{ config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; nix.settings = { experimental-features = [ "nix-command" "flakes" ]; trusted-users = [ "@wheel" ]; }; boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only boot.kernel.sysctl."vm.swapiness" = 1; networking.useNetworkd = true; systemd.network.enable = true; systemd.network.networks."10-lan" = { matchConfig.Name = ["enp1s0" "vm-*"]; networkConfig = { Bridge = "br0"; }; }; systemd.network.netdevs."br0" = { netdevConfig = { Name = "br0"; Kind = "bridge"; }; }; systemd.network.networks."10-lan-bridge" = { matchConfig.Name = "br0"; networkConfig = { Address = ["192.168.122.31/24"]; Gateway = "192.168.122.1"; DNS = ["192.168.122.1"]; IPv6AcceptRA = true; }; linkConfig.RequiredForOnline = "routable"; }; time.timeZone = "Europe/Paris"; i18n.defaultLocale = "fr_FR.UTF-8"; console = { useXkbConfig = true; # use xkb.options in tty. }; users.users = { tbarnouin = { isNormalUser = true; description = "Théo Barnouin"; extraGroups = [ "networkmanager" "wheel" "libvirtd" "docker" "render" "video" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos" ]; }; root = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos" ]; }; }; environment.systemPackages = with pkgs; [ vim htop wget curl git neofetch libvirt qemu_kvm nmap ]; services.openssh = { enable = true; settings = { PasswordAuthentication = false; X11Forwarding = false; PermitRootLogin = "prohibit-password"; }; }; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 22 ]; #networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. networking.firewall.enable = false; system.stateVersion = "24.05"; # Did you read the comment? }