{ lib, ... }: { imports = [ ./disk-config.nix ]; networking = { interfaces = { wlp4s0 = { useDHCP = true; }; }; wireless = { ## Don't enable wireless adapter enable = lib.mkForce false; ## @TODO: Get this working as an access point }; }; homefree = { system = { adminUsername = "homefree"; adminHashedPassword = ""; authorizedKeys = [ "" ]; }; network = { wan-interface = "eno1"; wan-bitrate-mbps-down = 1000; wan-bitrate-mbps-up = 1000; lan-interface = "enp112s0"; static-ips = [ { mac-address = "32:ea:a6:38:f2:6c"; hostname = "moms-laptop"; ip = "10.0.0.2"; } { mac-address = "50:60:f3:f1:3d:36"; hostname = "bros-iphone"; ip = "10.0.0.9"; } { mac-address = "68:30:f3:32:4444d:31"; hostname = "yamaha"; ip = "10.0.0.10"; } ]; dns-overrides = [ { hostname = "att-modem"; domain = "localdomain"; ip = "192.168.1.254"; } ]; }; dynamic-dns = { zones = [ ## Repace with your own domain { zone = "homefree.host"; protocol = "hetzner"; username = "erahhal"; passwordFile = "/run/secrets/ddclient/ddclient-password"; } ]; }; wireguard = { peers = [ { name = "my-phone"; publicKey = "="; allowedIPs = [ "192.168.2.2/32"]; } { name = "bros-phone"; publicKey = ""; allowedIPs = [ "192.168.2.3/32"]; } ]; }; services = { adguard = { enable = true; }; homeassistant = { enable = true; }; gitea = { enable = true; public = true; }; radicale = { enable = true; }; unifi = { enable = true; }; vaultwarden = { enable = true; }; }; proxied-hosts = [ { label = "att"; subdomains = [ "att" ]; https-domains = [ "homefree.host" "rahh.al" ]; host = "att.localdomain"; port = 80; } { label = "yamaha-recevier-web-gui"; subdomains = [ "yamaha" ]; https-domains = [ "homefree-host" ]; port = 443; ssl = true; ssl-no-verify = true; host = "yamaha.localdomain"; } ]; }; }