{ config, pkgs, ... }: { imports = [ ./common-headless.nix ./i3.nix ./large-sw.nix ./uefi.nix ./fstrim.nix ./atmega.nix ]; environment.etc."lvm/lvm.conf".text = '' devices { issue_discards = 1 } ''; boot.initrd.luks.devices = { sda_crypt = { device = "/dev/disk/by-partuuid/00292928-0088-4887-9e5d-2f2eccb4816f"; preLVM = true; allowDiscards = true; }; }; networking = { hostName = "decoysnail"; hostId = "cf04f682"; }; services.openssh.enable = true; hardware.cpu.intel.updateMicrocode = true; services.thermald.enable = true; virtualisation.docker = { enable = true; storageDriver = "overlay2"; }; users.extraUsers.gebner.extraGroups = [ "docker" ]; hardware.opengl = { extraPackages = with pkgs; [ beignet ]; driSupport32Bit = true; }; #services.avahi.nssmdns = true; #services.nscd.enable = pkgs.lib.mkOverride 10 true; services.openssh.forwardX11 = true; system.stateVersion = "19.09"; networking.wireguard.interfaces.wg0 = { ips = ["10.59.0.4/16"]; privateKeyFile = "/etc/wgkeys/decoysnail"; allowedIPsAsRoutes = true; postSetup = '' ${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org' ${pkgs.systemd}/bin/resolvectl dns wg0 10.57.0.1 ''; peers = [{ publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4="; allowedIPs = ["10.56.0.0/14" "10.60.1.1"]; # endpoint = "mtlaa-gw.gebner.org:35869"; # endpoint = "84.112.114.160:35869"; endpoint = "127.0.0.1:35869"; persistentKeepalive = 25; }]; }; systemd.services.wstunnel = { path = [ pkgs.wstunnel ]; wantedBy = [ "wireguard-wg0.service" ]; after = [ "network.target" ]; script = '' wstunnel -L 35869:htdf-gw.gebner.org:35869 -u wss://gebner.org ''; }; services.resolved = { domains = []; enable = true; }; services.xserver = { videoDrivers = [ "intel" ]; }; fonts.fontconfig = { subpixel.rgba = "none"; }; }