{ config, pkgs, ... }: let macbookPubkey = (import ../pubkeys.nix).macbook; pubkeys = [ macbookPubkey ]; domain = "devs.giugl.io"; in { imports = [ ./options.nix ./backup.nix ./hardware.nix ./firewall.nix ./nginx.nix ./nextcloud.nix ./matrix.nix ./fail2ban.nix ./dns.nix ./tailscale.nix ./headscale.nix ./sunshine.nix ./postgres.nix ./netdata.nix ./searx.nix ]; age.identityPaths = [ "/root/.ssh/id_ed25519" ]; architect = { firewall = { openTCP = [ 22 ]; }; }; time.timeZone = "Europe/London"; users.users.giulio.openssh.authorizedKeys.keys = pubkeys; boot = { initrd = { availableKernelModules = [ "igc" "r8169" ]; network = { enable = true; ssh = { enable = true; port = 22; hostKeys = [ /secrets/ssh_host_rsa_key ]; authorizedKeys = pubkeys; }; }; }; kernelParams = with config.pepe.core.network.interfaces.lan; [ "ip=${devices.architect.address}::${devices.brigettine.address}:255.255.255.0::${interface}:off" ]; kernel.sysctl = { "net.ipv4.ip_forward" = 1; }; loader = { systemd-boot = { enable = true; memtest86.enable = true; }; efi.canTouchEfiVariables = true; }; supportedFilesystems = [ "zfs" ]; zfs.requestEncryptionCredentials = true; tmp.tmpfsSize = "50%"; }; networking = with config.pepe.core.network.interfaces.lan; { hostName = "architect"; hostId = "49350853"; useDHCP = false; defaultGateway = devices.brigettine.address; interfaces = { ${interface}.ipv4.addresses = [{ address = devices.architect.address; prefixLength = 24; }]; }; }; services = { fwupd.enable = true; das_watchdog.enable = true; zfs.autoScrub.enable = true; openssh = { enable = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; }; extraConfig = '' MaxAuthTries 15 ''; }; smartd.enable = true; }; pepe = { core = { docker = { enable = true; nvidia = true; dataRoot = "/docker"; extraOptions = "--dns 127.0.0.1 --dns ${config.pepe.core.network.interfaces.lan.devices.architect.address}"; enableOnBoot = false; iptables = false; users = [ "giulio" ]; }; media = { enable = true; path = "/media"; }; network.interfaces = { lan = { interface = "enp6s0"; type = "lan"; net = "10.0.0.0/24"; devices = { architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; isEndpoint = true; }; brigettine = { address = "10.0.0.1"; hostname = "router.${domain}"; }; dreamel10 = { address = "10.0.0.199"; hostname = "dreamel10.${domain}"; }; reolinkcamera = { address = "10.0.0.200"; hostname = "reolinkcamera.${domain}"; }; lgtv = { address = "10.0.0.202"; hostname = "lgtv.${domain}"; }; }; }; }; }; services = { gitea = { enable = true; domain = "git.giugl.io"; }; immich = { enable = true; domain = "photos.giugl.io"; package = pkgs.unstablePkgs.immich; }; radarr = { enable = true; domain = "htrad.giugl.io"; package = pkgs.unstablePkgs.radarr; }; sonarr = { enable = true; domain = "htson.giugl.io"; package = pkgs.unstablePkgs.sonarr; }; bazarr = { enable = true; domain = "htbaz.giugl.io"; package = pkgs.unstablePkgs.bazarr; }; nzbget = { enable = true; domain = "htnzb.giugl.io"; package = pkgs.unstablePkgs.nzbget; }; jellyfin = { enable = true; domain = "media.giugl.io"; package = pkgs.unstablePkgs.jellyfin; }; jellyseer = { enable = true; domain = "aumm-aumm.giugl.io"; }; prowlarr = { enable = true; domain = "htpro.giugl.io"; }; redlib = { enable = true; domain = "reddit.giugl.io"; package = pkgs.unstablePkgs.redlib; settings = { REDLIB_ROBOTS_DISABLE_INDEXING = "on"; REDLIB_DEFAULT_THEME = "dracula"; REDLIB_DEFAULT_SHOW_NSFW = "on"; REDLIB_DEFAULT_BLUR_NSFW = "off"; REDLIB_DEFAULT_USE_HLS = "on"; REDLIB_DEFAULT_HIDE_HLS_NOTIFICATION = "on"; }; }; llm = { enable = true; package = pkgs.unstablePkgs.ollama-cuda; uiPackage = pkgs.unstablePkgs.open-webui; tikaPackage = pkgs.unstablePkgs.tika; backendDomain = "ollama.giugl.io"; frontendDomain = "llm.giugl.io"; acceleration = "cuda"; environmentVariables = { OLLAMA_FLASH_ATTENTION = "1"; OLLAMA_NUM_PARALLEL = "2"; OLLAMA_KV_CACHE_TYPE = "q8_0"; }; }; homeassistant = { enable = true; package = pkgs.unstablePkgs.home-assistant; domain = "home.giugl.io"; extraComponents = [ "otbr" "litterrobot" "apple_tv" "homekit" "homekit_controller" "spotify" "hue" "sonos" "tplink" "ollama" "wyoming" "whisper" "piper" "isal" "radarr" "sonarr" "mqtt" "mqtt_eventstream" "mqtt_json" "mqtt_room" "mqtt_statestream" "github" "webostv" "reolink" "onvif" "xiaomi_miio" "ring" ]; extraPackages = python3Packages: with pkgs.unstablePkgs.python3Packages; [ pyporscheconnectapi ]; config = { http = { server_host = "127.0.0.1"; server_port = 8123; use_x_forwarded_for = true; trusted_proxies = [ "127.0.0.1" ]; }; homeassistant = { name = "Brigettine Square"; latitude = 52.1958; longitude = 0.180746; unit_system = "metric"; }; default_config = { }; automation = "!include automations.yaml"; frontend.themes = "!include_dir_merge_named themes"; }; }; }; }; }