{ config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ./nginx.nix ./tinc.nix ./codimd.nix ./bitwarden.nix #./syncplay.nix ]; nix = { package = pkgs.nixUnstable; extraOptions = '' experimental-features = nix-command flakes ''; }; networking.hostName = "sputnik"; networking.useDHCP = true; boot.kernelParams = [ "net.ifnames=0" ]; boot.loader.grub = { enable = true; version = 2; device = "/dev/sda"; }; # nix-shell -p speedtest_cli --run speedtest configuration.fireqos = { enable = true; interface = "eth0"; input = 55000; output = 4000; balance = false; }; services.custom.ssh.sshd.rootKeyFiles = [ (toString ) ]; # make sure ssh is only available trough the tinc networking.firewall.extraCommands = '' iptables -t nat -A PREROUTING ! -i tinc.private -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 0 ''; # enable all subdomains to be reached to make nginx rules easier services.dnsmasq = with lib; { enable = true; extraConfig = '' ${concatStringsSep "\n" (flip mapAttrsToList config.module.cluster.services.tinc."private".hosts (name: attrs: "address=/.${name}.private/${attrs.tincIp}"))} ''; }; }