First commit
This commit is contained in:
commit
b216f4f19f
5 changed files with 282 additions and 0 deletions
8
README.md
Normal file
8
README.md
Normal file
|
@ -0,0 +1,8 @@
|
|||
HomeFree Sample Config
|
||||
======================
|
||||
|
||||
Clone this repo and modify configuration.nix as needed, then deploy with:
|
||||
|
||||
```
|
||||
./install.sh
|
||||
```
|
134
configuration.nix
Normal file
134
configuration.nix
Normal file
|
@ -0,0 +1,134 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./disk-config.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
interfaces = {
|
||||
wlp4s0 = {
|
||||
useDHCP = true;
|
||||
};
|
||||
};
|
||||
wireless = {
|
||||
## Don't enable wireless adapter
|
||||
enable = lib.mkForce false;
|
||||
## @TODO: Get this working as an access point
|
||||
};
|
||||
};
|
||||
|
||||
homefree = {
|
||||
system = {
|
||||
adminUsername = "homefree";
|
||||
adminHashedPassword = "<replace me>";
|
||||
authorizedKeys = [
|
||||
"<replace me>"
|
||||
];
|
||||
};
|
||||
|
||||
network = {
|
||||
wan-interface = "eno1";
|
||||
wan-bitrate-mbps-down = 1000;
|
||||
wan-bitrate-mbps-up = 1000;
|
||||
lan-interface = "enp112s0";
|
||||
static-ips = [
|
||||
{
|
||||
mac-address = "32:ea:a6:38:f2:6c";
|
||||
hostname = "moms-laptop";
|
||||
ip = "10.0.0.2";
|
||||
}
|
||||
{
|
||||
mac-address = "50:60:f3:f1:3d:36";
|
||||
hostname = "bros-iphone";
|
||||
ip = "10.0.0.9";
|
||||
}
|
||||
{
|
||||
mac-address = "68:30:f3:32:4444d:31";
|
||||
hostname = "yamaha";
|
||||
ip = "10.0.0.10";
|
||||
}
|
||||
];
|
||||
|
||||
dns-overrides = [
|
||||
{
|
||||
hostname = "att-modem";
|
||||
domain = "localdomain";
|
||||
ip = "192.168.1.254";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
dynamic-dns = {
|
||||
zones = [
|
||||
## Repace with your own domain
|
||||
{
|
||||
zone = "homefree.host";
|
||||
protocol = "hetzner";
|
||||
username = "erahhal";
|
||||
passwordFile = "/run/secrets/ddclient/ddclient-password";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
wireguard = {
|
||||
peers = [
|
||||
{
|
||||
name = "my-phone";
|
||||
publicKey = "<replace me>=";
|
||||
allowedIPs = [ "192.168.2.2/32"];
|
||||
}
|
||||
{
|
||||
name = "bros-phone";
|
||||
publicKey = "<replace me>";
|
||||
allowedIPs = [ "192.168.2.3/32"];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
adguard = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
homeassistant = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
gitea = {
|
||||
enable = true;
|
||||
public = true;
|
||||
};
|
||||
|
||||
radicale = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
unifi = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
vaultwarden = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
proxied-hosts = [
|
||||
{
|
||||
label = "att";
|
||||
subdomains = [ "att" ];
|
||||
https-domains = [ "homefree.host" "rahh.al" ];
|
||||
host = "att.localdomain";
|
||||
port = 80;
|
||||
}
|
||||
{
|
||||
label = "yamaha-recevier-web-gui";
|
||||
subdomains = [ "yamaha" ];
|
||||
https-domains = [ "homefree-host" ];
|
||||
port = 443;
|
||||
ssl = true;
|
||||
ssl-no-verify = true;
|
||||
host = "yamaha.localdomain";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
78
disk-config.nix
Normal file
78
disk-config.nix
Normal file
|
@ -0,0 +1,78 @@
|
|||
{ ... }:
|
||||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
nvme0n1 = {
|
||||
type = "disk";
|
||||
device = "/dev/nvme0n1";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
priority = 1;
|
||||
start = "1M";
|
||||
end = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ]; # Override existing partition
|
||||
# Subvolumes must set a mountpoint in order to be mounted,
|
||||
# unless their parent is mounted
|
||||
subvolumes = {
|
||||
# Subvolume name is different from mountpoint
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ "subvol=root" "compress=zstd" "noatime" ];
|
||||
};
|
||||
# Subvolume name is the same as the mountpoint
|
||||
"/home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = [ "subvol=home" "compress=zstd" "noatime" ];
|
||||
};
|
||||
# Parent is not mounted so the mountpoint must be set
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "subvol=nix" "compress=zstd" "noatime" ];
|
||||
};
|
||||
# Subvolume for the swapfile
|
||||
"/swap" = {
|
||||
mountpoint = "/swap";
|
||||
swap = {
|
||||
swapfile.size = "64G";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# luks = {
|
||||
# size = "100%";
|
||||
# content = {
|
||||
# type = "luks";
|
||||
# name = "crypted";
|
||||
# # disable settings.keyFile if you want to use interactive password entry
|
||||
# #passwordFile = "/tmp/secret.key"; # Interactive
|
||||
# settings = {
|
||||
# allowDiscards = true;
|
||||
# keyFile = "/tmp/secret.key";
|
||||
# };
|
||||
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
|
||||
# content = {
|
||||
# ...
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
33
flake.nix
Executable file
33
flake.nix
Executable file
|
@ -0,0 +1,33 @@
|
|||
{
|
||||
description = "Sample Homefree Host Config";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
|
||||
homefree.url = "git+https://git.homefree.host/erahhal/HomeFree";
|
||||
};
|
||||
|
||||
outputs = {
|
||||
self,
|
||||
...
|
||||
}@inputs:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
in
|
||||
{
|
||||
nixosConfigurations = {
|
||||
homefree = inputs.nixpkgs.lib.nixosSystem {
|
||||
system = system;
|
||||
modules = [
|
||||
inputs.homefree.nixosModules.default
|
||||
./disk-config.nix
|
||||
./configuration.nix
|
||||
];
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
inherit system;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
29
install.sh
Executable file
29
install.sh
Executable file
|
@ -0,0 +1,29 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
echo 'Installation steps:'
|
||||
echo ''
|
||||
echo ' - Make sure configuration has your SSH key authorized for root so you can change your password, e.g.'
|
||||
echo ' users.users.root.openssh.authorizedKeys.keys = ['
|
||||
echo ' "ssh-rsa blahblah"'
|
||||
echo ' ];'
|
||||
echo ' - Boot minimal NixOS image on target, e.g. using a USB stick'
|
||||
echo ' - Do NOT use Ventoy, as it doesnt work on some devices. Use a direct image on a USB stick'
|
||||
echo ' - On target: Change password with `passwd`'
|
||||
echo ' - On source: `scp ~/.ssh/authorized_keys nixos@<address>:/home/nixos`'
|
||||
echo ' - On target: `mkdir -p ~/.ssh; mv ~/authorized_keys ~/.ssh/authorized_keys'
|
||||
echo ' - Then continue by entering the values below'
|
||||
echo ''
|
||||
|
||||
read -p "Enter IP Address: " ADDRESS
|
||||
|
||||
if [[ $ADDRESS =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
||||
echo "IP: ${ADDRESS}"
|
||||
echo ""
|
||||
else
|
||||
echo "Invalid IP Address"
|
||||
exit
|
||||
fi
|
||||
|
||||
read -p "ARE YOU SURE? This will DESTROY the target (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
|
||||
|
||||
NIX_SSHOPTS=-tt nix run github:nix-community/nixos-anywhere -- --flake ../#homefree nixos@$ADDRESS
|
Loading…
Add table
Reference in a new issue