nixos-config/modules/hosts/nixberry/default.nix

{
  config,
  ...
}:
let
in
{
  flake.modules.nixos."hosts/nixberry" =
    { inputs, pkgs, ... }:
    let

      ipAddress = "192.168.178.2";
      sopsFile = ../../../secrets/secrets-nixberry.yaml;
      kernelBundle = pkgs.linuxAndFirmware.v6_6_31;
    in
    {
      nixpkgs = {
        config.allowUnfree = true;
        hostPlatform = {
          system = "aarch64-linux";
        };

        overlays = [
          (self: super: {
            inherit (kernelBundle) raspberrypiWirelessFirmware;
            inherit (kernelBundle) raspberrypifw;
          })
        ];
      };

      boot = {
        loader.raspberryPi.firmwarePackage = kernelBundle.raspberrypifw;
        loader.raspberryPi.bootloader = "kernel";
        kernelPackages = kernelBundle.linuxPackages_rpi5;
      };

      system.nixos.tags =
        let
          cfg = config.boot.loader.raspberryPi;
        in
        [
          "raspberry-pi-${cfg.variant}"
          cfg.bootloader
          config.boot.kernelPackages.kernel.version
        ];

      imports =
        with config.flake.modules.nixos;
        with inputs.nixos-raspberrypi.nixosModules;
        [
          inputs.catppuccin.nixosModules.catppuccin
          raspberry-pi-5.base
          raspberry-pi-5.page-size-16k # Recommended: optimizations and fixes for issues arising from 16k memory page size (only for systems running default rpi5 (bcm2712) kernel)
          raspberry-pi-5.bluetooth
          raspberry-pi-5.display-vc4 # display

          # System modules
          base
          server

          cholli
        ]
        ++ [
          {
            home-manager.users.cholli = {
              imports = with config.flake.modules.homeManager; [
                inputs.catppuccin.homeModules.catppuccin

                # components
                base

                # Activate all user based config
                cholli
              ];
            };
          }
        ];

      services.tailscale = {
        enable = true;
        useRoutingFeatures = "server";
      };

      networking = {
        interfaces.end0 = {
          ipv4.addresses = [
            {
              address = ipAddress;
              prefixLength = 24;
            }
          ];
          useDHCP = true;
        };
        interfaces.wlan0 = {
          ipv4.addresses = [
            {
              address = "192.168.178.3";
              prefixLength = 24;
            }
          ];
          useDHCP = true;
        };
        defaultGateway = {
          address = "192.168.178.1";
          interface = "wlan0";
        };

        wireless = {
          enable = true;
          networks = {
            "Slow Internet" = {
              pskRaw = "521b6d766b27276c29c7b6bec5b495b1c52bf88b0682277e65b37dc649b630de";
            };
          };
        };
        firewall = {
          allowedTCPPorts = [
            443
            53
            80
          ];
          allowedUDPPorts = [
            53
          ];
        };
      };

      services.adguardhome = {
        enable = true;
        host = ipAddress;
        port = 80;

        settings = {
          http = {
            address = "0.0.0.0:80";
          };
          dns = {
            ratelimit = 0;
            bind_hosts = [ "0.0.0.0" ];
            upstream_dns = [
              "1.1.1.1"
              "1.0.0.1"
              "8.8.8.8"
              "8.8.4.4"
            ];
          };
          filtering = {
            protection_enabled = true;
            filtering_enabled = true;
          };

          filters =
            map
              (url: {
                enabled = true;
                url = url;
              })
              [
                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard Dns filter
                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" # AdGuard Dns PopupHosts filter
                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt" # Phishing
                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
                "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
              ];

          statistics = {
            enabled = true;
            interval = "8760h";
          };
        };
      };

      services.home-assistant = {
        enable = true;
        configWritable = true;
        extraComponents = [
          "default_config"
          "analytics"
          "shopping_list"
          "fritzbox"
          "met"
          "esphome"
          "rpi_power"
          "tuya"
        ];

        customComponents = with pkgs.home-assistant-custom-components; [
          smartthinq-sensors
          sleep_as_android
        ];

        extraPackages =
          python3Packages: with python3Packages; [
            ical
          ];

        customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
          mushroom
          bubble-card
          clock-weather-card
          vacuum-card
        ];

        config = {
          homeassistant = {
            latitude = 49.4;
            longitude = 8.6;
            temperature_unit = "C";
            unit_system = "metric";

            external_url = "https://ha.christophhollizeck.dev";
            internal_url = "http://192.168.178.2:8123";
          };

          default_config = "";

          mobile_app = "";
          recorder = "";

          lovelace = {
            # mode = "yaml";
            resources = [
              {
                url = "/local/nixos-lovelace-modules/vacuum-card.js";
                type = "module";
              }
              {
                url = "/local/nixos-lovelace-modules/bubble-card.js";
                type = "module";
              }
              {
                url = "/local/nixos-lovelace-modules/clock-weather-card.js";
                type = "module";
              }
              {
                url = "/local/nixos-lovelace-modules/mushroom.js";
                type = "module";
              }
            ];
          };

          http = {
            use_x_forwarded_for = true;
            trusted_proxies = [
              "100.86.250.97" # loptland tailscale
            ];
          };
        };
        openFirewall = true;
      };

    };
}