1vjK+OyOR+9bYrWfV3L7bu05w9IPG+h"; cautus-mailserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsKAXf8yLKv+B8FIrIssxlryqRPtuajPLJ7hVRh0dbz"; }; }; }; }; }; }