homefree/sample-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

First commit

Browse source
This commit is contained in:
Ellis Rahhal 2024-11-23 20:28:47 -08:00
commit b216f4f19f
5 changed files with 282 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md Normal file
View file

@ -0,0 +1,8 @@
HomeFree Sample Config
======================
Clone this repo and modify configuration.nix as needed, then deploy with:
```
./install.sh
```

134
configuration.nix Normal file
View file

@ -0,0 +1,134 @@
{ lib, ... }:
{
imports = [
./disk-config.nix
];
networking = {
interfaces = {
wlp4s0 = {
useDHCP = true;
};
};
wireless = {
## Don't enable wireless adapter
enable = lib.mkForce false;
## @TODO: Get this working as an access point
};
};
homefree = {
system = {
adminUsername = "homefree";
adminHashedPassword = "<replace me>";
authorizedKeys = [
"<replace me>"
];
};
network = {
wan-interface = "eno1";
wan-bitrate-mbps-down = 1000;
wan-bitrate-mbps-up = 1000;
lan-interface = "enp112s0";
static-ips = [
{
mac-address = "32:ea:a6:38:f2:6c";
hostname = "moms-laptop";
ip = "10.0.0.2";
}
{
mac-address = "50:60:f3:f1:3d:36";
hostname = "bros-iphone";
ip = "10.0.0.9";
}
{
mac-address = "68:30:f3:32:4444d:31";
hostname = "yamaha";
ip = "10.0.0.10";
}
];
dns-overrides = [
{
hostname = "att-modem";
domain = "localdomain";
ip = "192.168.1.254";
}
];
};
dynamic-dns = {
zones = [
## Repace with your own domain
{
zone = "homefree.host";
protocol = "hetzner";
username = "erahhal";
passwordFile = "/run/secrets/ddclient/ddclient-password";
}
];
};
wireguard = {
peers = [
{
name = "my-phone";
publicKey = "<replace me>=";
allowedIPs = [ "192.168.2.2/32"];
}
{
name = "bros-phone";
publicKey = "<replace me>";
allowedIPs = [ "192.168.2.3/32"];
}
];
};
services = {
adguard = {
enable = true;
};
homeassistant = {
enable = true;
};
gitea = {
enable = true;
public = true;
};
radicale = {
enable = true;
};
unifi = {
enable = true;
};
vaultwarden = {
enable = true;
};
};
proxied-hosts = [
{
label = "att";
subdomains = [ "att" ];
https-domains = [ "homefree.host" "rahh.al" ];
host = "att.localdomain";
port = 80;
}
{
label = "yamaha-recevier-web-gui";
subdomains = [ "yamaha" ];
https-domains = [ "homefree-host" ];
port = 443;
ssl = true;
ssl-no-verify = true;
host = "yamaha.localdomain";
}
];
};
}

78
disk-config.nix Normal file
View file

@ -0,0 +1,78 @@
{ ... }:
{
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
start = "1M";
end = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
# Subvolume name is different from mountpoint
"/root" = {
mountpoint = "/";
mountOptions = [ "subvol=root" "compress=zstd" "noatime" ];
};
# Subvolume name is the same as the mountpoint
"/home" = {
mountpoint = "/home";
mountOptions = [ "subvol=home" "compress=zstd" "noatime" ];
};
# Parent is not mounted so the mountpoint must be set
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "subvol=nix" "compress=zstd" "noatime" ];
};
# Subvolume for the swapfile
"/swap" = {
mountpoint = "/swap";
swap = {
swapfile.size = "64G";
};
};
};
};
};
# luks = {
# size = "100%";
# content = {
# type = "luks";
# name = "crypted";
# # disable settings.keyFile if you want to use interactive password entry
# #passwordFile = "/tmp/secret.key"; # Interactive
# settings = {
# allowDiscards = true;
# keyFile = "/tmp/secret.key";
# };
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
# content = {
# ...
# };
# };
# };
};
};
};
};
};
}

33
flake.nix Executable file
View file

@ -0,0 +1,33 @@
{
description = "Sample Homefree Host Config";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
homefree.url = "git+https://git.homefree.host/erahhal/HomeFree";
};
outputs = {
self,
...
}@inputs:
let
system = "x86_64-linux";
in
{
nixosConfigurations = {
homefree = inputs.nixpkgs.lib.nixosSystem {
system = system;
modules = [
inputs.homefree.nixosModules.default
./disk-config.nix
./configuration.nix
];
specialArgs = {
inherit inputs;
inherit system;
};
};
};
};
}

29
install.sh Executable file
View file

@ -0,0 +1,29 @@
#!/usr/bin/env bash
echo 'Installation steps:'
echo ''
echo ' - Make sure configuration has your SSH key authorized for root so you can change your password, e.g.'
echo ' users.users.root.openssh.authorizedKeys.keys = ['
echo ' "ssh-rsa blahblah"'
echo ' ];'
echo ' - Boot minimal NixOS image on target, e.g. using a USB stick'
echo ' - Do NOT use Ventoy, as it doesnt work on some devices. Use a direct image on a USB stick'
echo ' - On target: Change password with `passwd`'
echo ' - On source: `scp ~/.ssh/authorized_keys nixos@<address>:/home/nixos`'
echo ' - On target: `mkdir -p ~/.ssh; mv ~/authorized_keys ~/.ssh/authorized_keys'
echo ' - Then continue by entering the values below'
echo ''
read -p "Enter IP Address: " ADDRESS
if [[ $ADDRESS =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "IP: ${ADDRESS}"
echo ""
else
echo "Invalid IP Address"
exit
fi
read -p "ARE YOU SURE? This will DESTROY the target (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
NIX_SSHOPTS=-tt nix run github:nix-community/nixos-anywhere -- --flake ../#homefree nixos@$ADDRESS