{ config, lib, ... }: { imports = [ ./disk-config.nix ./secrets.nix ]; networking = { interfaces = { wlp4s0 = { useDHCP = true; }; }; wireless = { ## Don't enable wireless adapter enable = lib.mkForce false; ## @TODO: Get this working as an access point }; }; homefree = { system = { adminUsername = "homefree"; adminHashedPassword = ""; authorizedKeys = [ "" ]; domain = "example.com"; additionalDomains = [ "domain2.com" ]; timeZone = "America/Los_Angeles"; countryCode = "US"; }; network = { wan-interface = "eno1"; wan-bitrate-mbps-down = 1000; wan-bitrate-mbps-up = 1000; lan-interface = "enp112s0"; static-ips = [ { mac-address = "32:ea:a6:38:f2:6c"; hostname = "moms-laptop"; ip = "10.0.0.2"; } { mac-address = "50:60:f3:f1:3d:36"; hostname = "bros-iphone"; ip = "10.0.0.9"; } { mac-address = "68:30:f3:32:4444d:31"; hostname = "yamaha"; ip = "10.0.0.10"; } ]; dns-overrides = [ { hostname = "att-modem"; domain = "localdomain"; ip = "192.168.1.254"; } ]; }; dynamic-dns = { zones = [ ## Repace with your own domain { zone = "example.com"; protocol = "hetzner"; username = "username"; passwordFile = config.sops.secrets."ddclient/ddclient-password".path; } ## Repace with your own domain { zone = "domain2.com"; protocol = "hetzner"; username = "erahhal"; passwordFile = config.sops.secrets."ddclient/ddclient-password".path; } ]; }; services = { adguard = { enable = true; }; authentik = { enable = true; secrets = { environment = config.sops.secrets."authentik/authentik-env".path; ldap-environment = config.sops.secrets."authentik/authentik-ldap-env".path; }; }; baikal = { enable = true; }; cryptpad = { enable = true; adminKeys = [ "" ]; }; homeassistant = { enable = true; }; frigate = { enable = true; cameras = [ { enable = true; name = "gate"; path = "rtsp://10.0.0.15/11"; width = 1920; height = 1080; } ]; }; gitea = { enable = true; public = true; }; headscale = { enable = true; secrets = { tailscale-key = config.sops.secrets."tailscale/key".path; headplane-env = config.sops.secrets."headplane/env".path; }; }; jellyfin = { enable = true; }; linkwarden = { enable = true; }; nextcloud = { enable = true; secrets = { admin-password = config.sops.secrets."nextcloud/admin-password".path; secret-file = config.sops.secrets."nextcloud/secret-file".path; }; }; radicale = { enable = true; }; unifi = { enable = true; }; vaultwarden = { enable = true; }; }; service-config = [ { label = "att"; reverse-proxy = { enable = true; subdomains = [ "att" ]; https-domains = [ "homefree.host" "rahh.al" ]; host = "att.localdomain"; port = 80; }; } { label = "yamaha-recevier-web-gui"; reverse-proxy = { subdomains = [ "yamaha" ]; https-domains = [ "homefree-host" ]; port = 443; ssl = true; ssl-no-verify = true; host = "yamaha.localdomain"; }; } ]; backups = { enable = true; to-path = "/var/lib/backups"; extra-from-paths = [ "/mnt/nfs-volume/persona-files1" "/mnt/nfs-volume/persona-files2" "/home/username" ]; secrets = { restic-password = config.sops.secrets."backup/restic-password".path; }; }; }; }