dev/modules/optionnals/hosts/home-nix.nix

{
  config,
  pkgs,
  ...
}:
{
  imports = [
    #../ai.nix
    ../autologin.nix
    ../k8s.nix
    ../libvirt.nix
    ../openfortivpn.nix
    ../options.nix
    ../packages.nix
    ../sops-desktop.nix
    ../ssh.nix
    ../sudo-nopasswd.nix
    ../wakeonlan.nix

    ### Import GUI modules
    ../desktop/code.nix
    ../desktop/dunst.nix
    ../desktop/kitty.nix
    ../desktop/nextcloud.nix
    ../desktop/packages.nix
    ../desktop/pipewire.nix
    ../desktop/qwerty-fr.nix
    ../desktop/rofi.nix
    ../desktop/starship.nix
    ../desktop/virt-manager.nix
    ../desktop/wayland.nix

    ### Import Graphics modules
    ../desktop/nvidia.nix
  ];

  my.laninterface = "enp5s0";
  my.ipv4address = "192.168.0.2";
  my.ipv4netmask = 24;
  my.ipv4gateway = "192.168.0.254";

  sops = {
    secrets = {
      "wireguard_home/publickey" = { };
      "wireguard_home/presharedkey" = { };
      "wireguard_home/privatekey" = { };
    };
  };

  #services.resolved.enable = false;

  networking = {
    #useNetworkd = true;
    #useHostResolvConf = false;
    interfaces.${config.my.laninterface} = {
      ipv4.addresses = [
        {
          address = config.my.ipv4address;
          prefixLength = config.my.ipv4netmask;
        }
      ];
    };
    defaultGateway = {
      address = config.my.ipv4gateway;
      interface = config.my.laninterface;
    };
    nameservers = [
      #"9.9.9.9"
      "10.0.0.1"
      "2001:41d0:303:20da::1"
      "217.182.138.218"
    ];
    extraHosts = ''
      #172.18.229.240  test-mycarto.grandbesancon.fr
      172.18.21.172     errorpages.grandbesancon.fr
      #172.18.23.4    dozzle.grandbesancon.fr
      #172.18.22.206  toto.grandbesancon.fr
      #172.18.229.3   sso.grandbesancon.fr
      #172.18.20.37   sso.grandbesancon.fr
      #172.18.20.229  auth.grandbesancon.fr
      #172.18.20.181  traefikauth.grandbesancon.fr
    '';
    wireguard = {
      interfaces = {
        wg0 = {
          ips = [
            "fc00::2/56"
            "10.0.0.2/16"
          ];
          listenPort = 51820;
          privateKeyFile = config.sops.secrets."wireguard_home/privatekey".path;
          peers = [
            {
              publicKey = "X8D/RhwjpFYXm2DbtC0wY39TrFkdaw7RA7kHhbmOXnw=";
              presharedKeyFile = config.sops.secrets."wireguard_home/presharedkey".path;
              allowedIPs = [
                "fc00::0/56"
                "10.0.0.0/16"
                "10.1.0.0/16"
              ];
              endpoint = "[2001:41d0:303:20da::1]:51820";
              persistentKeepalive = 15;
            }
          ];
        };
      };
    };
  };

  sops.secrets."home-nix/myipv6address" = { };

  systemd.services.ipv6-setup = {
    description = "Configure IPv6";
    after = [
      "network.target"
      "sops-nix.service"
    ];
    wants = [ "sops-nix.service" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStart = pkgs.writeShellScript "setup-ipv6" ''
        ${pkgs.iproute2}/bin/ip -6 addr add $(cat ${
          config.sops.secrets."home-nix/myipv6address".path
        })/64 dev ${config.my.laninterface} || true
      '';
    };
  };

  environment.systemPackages = [
    pkgs.tor-browser
  ];

}