nixos/spec/focus/default.nix

{
  lib,
  ...
}:
{
  global = {
    id = "22e9d4e37bd7436ba0cbe6e767fb0912";
    auth.openssh.enable = true;
    fs.esp.uuid = "8C36-CBE2";
    fs.type = "zfs";
    fs.zfs.alert.secret = "/nix/persist/secret/telegram";
    fs.zfs.split.enable = true;
    fs.zfs.split.store = "59b73292-8098-4774-b8b6-59c23130d405";
    fs.zfs.split.secret = "f8983719-f9e7-42b2-b8f3-0f32f6b328ae";
    fs.zfs.replication.enable = true;
    fs.zfs.replication.remote = "focus@edge.514fpv.io:archive/backup/koishi/focus";
    fs.zfs.replication.port = 8087;
    fs.cryptsetup.enable = true;
    fs.cryptsetup.allowDiscards = false;
    fs.cryptsetup.uuids.secret = "c2bc361e-6f9a-48fa-b698-ed3603a9664a";
    boot.lanzaboote = true;
    boot.memtest = 4;
    acme.enable = true;
    netdata.enable = true;
    netdata.host = "sf.514fpv.io";
    netdata.addSSL = true;
    netdata.useACMEHost = "sf.514fpv.io";
  };

  services.udev.extraRules = ''
    SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="6c:b3:11:3d:80:13", NAME="2g5"
  '';

  networking.proxy = {
    allProxy = "http://compat:3128";
    noProxy = "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.1,localhost,.localdomain";
  };

  imports = lib.pipe ./. [
    builtins.readDir
    (lib.filterAttrs (n: ty: ty == "regular" && n != "default.nix"))
    (lib.mapAttrsToList (n: _: ./${n}))
  ];

  hardware.enableRedistributableFirmware = true;
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usbhid"
    "usb_storage"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ "i915" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  hardware.cpu.intel.updateMicrocode = true;
}