{ config, pkgs, ... }: { imports = [ ./common.nix ./large-sw.nix ./uefi.nix ./fstrim.nix ]; environment.etc."lvm/lvm.conf".text = '' devices { issue_discards = 1 } ''; boot.initrd.luks.devices = [ { name = "sda2_crypt"; device = "/dev/disk/by-uuid/6c687d35-1b43-4799-b71c-a5b5c21b3e2a"; preLVM = true; } { name = "sdb2_crypt"; device = "/dev/disk/by-uuid/d3485d00-8399-40cc-8bce-80b9bd24e63a"; preLVM = true; allowDiscards = true; } ]; networking = { hostName = "decoysnail"; hostId = "cf04f682"; }; services.openssh.enable = true; hardware.cpu.intel.updateMicrocode = true; services.thermald.enable = true; virtualisation.docker = { enable = true; storageDriver = "overlay2"; }; users.extraUsers.gebner.extraGroups = [ "docker" ]; hardware.opengl = { extraPackages = with pkgs; [ beignet ]; driSupport32Bit = true; }; services.openssh.forwardX11 = true; system.stateVersion = "18.03"; networking.wireguard.interfaces.wg0 = { ips = ["10.59.0.4/16"]; privateKeyFile = "/etc/wgkeys/decoysnail"; allowedIPsAsRoutes = true; postSetup = '' printf "nameserver 10.57.0.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0 ''; postShutdown = '' ${pkgs.openresolv}/bin/resolvconf -d wg0 ''; peers = [{ publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4="; allowedIPs = ["10.56.0.0/14" "10.60.1.1"]; endpoint = "mtlaa-gw.gebner.org:35869"; persistentKeepalive = 25; }]; }; }