{ pkgs, modulesPath, lib, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; systemd.services."NetworkManager-wait-oline".enable = false; networking = { nameservers = ["9.9.9.9" "149.112.112.112"]; hostName = "katzen-cafe"; networkmanager = { enable = true; unmanaged = ["interface-name:ve-phtanumb+" "interface-name:ve-katzenwiki" "interface-name:ve-nextcloud"]; }; firewall.allowedTCPPorts = [22 80 443 2222]; firewall.checkReversePath = false; # firewall.allowedUDPPorts = [ 25568 25569 ]; nat = { enable = true; internalInterfaces = ["ve-phtanumb+" "ve-katzenwiki" "ve-nextcloud"]; externalInterface = "enp1s0"; }; interfaces."enp1s0" = { ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::"; prefixLength = 64; } ]; ipv4.addresses = [ { address = "91.107.221.11"; prefixLength = 32; } ]; }; defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; }; defaultGateway = { address = "172.31.1.1"; interface = "enp1s0"; }; }; boot = { kernelPackages = pkgs.linuxPackages_latest; kernelParams = ["console=tty"]; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; initrd = { availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid" "sr_mod"]; kernelModules = ["virtio_gpu"]; }; }; programs.mosh.enable = true; users.defaultUserShell = pkgs.nushell; services.openssh = { enable = true; settings.PermitRootLogin = "prohibit-password"; }; environment.systemPackages = with pkgs; [ helix wget neofetch btop ]; fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; fileSystems."/boot" = { device = "/dev/sda3"; fsType = "vfat"; }; swapDevices = [ { device = "/dev/sda2"; } ]; nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 14d"; }; virtualisation.docker.autoPrune.enable = true; }