Move hosts to a dedicated folder

2023-03-20 22:35:11 +01:00 · 2023-03-20 22:35:11 +01:00 · b08fc5a41e
commit b08fc5a41e
parent cf27e1ad6a
14 changed files with 310 additions and 207 deletions
--- a/hosts/rpi3/default.nix
+++ b/hosts/rpi3/default.nix
@ -0,0 +1,71 @@
+{ pkgs, config, lib, ... }:
+{
+
+  boot.loader.grub.enable = false;
+  boot.loader.generic-extlinux-compatible.enable = true;
+  boot.kernelParams = [ "cma=256M" ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+    };
+
+  swapDevices = [{ device = "/swapfile"; size = 1024; }];
+
+  services.openssh.enable = true;
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    ../../ssh_keys/phfroidmont-desktop.pub
+    ../../ssh_keys/phfroidmont-laptop.pub
+  ];
+
+  services.adguardhome = {
+    enable = true;
+
+    host = "0.0.0.0";
+    port = 80;
+    openFirewall = true;
+
+    mutableSettings = false;
+
+    settings = {
+      auth_attempts = 5;
+      block_auth_min = 15;
+      dns = {
+        bind_host = "0.0.0.0";
+        port = 53;
+        statistics_interval = 90;
+        querylog_enabled = true;
+        querylog_interval = "2160h";
+        upstream_dns = [
+          "tls://doh.mullvad.net"
+          "[/lan/]192.168.1.1"
+          "[//]192.168.1.1"
+        ];
+        local_ptr_upstreams = [ "192.168.1.1" ];
+        use_private_ptr_resolvers = true;
+        resolve_clients = true;
+        bootstrap_dns = [ "9.9.9.10" ];
+        rewrites = [
+          {
+            domain = "rpi3";
+            answer = "192.168.1.2";
+          }
+          {
+            domain = "rpi3.lan";
+            answer = "192.168.1.2";
+          }
+        ];
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+
+  environment.systemPackages = with pkgs; [
+    htop
+  ];
+
+  system.stateVersion = "22.05";
+}