2024-12-13 17:14:13 -08:00
|
|
|
{ config, lib, ... }:
|
2024-11-23 20:28:47 -08:00
|
|
|
{
|
|
|
|
|
imports = [
|
|
|
|
|
./disk-config.nix
|
2024-12-13 17:14:13 -08:00
|
|
|
./secrets.nix
|
2024-11-23 20:28:47 -08:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
interfaces = {
|
|
|
|
|
wlp4s0 = {
|
|
|
|
|
useDHCP = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
wireless = {
|
|
|
|
|
## Don't enable wireless adapter
|
|
|
|
|
enable = lib.mkForce false;
|
|
|
|
|
## @TODO: Get this working as an access point
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
homefree = {
|
|
|
|
|
system = {
|
|
|
|
|
adminUsername = "homefree";
|
|
|
|
|
adminHashedPassword = "<replace me>";
|
|
|
|
|
authorizedKeys = [
|
|
|
|
|
"<replace me>"
|
|
|
|
|
];
|
2024-12-13 17:14:13 -08:00
|
|
|
domain = "example.com";
|
|
|
|
|
additionalDomains = [ "domain2.com" ];
|
|
|
|
|
timeZone = "America/Los_Angeles";
|
|
|
|
|
countryCode = "US";
|
2024-11-23 20:28:47 -08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
network = {
|
|
|
|
|
wan-interface = "eno1";
|
|
|
|
|
wan-bitrate-mbps-down = 1000;
|
|
|
|
|
wan-bitrate-mbps-up = 1000;
|
|
|
|
|
lan-interface = "enp112s0";
|
|
|
|
|
static-ips = [
|
|
|
|
|
{
|
|
|
|
|
mac-address = "32:ea:a6:38:f2:6c";
|
|
|
|
|
hostname = "moms-laptop";
|
|
|
|
|
ip = "10.0.0.2";
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
mac-address = "50:60:f3:f1:3d:36";
|
|
|
|
|
hostname = "bros-iphone";
|
|
|
|
|
ip = "10.0.0.9";
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
mac-address = "68:30:f3:32:4444d:31";
|
|
|
|
|
hostname = "yamaha";
|
|
|
|
|
ip = "10.0.0.10";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
dns-overrides = [
|
|
|
|
|
{
|
|
|
|
|
hostname = "att-modem";
|
|
|
|
|
domain = "localdomain";
|
|
|
|
|
ip = "192.168.1.254";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
dynamic-dns = {
|
|
|
|
|
zones = [
|
|
|
|
|
## Repace with your own domain
|
|
|
|
|
{
|
2024-12-13 17:14:13 -08:00
|
|
|
zone = "example.com";
|
2024-11-23 20:28:47 -08:00
|
|
|
protocol = "hetzner";
|
2024-12-13 17:14:13 -08:00
|
|
|
username = "username";
|
|
|
|
|
passwordFile = config.sops.secrets."ddclient/ddclient-password".path;
|
2024-11-23 20:28:47 -08:00
|
|
|
}
|
2024-12-13 17:14:13 -08:00
|
|
|
## Repace with your own domain
|
2024-11-23 20:28:47 -08:00
|
|
|
{
|
2024-12-13 17:14:13 -08:00
|
|
|
zone = "domain2.com";
|
|
|
|
|
protocol = "hetzner";
|
|
|
|
|
username = "erahhal";
|
|
|
|
|
passwordFile = config.sops.secrets."ddclient/ddclient-password".path;
|
2024-11-23 20:28:47 -08:00
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
adguard = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-12-13 17:14:13 -08:00
|
|
|
authentik = {
|
|
|
|
|
enable = true;
|
|
|
|
|
secrets = {
|
|
|
|
|
environment = config.sops.secrets."authentik/authentik-env".path;
|
|
|
|
|
ldap-environment = config.sops.secrets."authentik/authentik-ldap-env".path;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
baikal = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
cryptpad = {
|
|
|
|
|
enable = true;
|
|
|
|
|
adminKeys = [
|
|
|
|
|
"<public signing key of user that can access the admin panel>"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2024-11-23 20:28:47 -08:00
|
|
|
homeassistant = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
2024-12-13 17:14:13 -08:00
|
|
|
frigate = {
|
|
|
|
|
enable = true;
|
|
|
|
|
cameras = [
|
|
|
|
|
{
|
|
|
|
|
enable = true;
|
|
|
|
|
name = "gate";
|
|
|
|
|
path = "rtsp://10.0.0.15/11";
|
|
|
|
|
width = 1920;
|
|
|
|
|
height = 1080;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
2024-11-23 20:28:47 -08:00
|
|
|
|
|
|
|
|
gitea = {
|
|
|
|
|
enable = true;
|
|
|
|
|
public = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-12-13 17:14:13 -08:00
|
|
|
headscale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
secrets = {
|
|
|
|
|
tailscale-key = config.sops.secrets."tailscale/key".path;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
headscale-ui = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
jellyfin = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
linkwarden = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nextcloud = {
|
|
|
|
|
enable = true;
|
|
|
|
|
secrets = {
|
|
|
|
|
admin-password = config.sops.secrets."nextcloud/admin-password".path;
|
|
|
|
|
secret-file = config.sops.secrets."nextcloud/secret-file".path;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-11-23 20:28:47 -08:00
|
|
|
radicale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
unifi = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
vaultwarden = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-12-13 17:14:13 -08:00
|
|
|
service-config = [
|
2024-11-23 20:28:47 -08:00
|
|
|
{
|
|
|
|
|
label = "att";
|
2024-12-13 17:14:13 -08:00
|
|
|
reverse-proxy = {
|
|
|
|
|
enable = true;
|
|
|
|
|
subdomains = [ "att" ];
|
|
|
|
|
https-domains = [ "homefree.host" "rahh.al" ];
|
|
|
|
|
host = "att.localdomain";
|
|
|
|
|
port = 80;
|
|
|
|
|
};
|
2024-11-23 20:28:47 -08:00
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
label = "yamaha-recevier-web-gui";
|
2024-12-13 17:14:13 -08:00
|
|
|
reverse-proxy = {
|
|
|
|
|
subdomains = [ "yamaha" ];
|
|
|
|
|
https-domains = [ "homefree-host" ];
|
|
|
|
|
port = 443;
|
|
|
|
|
ssl = true;
|
|
|
|
|
ssl-no-verify = true;
|
|
|
|
|
host = "yamaha.localdomain";
|
|
|
|
|
};
|
2024-11-23 20:28:47 -08:00
|
|
|
}
|
|
|
|
|
];
|
2024-12-13 17:14:13 -08:00
|
|
|
|
|
|
|
|
backups = {
|
|
|
|
|
enable = true;
|
|
|
|
|
to-path = "/var/lib/backups";
|
|
|
|
|
extra-from-paths = [
|
|
|
|
|
"/mnt/nfs-volume/persona-files1"
|
|
|
|
|
"/mnt/nfs-volume/persona-files2"
|
|
|
|
|
"/home/username"
|
|
|
|
|
];
|
|
|
|
|
secrets = {
|
|
|
|
|
restic-password = config.sops.secrets."backup/restic-password".path;
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-11-23 20:28:47 -08:00
|
|
|
};
|
|
|
|
|
}
|
