{ config, pkgs, inputs, ... }: { # fuck broadcom nixpkgs.config.allowUnfree = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; time.timeZone = "Europe/Warsaw"; nix.settings = { experimental-features = [ "flakes" "nix-command" ]; trusted-users = [ "root" "@wheel" ]; }; programs.zsh.enable = true; users.users.chmura = { isNormalUser = true; extraGroups = ["wheel"]; shell = pkgs.zsh; packages = with pkgs; [ curl neovim neofetch git wireguard-tools ntfy ]; }; environment = { shells = with pkgs; [zsh]; pathsToLink = [ "/share/zsh" ]; sessionVariables = { EDITOR = "nvim"; }; }; services.openssh = { enable = true; settings = { PasswordAuthentication = true; PermitRootLogin = "yes"; }; }; services.caddy = { enable = true; virtualHosts."trollface.pl".extraConfig = '' @discord { header_regexp User-Agent (?i)(Discord) path / } rewrite @discord /trollface.png root * ${./trollface.pl} file_server ''; }; virtualisation = { podman = { enable = true; dockerCompat = true; }; oci-containers.backend = "podman"; }; networking.firewall.allowedTCPPorts = [ 80 443 22 ]; system.stateVersion = "23.11"; }