{ zentralwerk, config, lib, pkgs, ... }: { microvm = { mem = 4024; writableStoreOverlay = "/nix/.rw-store"; volumes = [ { image = "/dev/zvol/tank/storage/leoncloud/nix-store-overlay"; mountPoint = config.microvm.writableStoreOverlay; size = 32 * 1024; } ]; }; nix.settings.auto-optimise-store = lib.mkForce false; c3d2.deployment = { server = "server9"; mounts = [ "etc" "home" "var"]; autoNetSetup = true; }; networking = { hostName = "leoncloud"; firewall.enable = true; }; security.sudo = { enable = true; wheelNeedsPassword = false; }; c3d2.hq.statistics.enable = true; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ wget vim python3Full python310Packages.pip nmap htop wireguard-tools docker-compose ]; users.users.leoncloud = { isNormalUser = true; extraGroups = [ "wheel" "docker" ]; createHome = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2zpmWA3Z9zshWaU8k1SWyJnbAyasOu9pV+9BvTY0XE leon@¯\_(ツ)_/¯" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPZoT83l0ogbJpviBs4VmO+NdF4NPtYAnyf8RRSoXsv leon@leon" ]; }; networking.firewall = { allowedTCPPorts = [ 80 443 22 ]; allowedUDPPorts = [ 18800 ]; }; #------------------DOCKER---------------------------- virtualisation.docker.enable = true; #------------------DOCKER---------------------------- #------------------Wireguard-client---------------------------- # Enable WireGuard networking.wireguard.interfaces = { vpn = { ips = [ "10.10.11.4/24" ]; privateKeyFile = "/etc/nixos/wireguard-keys/private-key"; peers = [ { publicKey = "w3qegSSuqFTFrGk4XJaWBSwGDOiqbnnAIR9MzwjYVA8="; allowedIPs = [ "10.10.11.0/24" ]; endpoint = "45.158.40.162:18900"; persistentKeepalive = 25; } ]; }; }; #------------------End---------------------------- system.stateVersion = "22.05"; }