confix/hosts/buckwheat/configuration.nix

# Buckwheat configuration.nix
{ config, lib, pkgs, inputs, user, ... }:
let
  hostname="buckwheat";
in
{
  imports = [
    ./hardware-configuration.nix
  ];
  boot = {
    loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = 10;
      };
      efi.canTouchEfiVariables = true;
      efi.efiSysMountPoint = "/boot/efi";
      timeout = 2;
    };
    tmp.cleanOnBoot = true;
  };
  networking = {
    hostName = "${hostname}";
    firewall = {
      allowedTCPPorts = [ 445 139 ];
      allowedUDPPorts = [ 137 138 ];
    };
  };
  environment = {
    systemPackages = with pkgs; [
      nixos-shell
      virtiofsd
    ];
  };
  virtualisation.libvirtd.enable = true;
  services = {
    davfs2 = {
      enable = true;
    };
    mullvad-vpn = {
      enable = true;
      package = pkgs.mullvad-vpn;
    };
    transmission = {
      enable = true;
      openFirewall = true;
    };
    udisks2 = {
      enable = true;
      mountOnMedia = true;
    };
    borgbackup = {
      jobs."daily" = {
        paths = [
          "/home"
          "/var"
        ];
        exclude = [
          "/home/*/go/bin"
          "/home/*/go/pkg"
          "/var/lib/libvirt/images/*.qcow2"
        ];
        repo = "/mnt/archive/buckwheat";
        encryption = {
          mode = "repokey-blake2";
          passCommand = "cat /root/borgbackup/passphrase";
        };
        compression = "auto,lzma";
        startAt = "daily";
        prune.keep = {
          within = "30d";
        };
      };
    };
  };
  programs.virt-manager.enable = true;
  users.users.${user.name} = {
    extraGroups = [ "davfs2" "libvirtd" "transmission" ];
    packages = with pkgs; [
      mixxx
      polychromatic
    ];
  };
}