{ pkgs, inputs, lib, config, ... }: let inherit (inputs) disko home-manager; in { imports = [ disko.nixosModules.disko home-manager.nixosModules.home-manager ./disko-config.nix ./hardware-configuration.nix ]; config = { age.secrets.k3s.file = ../../../secrets/k3s.age; my_users.enable = true; my_nix.enable = true; my_k3s = { enable = true; role = "agent"; tokenFile = config.age.secrets.k3s.path; clusterInit = false; serverAddr = "https://10.222.0.87:6443"; nodeIp = "10.222.0.???"; iface = "ztxh6lvd6t"; }; networking.hostName = "nut-gc2"; boot = { tmp.cleanOnBoot = true; loader.grub.enable = true; kernel.sysctl = { "net.ipv4.ip_forward" = 1; }; }; time.timeZone = "Asia/Singapore"; services.udev.extraRules = '' ATTR{address}=="00:72:f1:f7:47:db", NAME="ens3" ''; networking = { nameservers = [ "1.1.1.1" "8.8.8.8" ]; defaultGateway = { address = "103.149.46.126"; interface = "ens3"; }; defaultGateway6 = { address = "2a11:8083:11::1"; interface = "ens3"; }; dhcpcd.enable = false; usePredictableInterfaceNames = lib.mkForce true; interfaces = { ens3 = { ipv4.addresses = [ { address = "103.149.46.7"; prefixLength = 25; } ]; ipv6.addresses = [ { address = "2a11:8083:11:13d4::a"; prefixLength = 64; } { address = "fe80::272:f1ff:fef7:47db"; prefixLength = 64; } ]; ipv4.routes = [ { address = "103.149.46.126"; prefixLength = 32; } ]; ipv6.routes = [ { address = "2a11:8083:11::1"; prefixLength = 128; } ]; }; }; firewall = { enable = true; allowedTCPPorts = [ 22 ]; trustedInterfaces = [ "tailscale0" "ztxh6lvd6t" ]; }; }; services.openssh = { enable = true; settings.PasswordAuthentication = false; }; services.tailscale.enable = true; environment.systemPackages = with pkgs; [ git neovim btop ]; services.zerotierone = { enable = true; joinNetworks = [ "23992b9a659115b6" ]; }; system.stateVersion = "25.11"; }; }