{ pkgs, ... }: { imports = [ ./hardware-configuration.nix ../modules/nixin-base.nix ../modules/nginx.nix ../modules/wireguard-client.nix ../modules/users.nix ../modules/nixin-web.nix ]; boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; "net.ipv6.conf.all.forwarding" = 1; }; nixin.wg.client = { ipv4 = "192.168.12.5/32"; ipv6 = "2a01:4f9:1a:9a05::5/128"; allowedIPs = [ "192.168.12.0/24" "2a01:4f9:1a:9a05::/64" ]; endpoint = "vpn.lab12.fr:51812"; endpointKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w="; }; nixin.web = { domain = "nixin.sanji.mrflos.pw"; http-port = 8081; }; nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ neovim magic-wormhole git ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; i18n.defaultLocale = "en_US.UTF-8"; services.openssh = { enable = true; ports = [ 4222 ]; }; networking = { hostName = "sanji"; firewall = { enable = true; allowedTCPPorts = [ 80 4222 443 8081 ]; allowedUDPPortRanges = [ { from = 60000; to = 61000; } ]; }; nat = { enable = true; internalIPs = [ "10.10.5.0/24" ]; externalInterface = "enp0s31f6"; }; bridges = { "br0" = { interfaces = [ ]; }; }; interfaces = { enp0s31f6 = { useDHCP = true; }; # interface for containers virtual network br0 = { useDHCP = false; ipv4.addresses = [ { address = "10.10.5.1"; prefixLength = 24; } ]; }; }; }; system.copySystemConfiguration = true; system.stateVersion = "24.11"; }