commit b216f4f19f1bbb57386dacb7e985a007b8f0c53b
Author: Ellis Rahhal <ellis@rahh.al>
Date:   Sat Nov 23 20:28:47 2024 -0800

    First commit

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..7ea1229
--- /dev/null
+++ b/README.md
@@ -0,0 +1,8 @@
+HomeFree Sample Config
+======================
+
+Clone this repo and modify configuration.nix as needed, then deploy with:
+
+```
+./install.sh
+```
diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..f094a54
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,134 @@
+{ lib, ... }:
+{
+  imports = [
+    ./disk-config.nix
+  ];
+
+  networking = {
+    interfaces = {
+      wlp4s0 = {
+        useDHCP = true;
+      };
+    };
+    wireless = {
+      ## Don't enable wireless adapter
+      enable = lib.mkForce false;
+      ## @TODO: Get this working as an access point
+    };
+  };
+
+  homefree = {
+    system = {
+      adminUsername = "homefree";
+      adminHashedPassword = "<replace me>";
+      authorizedKeys = [
+        "<replace me>"
+      ];
+    };
+
+    network = {
+      wan-interface = "eno1";
+      wan-bitrate-mbps-down = 1000;
+      wan-bitrate-mbps-up = 1000;
+      lan-interface = "enp112s0";
+      static-ips = [
+        {
+          mac-address = "32:ea:a6:38:f2:6c";
+          hostname = "moms-laptop";
+          ip = "10.0.0.2";
+        }
+        {
+          mac-address = "50:60:f3:f1:3d:36";
+          hostname = "bros-iphone";
+          ip = "10.0.0.9";
+        }
+        {
+          mac-address = "68:30:f3:32:4444d:31";
+          hostname = "yamaha";
+          ip = "10.0.0.10";
+        }
+      ];
+
+      dns-overrides = [
+        {
+          hostname = "att-modem";
+          domain = "localdomain";
+          ip = "192.168.1.254";
+        }
+      ];
+    };
+
+    dynamic-dns = {
+      zones = [
+        ## Repace with your own domain
+        {
+          zone = "homefree.host";
+          protocol = "hetzner";
+          username = "erahhal";
+          passwordFile = "/run/secrets/ddclient/ddclient-password";
+        }
+      ];
+    };
+
+    wireguard = {
+      peers = [
+        {
+          name = "my-phone";
+          publicKey = "<replace me>=";
+          allowedIPs = [ "192.168.2.2/32"];
+        }
+        {
+          name = "bros-phone";
+          publicKey = "<replace me>";
+          allowedIPs = [ "192.168.2.3/32"];
+        }
+      ];
+    };
+
+    services = {
+      adguard = {
+        enable = true;
+      };
+
+      homeassistant = {
+        enable = true;
+      };
+
+      gitea = {
+        enable = true;
+        public = true;
+      };
+
+      radicale = {
+        enable = true;
+      };
+
+      unifi = {
+        enable = true;
+      };
+
+      vaultwarden = {
+        enable = true;
+      };
+    };
+
+    proxied-hosts = [
+      {
+        label = "att";
+        subdomains = [ "att" ];
+        https-domains = [ "homefree.host" "rahh.al" ];
+        host = "att.localdomain";
+        port = 80;
+      }
+      {
+        label = "yamaha-recevier-web-gui";
+        subdomains = [ "yamaha" ];
+        https-domains = [ "homefree-host" ];
+        port = 443;
+        ssl = true;
+        ssl-no-verify = true;
+        host = "yamaha.localdomain";
+      }
+    ];
+  };
+}
diff --git a/disk-config.nix b/disk-config.nix
new file mode 100644
index 0000000..f3b1f4e
--- /dev/null
+++ b/disk-config.nix
@@ -0,0 +1,78 @@
+{ ... }:
+{
+  disko.devices = {
+    disk = {
+      nvme0n1 = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              priority = 1;
+              start = "1M";
+              end = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "btrfs";
+                extraArgs = [ "-f" ]; # Override existing partition
+                # Subvolumes must set a mountpoint in order to be mounted,
+                # unless their parent is mounted
+                subvolumes = {
+                  # Subvolume name is different from mountpoint
+                  "/root" = {
+                    mountpoint = "/";
+                    mountOptions = [ "subvol=root" "compress=zstd" "noatime" ];
+                  };
+                  # Subvolume name is the same as the mountpoint
+                  "/home" = {
+                    mountpoint = "/home";
+                    mountOptions = [ "subvol=home"  "compress=zstd" "noatime" ];
+                  };
+                  # Parent is not mounted so the mountpoint must be set
+                  "/nix" = {
+                    mountpoint = "/nix";
+                    mountOptions = [ "subvol=nix" "compress=zstd" "noatime" ];
+                  };
+                  # Subvolume for the swapfile
+                  "/swap" = {
+                    mountpoint = "/swap";
+                    swap = {
+                      swapfile.size = "64G";
+                    };
+                  };
+                };
+              };
+            };
+
+            # luks = {
+            #   size = "100%";
+            #   content = {
+            #     type = "luks";
+            #     name = "crypted";
+            #     # disable settings.keyFile if you want to use interactive password entry
+            #     #passwordFile = "/tmp/secret.key"; # Interactive
+            #     settings = {
+            #       allowDiscards = true;
+            #       keyFile = "/tmp/secret.key";
+            #     };
+            #     additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
+            #     content = {
+            #       ...
+            #     };
+            #   };
+            # };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/flake.nix b/flake.nix
new file mode 100755
index 0000000..9e17b98
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,33 @@
+{
+  description = "Sample Homefree Host Config";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+    homefree.url = "git+https://git.homefree.host/erahhal/HomeFree";
+  };
+
+  outputs = {
+    self,
+    ...
+  }@inputs:
+  let
+    system = "x86_64-linux";
+  in
+  {
+    nixosConfigurations = {
+      homefree = inputs.nixpkgs.lib.nixosSystem {
+        system = system;
+        modules = [
+          inputs.homefree.nixosModules.default
+          ./disk-config.nix
+          ./configuration.nix
+        ];
+        specialArgs = {
+          inherit inputs;
+          inherit system;
+        };
+      };
+    };
+  };
+}
diff --git a/install.sh b/install.sh
new file mode 100755
index 0000000..0c1412a
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+echo 'Installation steps:'
+echo ''
+echo '  - Make sure configuration has your SSH key authorized for root so you can change your password, e.g.'
+echo '       users.users.root.openssh.authorizedKeys.keys = ['
+echo '         "ssh-rsa blahblah"'
+echo '       ];'
+echo '  - Boot minimal NixOS image on target, e.g. using a USB stick'
+echo '  - Do NOT use Ventoy, as it doesnt work on some devices. Use a direct image on a USB stick'
+echo '  - On target: Change password with `passwd`'
+echo '  - On source: `scp ~/.ssh/authorized_keys nixos@<address>:/home/nixos`'
+echo '  - On target: `mkdir -p ~/.ssh; mv ~/authorized_keys ~/.ssh/authorized_keys'
+echo '  - Then continue by entering the values below'
+echo ''
+
+read -p "Enter IP Address: " ADDRESS
+
+if [[ $ADDRESS =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+  echo "IP: ${ADDRESS}"
+  echo ""
+else
+  echo "Invalid IP Address"
+  exit
+fi
+
+read -p "ARE YOU SURE? This will DESTROY the target (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
+
+NIX_SSHOPTS=-tt nix run github:nix-community/nixos-anywhere -- --flake ../#homefree nixos@$ADDRESS