{ lib, inputs, self, pkgs, pkgs-unstable, ... }: { networking.hostName = "redoubt"; system.stateVersion = "25.05"; home-manager = { users."lauren_lagarde" = { home.stateVersion = "25.05"; imports = self.homeManagerModules."lauren_lagarde@tui.mlaga97.space"; }; extraSpecialArgs = { inherit self pkgs-unstable; }; }; time.timeZone = "America/Chicago"; sops.defaultSopsFile = ../../secrets.yaml; imports = [ inputs.sops-nix.nixosModules.sops inputs.home-manager.nixosModules.home-manager ../../nixos/features/pi.nix # Core Features ../../nixos/features/base.nix ../../nixos/features/tui-apps.nix ../../nixos/features/openssh-server.nix # Core Tweaks ../../nixos/tweaks/zram.nix ../../nixos/tweaks/enable_flakes.nix ../../nixos/tweaks/systemd-resolved_nonsense.nix # Dotspace ../../secrets/dotspace.nix ../../nixos/features/stronghold-binary-cache.nix # Users ../../users/lauren_lagarde/lauren_lagarde.nix ../../users/ashley_funkhouser/ashley_funkhouser.nix # Features ../../nixos/features/virtualization/dockge.nix ../../nixos/features/virtualization/docker.nix # Redoubt ../../nixos/tweaks/disable_firewall.nix ]; ############################################################################## ############################################################################## ############################################################################## # Services services.smartd.enable = lib.mkForce false; virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.containers = { dozzle = { image = "amir20/dozzle:latest"; ports = [ "9999:8080" ]; volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ]; }; }; services.avahi = { enable = true; publish.enable = true; publish.addresses = true; publish.workstation = true; openFirewall = true; }; hardware.alsa.enable = true; services.shairport-sync = { enable = true; openFirewall = true; settings = { general = { name = "Living Room Pi"; output_backend = "alsa"; }; sessioncontrol.allow_session_interruption = "yes"; }; }; services.mpd = { enable = true; musicDirectory = "/Music"; extraConfig = '' audio_output { type "alsa" name "Default" mixer_type "hardware" mixer_device "default" mixer_control "PCM" device "hw:0,0" } ''; network.listenAddress = "any"; }; systemd.mounts = [ { type = "cifs"; options = "guest,ro,vers=3,uid=65534,gid=100,dir_mode=0775,file_mode=0664"; what = "//blockhouse.mlaga97.space/Music"; where = "/Music"; } ]; systemd.automounts = [ { wantedBy = [ "multi-user.target" ]; automountConfig = { TimeoutIdleSec = "60"; DeviceTimeout = "5"; MountTimeout = "5"; }; where = "/Music"; } ]; ############################################################################## ############################################################################## ############################################################################## # Networking networking.useNetworkd = true; systemd.network = { enable = true; }; ############################################################################## # Tinc sops.secrets."dotspace/redoubt/keys/tinc/rsa_key.priv" = { sopsFile = ./secrets.yaml; }; sops.secrets."dotspace/redoubt/keys/tinc/ed25519_key.priv" = { sopsFile = ./secrets.yaml; }; systemd.network.networks."90-tinc" = { matchConfig.Name = "tinc.dotspace"; address = [ "10.86.84.107/32" ]; routes = [ { Destination = "10.86.84.0/24"; } ]; }; services.tinc.networks.dotspace = { name = "redoubt"; ed25519PrivateKeyFile = "/run/secrets/dotspace/redoubt/keys/tinc/ed25519_key.priv"; chroot = false; settings.ConnectTo = [ "fortress" ]; }; }