Daholli/nixos-config
1
0
Fork 0
Code Issues 2 Pull requests Releases Packages Activity Actions
nixos-config/modules/hosts/nixberry/default.nix

261 lines
6.5 KiB
Nix
Raw Blame History

{
config,
...
}:
let
in
{
flake.modules.nixos."hosts/nixberry" =
{
inputs,
lib,
pkgs,
...
}:
let
ipAddress = "192.168.178.2";
sopsFile = ../../../secrets/secrets-nixberry.yaml;
in
{
nixpkgs = {
config.allowUnfree = true;
crossSystem = lib.mkIf (pkgs.stdenv.buildPlatform.system != "aarch64-linux") (
lib.systems.elaborate "aarch64-linux"
);
};
# hack, homemanager needs it
environment.systemPackages = [ pkgs.dconf ];
# build failure
programs.nix-ld.enable = false;
imports =
with config.flake.modules.nixos;
with inputs.nixos-raspberrypi.nixosModules;
[
inputs.catppuccin.nixosModules.catppuccin
raspberry-pi-5.base
raspberry-pi-5.page-size-16k
raspberry-pi-5.display-vc4
# System modules
base
server
cholli
]
++ [
{
home-manager.users.cholli = {
imports = with config.flake.modules.homeManager; [
inputs.catppuccin.homeModules.catppuccin
# components
base
# Activate all user based config
cholli
];
};
}
];
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
networking = {
interfaces.end0 = {
ipv4.addresses = [
{
address = ipAddress;
prefixLength = 24;
}
];
useDHCP = true;
};
interfaces.wlan0 = {
ipv4.addresses = [
{
address = "192.168.178.3";
prefixLength = 24;
}
];
useDHCP = true;
};
defaultGateway = {
address = "192.168.178.1";
interface = "wlan0";
};
firewall = {
allowedTCPPorts = [
443
53
80
];
allowedUDPPorts = [
53
];
};
};
services.adguardhome = {
enable = true;
host = ipAddress;
port = 80;
settings = {
http = {
address = "0.0.0.0:80";
};
dns = {
ratelimit = 0;
bind_hosts = [ "0.0.0.0" ];
upstream_dns = [
"tls://unfiltered.adguard-dns.com"
"https://unfiltered.adguard-dns.com/dns-query"
"tls://dns.quad9.net"
"https://dns.quad9.net/dns-query"
"tls://security.cloudflare-dns.com"
"https://security.cloudflare-dns.com/dns-query"
];
upstream_mode = "parallel";
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
rewrites = [
{
domain = "nixberry.fritz.box";
answer = "192.168.178.2";
}
];
};
user_rules = [
"||qognify.sysaidit.com^$important"
"||*.live.darktracesensor.com^$important"
];
filters =
map
(url: {
enabled = true;
url = url;
})
[
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard Dns filter
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" # AdGuard Dns PopupHosts filter
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt" # Phishing
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
];
statistics = {
enabled = true;
interval = "8760h";
};
clients = {
persistent = [
{
name = "yggdrasil";
ids = [ "192.168.178.51" ];
tags = [
"device_pc"
"os_linux"
];
uid = "019aac26-684c-7c2c-a43d-2253f4407d45";
use_global_settings = true;
}
];
};
};
};
services.home-assistant = {
enable = false;
configWritable = true;
extraComponents = [
"default_config"
"analytics"
"shopping_list"
"fritzbox"
"met"
"esphome"
"rpi_power"
"tuya"
];
customComponents = with pkgs.home-assistant-custom-components; [
smartthinq-sensors
sleep_as_android
];
extraPackages =
python3Packages: with python3Packages; [
ical
];
customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
mushroom
bubble-card
clock-weather-card
vacuum-card
];
config = {
homeassistant = {
latitude = 49.4;
longitude = 8.6;
temperature_unit = "C";
unit_system = "metric";
external_url = "https://ha.christophhollizeck.dev";
internal_url = "http://192.168.178.2:8123";
};
default_config = "";
mobile_app = "";
recorder = "";
lovelace = {
# mode = "yaml";
resources = [
{
url = "/local/nixos-lovelace-modules/vacuum-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/bubble-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/clock-weather-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/mushroom.js";
type = "module";
}
];
};
http = {
use_x_forwarded_for = true;
trusted_proxies = [
"100.86.250.97" # loptland tailscale
];
};
};
openFirewall = true;
};
};
}
Reference in a new issue View git blame Copy permalink