{ config, lib, pkgs, ... }: { imports = [./hardware-configuration.nix]; nix = { settings = { experimental-features = ["nix-command" "flakes"]; trusted-users = ["@wheel"]; auto-optimise-store = true; }; gc = { automatic = true; dates = "daily"; options = "--delete older-than 3d"; }; }; security.sudo.wheelNeedsPassword = false; networking = { useNetworkd = true; firewall.allowedTCPPorts = [22]; }; systemd.network = { enable = true; netdevs."br0" = { netdevConfig = { Name = "br0"; Kind = "bridge"; }; }; networks = { "10-lan" = { matchConfig.Name = ["ens18" "vm-*"]; networkConfig = { Bridge = "br0"; }; }; "10-lan-bridge" = { matchConfig.Name = "br0"; networkConfig = { Address = [""]; Gateway = ""; DNS = [""]; IPv6AcceptRA = true; }; linkConfig.RequiredForOnline = "routable"; }; }; }; time.timeZone = "Europe/Paris"; i18n.defaultLocale = "fr_FR.UTF-8"; console = { useXkbConfig = true; # use xkb.options in tty. }; users.users = { tbarnouin = { isNormalUser = true; description = "Théo Barnouin"; extraGroups = [ "networkmanager" "wheel" "libvirtd" "docker" "render" "video" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos" ]; }; root = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos" ]; }; }; environment.systemPackages = with pkgs; [ vim htop wget curl git neofetch libvirt qemu_kvm nmap ]; services = { openssh = { enable = true; settings = { PasswordAuthentication = false; X11Forwarding = false; PermitRootLogin = "prohibit-password"; }; }; qemuGuest.enable = true; }; system.stateVersion = "24.11"; # Did you read the comment? }