NixOS-Config/nixos/hosts/EDI/configuration.nix

# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{
  inputs,
  lib,
  pkgs,
  config,
  ...
}: {
  # You can import other NixOS modules here
  imports = [
    # Import home-manager's NixOS module
    inputs.home-manager.nixosModules.home-manager
    # If you want to use modules your own flake exports (from modules/nixos):
    # outputs.nixosModules.example

    # Or modules from other flakes (such as nixos-hardware):
    # inputs.hardware.nixosModules.common-cpu-amd
    # inputs.hardware.nixosModules.common-ssd

    # You can also split up your configuration and import pieces of it here:
    # ./users.nix

    ../../../disko/EDI

    # Import your generated (nixos-generate-config) hardware configuration
    ./hardware-configuration.nix
  ];

  environment.systemPackages = with pkgs; [
  ];
  networking = {
    hostName = "EDI";

    wireguard.enable = true;

    wg-quick.interfaces = {
      wg0 = {
        autostart = true;
        address = ["10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64"];
        dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
        listenPort = 51821;
        privateKeyFile = config.sops.secrets."wg-private-key".path;
        peers = [
          {
            publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
            endpoint = "84.87.146.85:51821";
            allowedIPs = ["0.0.0.0/0" "::/0"];
            persistentKeepalive = 25;
          }
        ];
      };
    };
  };
  boot = {
    # Lanzaboote currently replaces the systemd-boot module.
    # This setting is usually set to true in configuration.nix
    # generated at installation time. So we force it to false
    # for now.
    loader.systemd-boot.enable = lib.mkForce false;
    initrd.systemd.enable = true;

    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
    };
  };

  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "24.11";
}