{ config, pkgs, ... }:
with builtins; {
imports = [
# ./hardware/base.nix
./hardware/gpu-rpi4.nix
# ./system
./system/nix.nix
./system/i18n.nix
./services/syncthing/rpi4.nix
./services/jellyfin.nix
./services/etebase.nix
./services/home-assistant.nix
./services/owntracks.nix
];
nixpkgs.config.allowUnfree = true;
# rpi4 base config
boot.loader.grub.enable = false;
boot.loader.raspberryPi.enable = true;
boot.loader.raspberryPi.version = 4;
boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.kernelParams = [ "console=ttyAMA0,115200" "console=tty1" ];
hardware.enableRedistributableFirmware = true;
networking.domain = "home.felschr.com";
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme = {
acceptTerms = true;
email = "dev@felschr.com";
};
services.cfdyndns = {
enable = true;
email = "felschr@pm.me";
apikeyFile = "/etc/nixos/secrets/cfdyndns-apikey";
records = [
"*.home.felschr.com"
"home.felschr.com"
"owntracks.felschr.com"
"etebase.felschr.com"
];
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
${config.networking.domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:8123";
proxyWebsockets = true;
};
};
};
};
programs.zsh.enable = true;
services.openssh = {
enable = true;
challengeResponseAuthentication = false;
passwordAuthentication = false;
permitRootLogin = "no";
};
boot.initrd.network.ssh = {
enable = true;
authorizedKeys = [ (readFile "./key") ];
};
users.users.felschr = {
isNormalUser = true;
extraGroups = [ "wheel" "audio" "disk" ];
shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = [ ./key ];
};
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
backupFileExtension = "backup";
users.felschr = import ./home/felschr-rpi4.nix;
};
# only change this when specified in release notes
system.stateVersion = "20.09";
}