{ config, lib, pkgs, ... }: { imports = [ ../template/hardware-configuration.nix ../../system ../../common/vm ]; nixpkgs.config.allowUnfree = true; # Use the systemd-boot EFI boot loader. boot.loader.grub = { enable = true; device = "/dev/sda"; configurationLimit = 3; }; networking.hostName = "ha1"; networking.domain = "home.2rjus.net"; networking.useNetworkd = true; networking.useDHCP = false; services.resolved.enable = true; networking.nameservers = [ "10.69.13.5" "10.69.13.6" ]; systemd.network.enable = true; systemd.network.networks."ens18" = { matchConfig.Name = "ens18"; address = [ "10.69.13.9/24" ]; routes = [ { Gateway = "10.69.13.1"; } ]; linkConfig.RequiredForOnline = "routable"; }; time.timeZone = "Europe/Oslo"; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.tarball-ttl = 0; environment.systemPackages = with pkgs; [ vim wget git ]; # Vault secrets management vault.enable = true; vault.secrets.backup-helper = { secretPath = "shared/backup/password"; extractKey = "password"; outputDir = "/run/secrets/backup_helper_secret"; services = [ "restic-backups-ha1" ]; }; # Backup service dirs services.restic.backups.ha1 = { repository = "rest:http://10.69.12.52:8000/backup-nix"; passwordFile = "/run/secrets/backup_helper_secret"; paths = [ "/var/lib/hass" "/var/lib/zigbee2mqtt" "/var/lib/mosquitto" ]; timerConfig = { OnCalendar = "daily"; Persistent = true; RandomizedDelaySec = "2h"; }; pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" "--keep-monthly 6" "--keep-within 1d" ]; }; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. networking.firewall.enable = false; system.stateVersion = "23.11"; # Did you read the comment? }