{ config, ... }: let username = config.myOptions.other.system.username; in { nixpkgs = { # fuck broadcom config.allowUnfree = true; }; boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; time.timeZone = "Europe/Warsaw"; nix.settings = { experimental-features = [ "flakes" "nix-command" ]; trusted-users = [ "root" username ]; }; users.users.${username} = { extraGroups = [ "docker" ]; }; services.caddy = let redirToFlake = '' redir https://git.jacekpoz.pl/jacekpoz/niksos ''; in { enable = true; virtualHosts."test.jacekpoz.pl".extraConfig = '' reverse_proxy * localhost:3001 ''; virtualHosts."f.jacekpoz.pl".extraConfig = '' root * /srv file_server ''; virtualHosts."flake.jacekpoz.pl".extraConfig = redirToFlake; virtualHosts."flake.jpoz.pl".extraConfig = redirToFlake; }; virtualisation = { podman = { enable = true; dockerCompat = true; }; oci-containers.backend = "podman"; }; networking.firewall.allowedTCPPorts = [ 80 443 22 ]; myOptions = { other = { system = { hostname = "chmura"; username = "chmura"; }; home-manager.enable = true; }; programs = { git = { enable = true; userName = "jacekpoz"; userEmail = "jacekpoz@cock.li"; signingKey = "0EEE6B0C9A8CC06820E59C3894E812A8B12AAE3C"; defaultBranch = "master"; }; starship.enable = true; zsh.enable = true; btop.enable = true; neovim.enable = true; helix.enable = true; }; services.ssh = { agent.enable = false; daemon.enable = true; }; }; system.stateVersion = "23.11"; }