{ system = "x86_64-linux"; sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8mi9ZKPdhn20g9gyxE7NYBq/vAKemW4lhaQlLw5QVc"; mainInterface = "brlan"; ip4IsPrivate = true; ip4Address = "10.0.0.1"; ip4PrefixLength = 8; ip6IsPrivate = false; ip6Address = "2a03:4000:4d:5e:acab::1"; ip6PrefixLength = 112; configuration = { node, secrets, config, ctucxConfig, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./impermanence.nix ctucxConfig.configure.router ctucxConfig.configure.smarthome ctucxConfig.services.prometheus-exporters ctucxConfig.services.restic-server ctucxConfig.services.ca # website / webservices ctucxConfig.websites."photos.katja.wtf" ctucxConfig.websites."music.home.ctu.cx" ctucxConfig.websites."audiobooks.home.ctu.cx" ctucxConfig.websites."fedi.home.ctu.cx" ctucxConfig.websites."gomuks.ctu.cx" # syncthing (and it's backup) ./syncthing.nix ./backupScript.nix ./scanner-sftp.nix ]; home-manager.users.katja.imports = [ ctucxConfig.homeManager.programs.yt-dlp ctucxConfig.homeManager.programs.ocrmypdf ]; age.secrets.resticServerBriefkasten.file = secrets.allNodes.resticServer.briefkasten; age.secrets.resticServerWanderduene.file = secrets.allNodes.resticServer.wanderduene; dns.zones."katja.wtf".subdomains = { "home.infra".AAAA = [ node.ip6Address ]; }; boot = { kernelModules = [ "intel_rapl_common" ]; # seems to make realtek ethernet faster? kernelParams = [ "pcie_aspm=off" ]; initrd.network.ssh.hostKeys = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ]; }; systemd.network.networks."5-mainInterface".enable = false; services = { ntfysh-notify.enable = true; usbmuxd.enable = true; logind.powerKey = "ignore"; }; powerManagement.cpuFreqGovernor = "powersave"; hardware.cpu.intel.updateMicrocode = true; system.stateVersion = "22.11"; # Did you read the comment? home-manager.users.katja.home.stateVersion = "22.11"; }; }