{ system = "x86_64-linux"; sshPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8uAvUnwhg3pnCdaaoclWDKV275SyNSyrkJON+R5Boi"; mainInterface = "ens3"; ip4IsPrivate = false; ip4Address = "194.36.145.49"; ip4PrefixLength = 22; defaultGateway4 = "194.36.144.1"; ip6IsPrivate = false; ip6Address = "2a03:4000:4d:5e::1"; ip6PrefixLength = 64; defaultGateway6 = "fe80::1"; configuration = { node, secrets, config, dnsNix, ctucxConfig, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ctucxConfig.services.prometheus-exporters ctucxConfig.services.dns-server ctucxConfig.websites."ip.ctu.cx" ctucxConfig.websites."flauschehorn.katja.wtf" ctucxConfig.websites."conduwuit.ctucx.de" ctucxConfig.websites."grapevine.ctucx.de" ./rclone-restic-server.nix ./syncthing.nix ]; documentation.nixos.enable = false; age.secrets.wireguardPrivKey = { file = secrets.wanderduene.wireguardPrivKey; owner = "systemd-network"; group = "systemd-network"; }; boot.kernel.sysctl."net.ipv6.conf.all.proxy_ndp" = true; networking.firewall.allowedUDPPorts = [ config.systemd.network.netdevs."20-wg0".wireguardConfig.ListenPort ]; systemd.network = { config.networkConfig = { IPv6Forwarding = true; }; netdevs."20-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; }; wireguardConfig = { PrivateKeyFile = config.age.secrets.wireguardPrivKey.path; ListenPort = 51820; FirewallMark = 51820; }; wireguardPeers = [{ PublicKey = "nvyhYuWJl/dKyV/2+bDrUisvL3mi38PsNzfdIDDwSjY="; AllowedIPs = [ "2a03:4000:4d:5e:acab::/112" ]; PersistentKeepalive = 10; }]; }; networks."5-mainInterface".enable = true; networks."20-wg0" = { name = "wg0"; routes = [{ Destination = "2a03:4000:4d:5e:acab::/112"; }]; linkConfig.RequiredForOnline = false; }; }; services.ntfysh-notify.enable = true; services.ndppd = { enable = true; proxies.ens3.rules."2a03:4000:4d:5e:acab::/112" = { method = "iface"; interface = "wg0"; }; }; system.stateVersion = "23.05"; home-manager.users.katja.home.stateVersion = "23.05"; }; }