add fw-new

hosts/nb-new.cloonar.com/configuration.nix

@@ -24,9 +24,13 @@ in {
       ./modules/nvim/default.nix
       ./utils/modules/autoupgrade.nix
 
+      ./cachix.nix
       ./users
 
+      ./modules/steam.nix
+
       ./hardware-configuration.nix
+
     ];
 
   nixpkgs.overlays = [
@@ -35,9 +39,13 @@ in {
 
   fonts.packages = with pkgs; [
     open-sans
-
   ];
 
+  swapDevices = [ {
+    device = "/nix/persist/swapfile";
+    size = 32 * 1024;  # Size is in megabytes
+  } ];
+
   # nixos cross building qemu
   boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
   boot.supportedFilesystems = [ "ntfs" ];
@@ -52,6 +60,25 @@ in {
     ];
   };
 
+  hardware.bluetooth.enable = true;
+  hardware.bluetooth.powerOnBoot = true;
+
+  services.tlp = {
+    enable = true;
+    settings = {
+      CPU_SCALING_GOVERNOR_ON_AC = "performance";
+      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+      CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+    };
+  };
+
+  environment.persistence."/nix/persist" = {
+    hideMounts = true;
+    directories = [
+      "/home"
+    ];
+  };
   environment.persistence."/nix/persist/system" = {
     hideMounts = true;
     directories = [
@@ -61,6 +88,7 @@ in {
       "/var/log"
       "/var/lib/bluetooth"
       "/var/lib/docker"
+      "/var/lib/flatpak"
       "/var/lib/nixos"
       "/etc/NetworkManager/system-connections"
     ];
@@ -86,16 +114,21 @@ in {
   sops.secrets.wg-cloonar-key = {};
 
   virtualisation.docker.enable = true;
+  services.flatpak.enable = true;
+  systemd.services.flatpak-repo = {
+    wantedBy = [ "multi-user.target" ];
+    path = [ pkgs.flatpak ];
+    script = ''
+      flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+    '';
+  };
 
   networking.hostName = "nb-01"; # Define your hostname.
   networking.resolvconf.enable = true;
   networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
   networking.extraHosts = ''
+    77.119.230.30 vpn.cloonar.com
     10.25.0.25 archive.zeichnemit.at
-    127.0.0.1 wohnservice.local mieterhilfe.local wohnpartner.local wohnberatung.local wienbautvor.local wienwohntbesser.local
-    127.0.0.1 wohnservice-wien.local mieterhilfe.local wohnpartner-wien.local wohnberatung-wien.local wienbautvor.local wienwohntbesser.local
-    127.0.0.1 diabetes.local
-    127.0.0.1 test.cloonar.com
   '';
 
   # Set your time zone.
@@ -165,16 +198,26 @@ in {
       peers = [
         {
           publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
-          allowedIPs = [ "10.42.96.0/20" "10.14.0.0/16" "10.25.0.0/16" ];
+          allowedIPs = [
+            "10.42.96.0/20"
+            # wohnservice-wien
+            "10.254.240.0/24"
+            # epicenter.works
+            "10.14.0.0/16"
+            "10.25.0.0/16" ];
           endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
           persistentKeepalive = 25;
         }
       ];
+      postSetup = ''
+        printf "nameserver 10.42.97.1\nsearch cloonar.com" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0 -x
+      '';
     };
   };
 
   nix = {
     settings.auto-optimise-store = true;
+    settings.experimental-features = [ "nix-command" "flakes" ];
     # autoOptimiseStore = true;
     gc = {
       automatic = true;