{ config, pkgs, ... }: let pubkeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230" ]; hostname = "architect"; network = import ./network.nix; in { imports = [ # Include the results of the hardware scan. ./backup.nix ./hardware.nix ./firewall.nix ./nginx.nix ./gitea.nix ./sonarr.nix ./radarr.nix ./bazarr.nix ./nzbget.nix ./nextcloud.nix ./wireguard.nix ./minio.nix ./matrix.nix ./fail2ban.nix ./dns.nix ./minecraft.nix ./prowlarr.nix ./libreddit.nix ./invidious.nix ./nitter.nix ./lidarr.nix ./navidrome.nix ./jellyfin.nix ./prosody.nix ./deluge.nix ./calibre.nix ../../cachix.nix ./docker.nix ./keycloak.nix ]; time.timeZone = "Europe/Rome"; system.stateVersion = "21.11"; users.users.giulio.openssh.authorizedKeys.keys = pubkeys; boot = { initrd = { availableKernelModules = [ "igc" "r8169" ]; network = { enable = true; ssh = { enable = true; port = 22; hostKeys = [ /secrets/ssh_host_rsa_key ]; authorizedKeys = pubkeys; }; }; }; }; services.fwupd.enable = true; boot = { kernelParams = [ "ip=${network.architect-lan}::10.0.0.1:255.255.255.0::${network.wan-if}:off" "nvme_core.default_ps_max_latency_us=5500" "zfs_arc_max=1073741824" "memmap=32M$0x4ca6f9478" ]; kernel.sysctl = { "net.ipv4.ip_forward" = 1; }; loader = { systemd-boot = { enable = true; memtest86.enable = true; }; efi.canTouchEfiVariables = true; }; supportedFilesystems = [ "zfs" ]; zfs.requestEncryptionCredentials = true; tmpOnTmpfsSize = "50%"; }; networking = { hostName = hostname; hostId = "49350853"; useDHCP = false; defaultGateway = "10.0.0.1"; interfaces = { enp5s0.ipv4.addresses = [{ address = network.architect-lan; prefixLength = 24; }]; enp6s0.useDHCP = false; wlp4s0.useDHCP = false; }; extraHosts = '' 127.0.0.1 ${hostname}.devs.giugl.io localhost # LAN ${network.architect-lan} ${hostname}.devs.giugl.io ${network.dvr-lan} dvr.devs.giugl.io ${network.nas-lan} nas.devs.giugl.io 192.168.1.1 vodafone.station # Blacklist 0.0.0.0 metrics.plex.tv 0.0.0.0 analytics.plex.tv 0.0.0.0 cdn.luckyorange.com 0.0.0.0 w1.luckyorange.com 0.0.0.0 browser.sentry-cdn.com 0.0.0.0 analytics.facebook.com 0.0.0.0 ads.facebook.com 0.0.0.0 extmaps-api.yandex.net 0.0.0.0 logservice.hicloud.com 0.0.0.0 logbak.hicloud.com 0.0.0.0 logservice1.hicloud.com 0.0.0.0 samsung-com.112.2o7.net 0.0.0.0 supportmetrics.apple.com 0.0.0.0 analytics.oneplus.cn 0.0.0.0 click.oneplus.cn 0.0.0.0 analytics-api.samsunghealthcn.com ''; }; environment.systemPackages = with pkgs; [ cachix ]; hardware = { opengl.enable = true; opengl.extraPackages = with pkgs; [ vaapiVdpau ]; opengl.driSupport = true; }; services.das_watchdog.enable = true; services = { zfs.autoScrub.enable = true; xserver.videoDrivers = [ "nvidia" ]; openssh = { enable = true; passwordAuthentication = false; kbdInteractiveAuthentication = false; extraConfig = '' MaxAuthTries 15 ''; }; smartd.enable = true; }; environment.variables = { LIBVA_DRIVER_NAME = "vdpau"; }; }