{ nodes, config, lib, pkgs, ... }: { deployment.buildOnTarget = false; #this enables the following services: dns deployment.tags = [ "dnsServer" ]; documentation.nixos.enable = false; imports = [ ./hardware-configuration.nix ]; dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP); boot = { # Use the systemd-boot EFI boot loader. loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; initrd.network = { enable = true; ssh = { enable = true; port = 22; hostKeys = [ /etc/ssh/ssh_host_rsa_key ]; authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users); }; postCommands = '' ip link set dev ens3 up ip addr add ${config.networking.primaryIP}/128 dev ens3 ip route add default via fe80::1 dev ens3 onlink ip addr add ${config.networking.primaryIP4}/22 dev ens3 ip route add default via 89.58.40.1 dev ens3 onlink echo 'cryptsetup-askpass' >> /root/.profile ''; }; }; networking = { primaryIP = "2a03:4000:66:f61::1"; primaryIP4 = "89.58.41.187"; resolvconf.enable = false; nameservers = [ "8.8.8.8" "1.1.1.1" ]; defaultGateway = { interface = "ens3"; address = "89.58.40.1"; }; defaultGateway6 = { interface = "ens3"; address = "fe80::1"; }; interfaces.ens3 = { ipv4.addresses = [{ address = config.networking.primaryIP4; prefixLength = 24; }]; ipv6.addresses = [{ address = config.networking.primaryIP; prefixLength = 64; }]; }; }; ctucxConfig.programs = { gpg.enable = false; ssh.enable = false; git.enable = false; }; system.stateVersion = "23.05"; home-manager.users.leah.home.stateVersion = "23.05"; }