Daholli/nixos-config
1
0
Fork 0
Code Issues 2 Pull requests Releases Packages Activity Actions
nixos-config/modules/hosts/nixberry/default.nix

240 lines
5.7 KiB
Nix
Raw Blame History

{
config,
...
}:
let
in
{
flake.modules.nixos."hosts/nixberry" =
{
inputs,
pkgs,
...
}:
let
ipAddress = "192.168.178.2";
sopsFile = ../../../secrets/secrets-nixberry.yaml;
in
{
nixpkgs = {
config.allowUnfree = true;
};
# hack
environment.systemPackages = [ pkgs.dconf ];
programs.nix-ld.enable = false;
imports =
with config.flake.modules.nixos;
with inputs.nixos-raspberrypi.nixosModules;
[
inputs.catppuccin.nixosModules.catppuccin
raspberry-pi-5.base
# System modules
base
server
cholli
]
++ [
{
home-manager.users.cholli = {
imports = with config.flake.modules.homeManager; [
inputs.catppuccin.homeModules.catppuccin
# components
base
# Activate all user based config
cholli
];
};
}
];
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
networking = {
interfaces.end0 = {
ipv4.addresses = [
{
address = ipAddress;
prefixLength = 24;
}
];
useDHCP = true;
};
interfaces.wlan0 = {
ipv4.addresses = [
{
address = "192.168.178.3";
prefixLength = 24;
}
];
useDHCP = true;
};
defaultGateway = {
address = "192.168.178.1";
interface = "wlan0";
};
firewall = {
allowedTCPPorts = [
443
53
80
];
allowedUDPPorts = [
53
];
};
};
services.adguardhome = {
enable = true;
host = ipAddress;
port = 80;
settings = {
http = {
address = "0.0.0.0:80";
};
dns = {
ratelimit = 0;
bind_hosts = [ "0.0.0.0" ];
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"8.8.4.4"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
};
filters =
map
(url: {
enabled = true;
url = url;
})
[
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard Dns filter
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" # AdGuard Dns PopupHosts filter
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt" # Phishing
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
];
statistics = {
enabled = true;
interval = "8760h";
};
};
};
services.home-assistant = {
enable = true;
configWritable = true;
extraComponents = [
"default_config"
"analytics"
"shopping_list"
"fritzbox"
"met"
"esphome"
"rpi_power"
"tuya"
];
customComponents = with pkgs.home-assistant-custom-components; [
smartthinq-sensors
sleep_as_android
];
extraPackages =
python3Packages: with python3Packages; [
ical
];
customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
mushroom
bubble-card
clock-weather-card
vacuum-card
];
config = {
homeassistant = {
latitude = 49.4;
longitude = 8.6;
temperature_unit = "C";
unit_system = "metric";
external_url = "https://ha.christophhollizeck.dev";
internal_url = "http://192.168.178.2:8123";
};
default_config = "";
mobile_app = "";
recorder = "";
lovelace = {
# mode = "yaml";
resources = [
{
url = "/local/nixos-lovelace-modules/vacuum-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/bubble-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/clock-weather-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/mushroom.js";
type = "module";
}
];
};
http = {
use_x_forwarded_for = true;
trusted_proxies = [
"100.86.250.97" # loptland tailscale
];
};
};
openFirewall = true;
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
fileSystems."/boot/firmware" = {
device = "/dev/disk/by-uuid/2178-694E";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
};
}
Reference in a new issue View git blame Copy permalink