{ config, myData, ... }: let nvme = "/dev/disk/by-id/nvme-WD_PC_SN810_SDCQNRY-1T00-1201_23234W800017"; in { imports = [ ../../shared/work ../../modules ../../modules/profiles/desktop ../../modules/profiles/autorandr ../../modules/profiles/btrfs ]; boot = { kernelModules = ["kvm-intel"]; loader.systemd-boot.enable = true; initrd = { availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usbhid"]; systemd.enableTpm2 = true; luks.devices = { luksroot = { device = "${nvme}-part3"; allowDiscards = true; }; }; }; }; swapDevices = [ { device = "${nvme}-part2"; randomEncryption.enable = true; } ]; fileSystems = { "/" = { device = "/dev/mapper/luksroot"; fsType = "btrfs"; options = ["compress=zstd"]; }; "/boot" = { device = "${nvme}-part1"; fsType = "vfat"; }; }; hardware.cpu.intel.updateMicrocode = true; nixpkgs.hostPlatform = "x86_64-linux"; systemd.services.zfs-mount.enable = false; mj = { stateVersion = "23.11"; timeZone = "Europe/Vilnius"; username = "motiejus"; base.users = { enable = true; devTools = true; root.hashedPasswordFile = config.age.secrets.root-work-passwd-hash.path; user.hashedPasswordFile = config.age.secrets.motiejus-work-passwd-hash.path; }; services = { sshguard.enable = false; tailscale = { enable = true; verboseLogs = true; }; wifibackup = { enable = true; toPath = "/home/${config.mj.username}/M-Active/.wifi"; toUser = config.mj.username; }; remote-builder.client = let host = myData.hosts."fra1-a.servers.jakst"; in { enable = true; inherit (host) system supportedFeatures; hostName = host.jakstIP; sshKey = "/etc/ssh/ssh_host_ed25519_key"; }; node_exporter = { enable = true; extraSubnets = [myData.subnets.vno1.cidr]; }; deployerbot = { follower = { inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey; enable = true; uidgid = myData.uidgid.updaterbot-deployee; sshAllowSubnets = with myData.subnets; [tailscale.sshPattern]; }; }; #postfix = { # enable = true; # saslPasswdPath = config.age.secrets.sasl-passwd.path; #}; syncthing = { enable = true; dataDir = "/home/motiejus/"; user = "motiejus"; group = "users"; }; #remote-builder.client = let # host = myData.hosts."fra1-a.servers.jakst"; #in { # enable = true; # inherit (host) system supportedFeatures; # hostName = host.jakstIP; # sshKey = "/etc/ssh/ssh_host_ed25519_key"; #}; }; }; users.extraGroups.vboxusers.members = ["motiejus"]; security.tpm2.enable = true; networking = { hostId = "b14a02aa"; hostName = "mtworx"; domain = "motiejus.jakst"; firewall.rejectPackets = true; }; }