sample-config/configuration.nix

{ lib, ... }:
{
  imports = [
    ./disk-config.nix
  ];

  networking = {
    interfaces = {
      wlp4s0 = {
        useDHCP = true;
      };
    };
    wireless = {
      ## Don't enable wireless adapter
      enable = lib.mkForce false;
      ## @TODO: Get this working as an access point
    };
  };

  homefree = {
    system = {
      adminUsername = "homefree";
      adminHashedPassword = "<replace me>";
      authorizedKeys = [
        "<replace me>"
      ];
    };

    network = {
      wan-interface = "eno1";
      wan-bitrate-mbps-down = 1000;
      wan-bitrate-mbps-up = 1000;
      lan-interface = "enp112s0";
      static-ips = [
        {
          mac-address = "32:ea:a6:38:f2:6c";
          hostname = "moms-laptop";
          ip = "10.0.0.2";
        }
        {
          mac-address = "50:60:f3:f1:3d:36";
          hostname = "bros-iphone";
          ip = "10.0.0.9";
        }
        {
          mac-address = "68:30:f3:32:4444d:31";
          hostname = "yamaha";
          ip = "10.0.0.10";
        }
      ];

      dns-overrides = [
        {
          hostname = "att-modem";
          domain = "localdomain";
          ip = "192.168.1.254";
        }
      ];
    };

    dynamic-dns = {
      zones = [
        ## Repace with your own domain
        {
          zone = "homefree.host";
          protocol = "hetzner";
          username = "erahhal";
          passwordFile = "/run/secrets/ddclient/ddclient-password";
        }
      ];
    };

    wireguard = {
      peers = [
        {
          name = "my-phone";
          publicKey = "<replace me>=";
          allowedIPs = [ "192.168.2.2/32"];
        }
        {
          name = "bros-phone";
          publicKey = "<replace me>";
          allowedIPs = [ "192.168.2.3/32"];
        }
      ];
    };

    services = {
      adguard = {
        enable = true;
      };

      homeassistant = {
        enable = true;
      };

      gitea = {
        enable = true;
        public = true;
      };

      radicale = {
        enable = true;
      };

      unifi = {
        enable = true;
      };

      vaultwarden = {
        enable = true;
      };
    };

    proxied-hosts = [
      {
        label = "att";
        subdomains = [ "att" ];
        https-domains = [ "homefree.host" "rahh.al" ];
        host = "att.localdomain";
        port = 80;
      }
      {
        label = "yamaha-recevier-web-gui";
        subdomains = [ "yamaha" ];
        https-domains = [ "homefree-host" ];
        port = 443;
        ssl = true;
        ssl-no-verify = true;
        host = "yamaha.localdomain";
      }
    ];
  };
}