{ lib, ... }: let inherit (lib.my) net; inherit (lib.my.c) pubDomain; inherit (lib.my.c.britnet) domain pubV4; in { nixos.systems.britnet = { system = "x86_64-linux"; nixpkgs = "mine"; assignments = { allhost = { inherit domain; ipv4 = { address = pubV4; mask = 24; gateway = "77.74.199.1"; }; ipv6 = { address = "2a12:ab46:5344:99::a"; gateway = "2a12:ab46:5344::1"; }; }; }; configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }: let inherit (lib) mkMerge mkForce; inherit (lib.my) networkdAssignment; in { imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; config = mkMerge [ { boot = { initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sr_mod" "virtio_blk" ]; loader = { systemd-boot.enable = false; grub = { enable = true; device = "/dev/vda"; }; }; }; fileSystems = { "/boot" = { device = "/dev/disk/by-uuid/457444a1-81dd-4934-960c-650ad16c92b5"; fsType = "ext4"; }; "/nix" = { device = "/dev/disk/by-uuid/992c0c79-5be6-45b6-bc30-dc82e3ec082a"; fsType = "ext4"; }; "/persist" = { device = "/dev/disk/by-uuid/f020a955-54d5-4098-98ba-d3615781d96a"; fsType = "ext4"; neededForBoot = true; }; }; services = { iperf3 = { enable = true; openFirewall = true; }; tailscale = { enable = true; authKeyFile = config.age.secrets."tailscale-auth.key".path; openFirewall = true; interfaceName = "tailscale0"; extraUpFlags = [ "--operator=${config.my.user.config.name}" "--login-server=https://hs.nul.ie" "--netfilter-mode=off" "--advertise-exit-node" "--accept-routes=false" ]; }; }; networking = { inherit domain; }; systemd.network = { links = { "10-veth0" = { matchConfig.PermanentMACAddress = "00:db:d9:62:68:1a"; linkConfig.Name = "veth0"; }; }; networks = { "20-veth0" = mkMerge [ (networkdAssignment "veth0" assignments.allhost) { dns = [ "1.1.1.1" "1.0.0.1" ]; routes = [ { # Gateway is on a different network for some reason... Destination = "2a12:ab46:5344::1"; Scope = "link"; } ]; } ]; }; }; my = { server.enable = true; secrets = { key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIEx+1EC/lN6WKIaOB+O5LJgVHRK962YpZEPQg/m78O"; files = { "tailscale-auth.key" = {}; }; }; firewall = { trustedInterfaces = [ "tailscale0" ]; extraRules = '' table inet nat { chain postrouting { iifname tailscale0 oifname veth0 snat ip to ${assignments.allhost.ipv4.address} iifname tailscale0 oifname veth0 snat ip6 to ${assignments.allhost.ipv6.address} } } ''; }; }; } ]; }; }; }