{ self, lib, config, pkgs, ... }: let nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json); in { imports = [ self.nixosModules.hcloud ]; users.users.root = { openssh.authorizedKeys.keys = nixosVars.ssh_keys; initialPassword = "nixos"; }; system.stateVersion = "23.11"; networking = { hostName = nixosVars.hostname; domain = nixosVars.domain_netname; firewall = { allowedUDPPorts = [3478]; allowedTCPPorts = [80 443]; }; }; services = { openssh = { enable = true; settings.PasswordAuthentication = false; }; cloud-init.enable = lib.mkForce false; headscale = { enable = true; address = "0.0.0.0"; port = 8080; settings = { server_url = "https://${nixosVars.hostname}.${nixosVars.domain_netname}"; logtail.enabled = false; dns = { base_domain = "ts.${nixosVars.domain_netname}"; magic_dns = true; search_domains = ["${nixosVars.domain_netname}"]; nameservers.global = [ "1.1.1.1" "9.9.9.9" ]; }; ip_prefixes = [ "100.64.0.0/10" ]; }; }; caddy = { enable = true; virtualHosts."${nixosVars.hostname}.${nixosVars.domain_netname}".extraConfig = '' reverse_proxy * 127.0.0.1:8080 ''; }; }; systemd.network.networks."10-wan" = { matchConfig.MACAddress = "96:00:04:16:ed:c5"; address = ["${nixosVars.ipv4_address}/32"]; routes = [ { Gateway = "172.31.1.1"; GatewayOnLink = true; } ]; linkConfig.RequiredForOnline = "routable"; }; boot.supportedFilesystems = ["btrfs"]; environment.systemPackages = [ pkgs.btrfs-progs pkgs.shadow pkgs.vim pkgs.speedtest-cli pkgs.git pkgs.hcloud pkgs.dhcpcd ]; }