hosts/capybara/default.nix at ed9ff44afef12350c9e2010cc4e76d6802abb65d · ryan.freumh.org/nixos

ryan.freumh.org / nixos
btw i use nix
nixos / hosts / capybara / default.nix
at ed9ff44afef12350c9e2010cc4e76d6802abb65d 2.5 kB view raw
  1{
  2  config,
  3  pkgs,
  4  lib,
  5  nix-rpi5,
  6  ...
  7}:
  8
  9{
 10  imports = [ ./hardware-configuration.nix ];
 11
 12  custom = {
 13    enable = true;
 14    tailscale = true;
 15    autoUpgrade.enable = true;
 16    homeManager.enable = true;
 17  };
 18
 19  home-manager.users.${config.custom.username}.config.custom.machineColour = "red";
 20
 21  networking.networkmanager.enable = true;
 22
 23  boot.kernelPackages = nix-rpi5.legacyPackages.aarch64-linux.linuxPackages_rpi5;
 24
 25  networking.firewall.enable = false;
 26  networking.firewall.allowedTCPPorts = [ 44 ];
 27
 28  environment.systemPackages = with pkgs; [ mosquitto ];
 29
 30  services.caddy = {
 31    enable = true;
 32    virtualHosts."http://capybara" = {
 33      extraConfig = "reverse_proxy http://127.0.0.1:15606";
 34    };
 35    virtualHosts."http://capybara.fn06.org" = {
 36      extraConfig = "reverse_proxy http://127.0.0.1:15606";
 37    };
 38    virtualHosts."http://128.232.86.23" = {
 39      extraConfig = "reverse_proxy http://127.0.0.1:15606";
 40    };
 41  };
 42
 43  services.zigbee2mqtt = {
 44    enable = true;
 45    settings = {
 46      permit_join = true;
 47      mqtt = {
 48        server = "mqtt://capybara:1883";
 49        user = "zigbee2mqtt";
 50        password = "test";
 51      };
 52      serial = {
 53        port = "/dev/ttyUSB0";
 54      };
 55      frontend = {
 56        port = 15606;
 57      };
 58      homeassistant = true;
 59      advanced = {
 60        channel = 15;
 61      };
 62    };
 63  };
 64
 65  services.mosquitto = {
 66    enable = true;
 67    listeners = [
 68      {
 69        users = {
 70          zigbee2mqtt = {
 71            acl = [ "readwrite #" ];
 72            hashedPassword = "$6$nuDIW/ZPVsrDHyBe$JffJJvvMG+nH8GH9V5h4FqJkU0nfiFkDzAsdYNTHeJMgBXEX9epPkQTUdLG9L47K54vMxm/+toeMAiKD63Dfkw==";
 73          };
 74          homeassistant = {
 75            acl = [ "readwrite #" ];
 76            hashedPassword = "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";
 77          };
 78        };
 79      }
 80    ];
 81  };
 82
 83  services.home-assistant = {
 84    enable = true;
 85    extraComponents = [
 86      # Components required to complete the onboarding
 87      "esphome"
 88      "met"
 89      "radio_browser"
 90      "mqtt"
 91      "zha"
 92    ];
 93    config = {
 94      # Includes dependencies for a basic setup
 95      # https://www.home-assistant.io/integrations/default_config/
 96      default_config = { };
 97      http.use_x_forwarded_for = true;
 98      http.trusted_proxies = "100.64.0.2";
 99    };
100  };
101
102  # https://github.com/NixOS/nixpkgs/issues/180175
103  systemd.services.NetworkManager-wait-online.enable = false;
104}