homefree/sample-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sample-config/configuration.nix
Ellis Rahhal d3f8d588b5 HF-7: Move out sops config 
* Updated configuration.nix to match latest homefree
* Added secrets config
2024-12-13 17:14:13 -08:00

207 lines
4.3 KiB
Nix
Raw Blame History

{ config, lib, ... }:
{
imports = [
./disk-config.nix
./secrets.nix
];
networking = {
interfaces = {
wlp4s0 = {
useDHCP = true;
};
};
wireless = {
## Don't enable wireless adapter
enable = lib.mkForce false;
## @TODO: Get this working as an access point
};
};
homefree = {
system = {
adminUsername = "homefree";
adminHashedPassword = "<replace me>";
authorizedKeys = [
"<replace me>"
];
domain = "example.com";
additionalDomains = [ "domain2.com" ];
timeZone = "America/Los_Angeles";
countryCode = "US";
};
network = {
wan-interface = "eno1";
wan-bitrate-mbps-down = 1000;
wan-bitrate-mbps-up = 1000;
lan-interface = "enp112s0";
static-ips = [
{
mac-address = "32:ea:a6:38:f2:6c";
hostname = "moms-laptop";
ip = "10.0.0.2";
}
{
mac-address = "50:60:f3:f1:3d:36";
hostname = "bros-iphone";
ip = "10.0.0.9";
}
{
mac-address = "68:30:f3:32:4444d:31";
hostname = "yamaha";
ip = "10.0.0.10";
}
];
dns-overrides = [
{
hostname = "att-modem";
domain = "localdomain";
ip = "192.168.1.254";
}
];
};
dynamic-dns = {
zones = [
## Repace with your own domain
{
zone = "example.com";
protocol = "hetzner";
username = "username";
passwordFile = config.sops.secrets."ddclient/ddclient-password".path;
}
## Repace with your own domain
{
zone = "domain2.com";
protocol = "hetzner";
username = "erahhal";
passwordFile = config.sops.secrets."ddclient/ddclient-password".path;
}
];
};
services = {
adguard = {
enable = true;
};
authentik = {
enable = true;
secrets = {
environment = config.sops.secrets."authentik/authentik-env".path;
ldap-environment = config.sops.secrets."authentik/authentik-ldap-env".path;
};
};
baikal = {
enable = true;
};
cryptpad = {
enable = true;
adminKeys = [
"<public signing key of user that can access the admin panel>"
];
};
homeassistant = {
enable = true;
};
frigate = {
enable = true;
cameras = [
{
enable = true;
name = "gate";
path = "rtsp://10.0.0.15/11";
width = 1920;
height = 1080;
}
];
};
gitea = {
enable = true;
public = true;
};
headscale = {
enable = true;
secrets = {
tailscale-key = config.sops.secrets."tailscale/key".path;
};
};
headscale-ui = {
enable = true;
};
jellyfin = {
enable = true;
};
linkwarden = {
enable = true;
};
nextcloud = {
enable = true;
secrets = {
admin-password = config.sops.secrets."nextcloud/admin-password".path;
secret-file = config.sops.secrets."nextcloud/secret-file".path;
};
};
radicale = {
enable = true;
};
unifi = {
enable = true;
};
vaultwarden = {
enable = true;
};
};
service-config = [
{
label = "att";
reverse-proxy = {
enable = true;
subdomains = [ "att" ];
https-domains = [ "homefree.host" "rahh.al" ];
host = "att.localdomain";
port = 80;
};
}
{
label = "yamaha-recevier-web-gui";
reverse-proxy = {
subdomains = [ "yamaha" ];
https-domains = [ "homefree-host" ];
port = 443;
ssl = true;
ssl-no-verify = true;
host = "yamaha.localdomain";
};
}
];
backups = {
enable = true;
to-path = "/var/lib/backups";
extra-from-paths = [
"/mnt/nfs-volume/persona-files1"
"/mnt/nfs-volume/persona-files2"
"/home/username"
];
secrets = {
restic-password = config.sops.secrets."backup/restic-password".path;
};
};
};
}
Reference in a new issue View git blame Copy permalink