nixconfig/systems/gateway/cfg.nix

{
  syscfg = {
    hostname = "gateway";
    type = "nixos";
    system = "x86_64-linux";
    defaultUser = "sora";
    users = [{
      username = "sora";
      pubssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrrUB0KBjeAKPVG2Bdcm4mI9AMab7y97SOCdEHGogYv sora@gateway";
      wm = "-";
      git = {
        email = "soraefir+git@helcel";
        username = "soraefir";
        key = "4E241635F8EDD2919D2FB44CA362EA0491E2EEA0";
      };
    }];
    make = {
      cli = true;
    };
    net = {
      wlp = { enable = false; };
      wg = {
        enable = true;
        ip4 = "10.10.1.1/32";
        ip6 = "fd10:10:10::1/128";
        pubkey = "NFBJvYXZC+bd62jhrKnM7/pugidWhgR6+C5qIiUiq3Q=";
      };
    };
    server = {
      openssh = true;
      wireguard = true;
      web = true;
      nftables = {
        enable = true;
        ifs = ["ens3" "wg0" ];
        ports = [
                [ "ens3" "10.10.1.2" "fd10:10:10::2" 22 2222 ]      # SSH/GIT
                [ "ens3" "10.10.1.2" "fd10:10:10::2" 80 80 ]        # HTTP
                [ "ens3" "10.10.1.2" "fd10:10:10::2" 443 443 ]      # HTTPS
                [ "ens3" "10.10.1.2" "fd10:10:10::2" 3979 3979 ]    # OTTD
        ];
      };
    };
  };
}