nixberry: first steps towards new config

2025-11-21 14:51:19 +01:00 · 2025-11-21 14:51:19 +01:00 · 0322c74f99
commit 0322c74f99
parent 7139d729e6
6 changed files with 374 additions and 78 deletions
--- a/modules/hosts/loptland/default.nix
+++ b/modules/hosts/loptland/default.nix
@ -33,6 +33,7 @@ in
          # System modules
          base
          server
+          loptland-acme
          hydra
          forgejo
          forgejo-runner
--- a/modules/hosts/nixberry/default.nix
+++ b/modules/hosts/nixberry/default.nix
@ -5,7 +5,251 @@
 let
 in
 {
-  flake.modules.nixos."hosts/nixberry" = {
+  flake.modules.nixos."hosts/nixberry" =
+    { inputs, pkgs, ... }:
+    let

-  };
+      ipAddress = "192.168.178.2";
+      sopsFile = ../../../secrets/secrets-nixberry.yaml;
+      kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
+    in
+    {
+      nixpkgs = {
+        config.allowUnfree = true;
+        hostPlatform = {
+          system = "aarch64-linux";
+        };
+
+        overlays = [
+          (self: super: {
+            inherit (kernelBundle) raspberrypiWirelessFirmware;
+            inherit (kernelBundle) raspberrypifw;
+          })
+        ];
+      };
+
+      boot = {
+        loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw;
+        loader.raspberryPi.bootloader = "kernel";
+        kernelPackages = kernelBundle.linuxPackages_rpi5;
+      };
+
+      system.nixos.tags =
+        let
+          cfg = config.boot.loader.raspberryPi;
+        in
+        [
+          "raspberry-pi-${cfg.variant}"
+          cfg.bootloader
+          config.boot.kernelPackages.kernel.version
+        ];
+
+      imports =
+        with config.flake.modules.nixos;
+        with inputs.nixos-raspberrypi.nixosModules;
+        [
+          inputs.catppuccin.nixosModules.catppuccin
+          raspberry-pi-5.base
+          raspberry-pi-5.page-size-16k # Recommended: optimizations and fixes for issues arising from 16k memory page size (only for systems running default rpi5 (bcm2712) kernel)
+          raspberry-pi-5.bluetooth
+          raspberry-pi-5.display-vc4 # display
+
+          # System modules
+          base
+          server
+
+          cholli
+        ]
+        ++ [
+          {
+            home-manager.users.cholli = {
+              imports = with config.flake.modules.homeManager; [
+                inputs.catppuccin.homeModules.catppuccin
+
+                # components
+                base
+
+                # Activate all user based config
+                cholli
+              ];
+            };
+          }
+        ];
+
+      services.tailscale = {
+        enable = true;
+        useRoutingFeatures = "server";
+      };
+
+      networking = {
+        interfaces.end0 = {
+          ipv4.addresses = [
+            {
+              address = ipAddress;
+              prefixLength = 24;
+            }
+          ];
+          useDHCP = true;
+        };
+        interfaces.wlan0 = {
+          ipv4.addresses = [
+            {
+              address = "192.168.178.3";
+              prefixLength = 24;
+            }
+          ];
+          useDHCP = true;
+        };
+        defaultGateway = {
+          address = "192.168.178.1";
+          interface = "wlan0";
+        };
+
+        wireless = {
+          enable = true;
+          networks = {
+            "Slow Internet" = {
+              pskRaw = "521b6d766b27276c29c7b6bec5b495b1c52bf88b0682277e65b37dc649b630de";
+            };
+          };
+        };
+        firewall = {
+          allowedTCPPorts = [
+            443
+            53
+            80
+          ];
+          allowedUDPPorts = [
+            53
+          ];
+        };
+      };
+
+      services.adguardhome = {
+        enable = true;
+        host = ipAddress;
+        port = 80;
+
+        settings = {
+          http = {
+            address = "0.0.0.0:80";
+          };
+          dns = {
+            ratelimit = 0;
+            bind_hosts = [ "0.0.0.0" ];
+            upstream_dns = [
+              "1.1.1.1"
+              "1.0.0.1"
+              "8.8.8.8"
+              "8.8.4.4"
+            ];
+          };
+          filtering = {
+            protection_enabled = true;
+            filtering_enabled = true;
+          };
+
+          filters =
+            map
+              (url: {
+                enabled = true;
+                url = url;
+              })
+              [
+                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard Dns filter
+                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" # AdGuard Dns PopupHosts filter
+                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
+                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
+                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt" # Phishing
+                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
+                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
+              ];
+
+          statistics = {
+            enabled = true;
+            interval = "8760h";
+          };
+        };
+      };
+
+      services.home-assistant = {
+        enable = true;
+        configWritable = true;
+        extraComponents = [
+          "default_config"
+          "analytics"
+          "shopping_list"
+          "fritzbox"
+          "met"
+          "esphome"
+          "rpi_power"
+          "tuya"
+        ];
+
+        customComponents = with pkgs.home-assistant-custom-components; [
+          smartthinq-sensors
+          sleep_as_android
+        ];
+
+        extraPackages =
+          python3Packages: with python3Packages; [
+            ical
+          ];
+
+        customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
+          mushroom
+          bubble-card
+          clock-weather-card
+          vacuum-card
+        ];
+
+        config = {
+          homeassistant = {
+            latitude = 49.4;
+            longitude = 8.6;
+            temperature_unit = "C";
+            unit_system = "metric";
+
+            external_url = "https://ha.christophhollizeck.dev";
+            internal_url = "http://192.168.178.2:8123";
+          };
+
+          default_config = "";
+
+          mobile_app = "";
+          recorder = "";
+
+          lovelace = {
+            # mode = "yaml";
+            resources = [
+              {
+                url = "/local/nixos-lovelace-modules/vacuum-card.js";
+                type = "module";
+              }
+              {
+                url = "/local/nixos-lovelace-modules/bubble-card.js";
+                type = "module";
+              }
+              {
+                url = "/local/nixos-lovelace-modules/clock-weather-card.js";
+                type = "module";
+              }
+              {
+                url = "/local/nixos-lovelace-modules/mushroom.js";
+                type = "module";
+              }
+            ];
+          };
+
+          http = {
+            use_x_forwarded_for = true;
+            trusted_proxies = [
+              "100.86.250.97" # loptland tailscale
+            ];
+          };
+        };
+        openFirewall = true;
+      };
+
+    };
 }