nixos-config/configurations/camelot/default.nix

{
  pkgs,
  config,
  lib,
  ...
}:
{
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usbhid"
    "usb_storage"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.swraid.enable = true;
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  filesystems = [
    {
      mountpoint = "/";
      deviceUUID = "966d0ec0-7a7b-4987-91cf-6493e9f5126c";
      fsType = "ext4";
    }
    {
      mountpoint = "/srv";
      deviceUUID = "329fe696-ad2f-4a86-b45f-8b143daf02d2";
      fsType = "ext4";
    }
    {
      mountpoint = "/boot";
      deviceUUID = "901B-0D68";
      fsType = "vfat";
    }
  ];

  imports = [
    ./jellyfin.nix
    ./wireguard.nix
    ./nextcloud.nix
    ./gotosocial.nix
  ];

  swapDeviceUUID = "a7c628ab-c5cb-4094-89d0-19b153fbead4";

  server.networking.enableSSH = true;

  services.nginx = {
    enable = true;
    clientMaxBodySize = "40m";

    virtualHosts."dalaran.fr" = {
      default = true;
      enableACME = true;
      forceSSL = true;
    };
  };

  environment.systemPackages = with pkgs; [
    neovim
    git
  ];

  hwAccelerationGPU = "intel";

  # System secrets
  sops = {
    gnupg.sshKeyPaths = [ ];
    age = {
      sshKeyPaths = [ ];
      keyFile = "/var/lib/sops-nix/key.txt";
    };
    defaultSopsFile = ./secrets/secrets.yaml;
    secrets = {
      wg0_private = { };
      wg1_private = { };
      nextcloud_admin_pw = {
        owner = config.users.users.nextcloud.name;
      };
    };
  };

  machineUsers = {
    dala = {
      description = "Dala";
      groups = [ "wheel" ];
      uid = 1000;
      shell = pkgs.bash;
    };
  };
}