{ config, lib, pkgs, modulesPath, desktop, username, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./firewall.nix ./wireguard.nix ]; boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; # Enable LISH boot.kernelParams = [ "console=ttyS0,19200n8" ]; boot.loader.grub.extraConfig = '' serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; terminal_input serial; terminal_output serial ''; boot.loader.grub.forceInstall = true; boot.loader.grub.device = "nodev"; boot.loader.timeout = 10; fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; swapDevices = [ { device = "/dev/disk/by-label/linode-swap"; } ]; # Distributed Builds nix.distributedBuilds = true; nixpkgs.config.allowUnfree = false; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; time.timeZone = "Asia/Tokyo"; networking.hostName = "osaka-linode-01"; # networking.firewall.allowedTCPPorts = [ 22 ]; # Generic Tailscale configs are in /nixos/common/services/tailscale.nix # Set up the secrets file: sops.secrets."tailscale_keys/osaka-linode-01" = { owner = "root"; sopsFile = ../../../secrets/tailscale.yaml; restartUnits = [ "tailscaled.service" "tailscaled-autoconnect.service" ]; }; services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/osaka-linode-01"; services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; }