firewall.allowedUDPPorts = [ 43484 ];
# needed for initrd proper network setup too
useDHCP = lib.mkDefault true;
+ interfaces."enp0s31f6".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
+ (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
+ config.hostEnv.ips);
+ defaultGateway6 = {
+ address = "fe80::1";
+ interface = "enp0s31f6";
+ };
+ nameservers = [
+ "185.12.64.1"
+ "185.12.64.2"
+ "2a01:4ff:ff00::add:1"
+ "2a01:4ff:ff00::add:2"
+ ];
wireguard.interfaces.wg0 = {
generatePrivateKeyFile = true;
};
};
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+ powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.enableRedistributableFirmware = lib.mkDefault true;
system.activationScripts.createDatasets = {
# ssh-keyscan zoldene | nix-shell -p ssh-to-age --run ssh-to-age
secrets.ageKeys = [ "age1rqr7qdpjm8fy9nf3x07fa824v87n40g0ljrgdysuayuklnvhcynq4c8en8" ];
+ system.activationScripts.wrappers = {
+ text = ''
+ # wrappers was migrated to systemd, which happens before activation
+ '';
+ };
+ nixpkgs.overlays = [
+ (self: super: {
+ postgresql_system = self.postgresql_16;
+ })
+ ];
}