{ pkgs, inputs, lib, config, ... }: let inherit (inputs) disko home-manager; in { imports = [ disko.nixosModules.disko home-manager.nixosModules.home-manager ./disko-config.nix ./hardware-configuration.nix ]; config = { my_users.enable = true; my_nix.enable = true; age.secrets.k3s.file = ../../../secrets/k3s.age; my_k3s = { enable = true; tokenFile = config.age.secrets.k3s.path; serverAddr = "https://10.222.0.13:6443"; extraFlags = [ "--disable=servicelb" "--disable=traefik" "--node-ip 10.222.0.249" "--flannel-iface ztxh6lvd6t" "--flannel-backend=host-gw" "--tls-san 10.222.0.249" ]; nvidia = true; }; networking.hostName = "penguin"; boot = { tmp.cleanOnBoot = true; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; initrd.network = { enable = true; ssh = { enable = true; hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; authorizedKeys = lib.concatLists ( lib.mapAttrsToList ( name: user: if lib.elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] ) config.users.users ); }; }; }; time.timeZone = "Asia/Singapore"; networking = { networkmanager.enable = true; nftables.enable = true; firewall = { enable = true; allowedTCPPorts = [ 22 3000 3001 ]; trustedInterfaces = [ "tailscale0" "ztxh6lvd6t" ]; }; }; services.openssh = { enable = true; settings.PasswordAuthentication = false; }; users.users.cs3223 = lib.snowfall.mkUser { shell = pkgs.nushell; isNormalUser = true; extraGroups = [ "wheel" ]; }; services.tailscale.enable = true; nixpkgs.config = { cudaSupport = true; }; programs._1password.enable = true; environment.systemPackages = with pkgs; [ git neovim btop ]; virtualisation.podman = { enable = true; dockerCompat = false; defaultNetwork.settings.dns_enabled = true; }; hardware.graphics.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia.open = true; services.zerotierone = { enable = true; joinNetworks = [ "23992b9a659115b6" ]; }; system.stateVersion = "25.11"; }; }