From 9106bf3903492a9edd89f4c5f4253e5a0f28bf39 Mon Sep 17 00:00:00 2001
From: Stefan Kempinger <kempinger@ins.jku.at>
Date: Tue, 20 Jan 2026 14:05:27 +0100
Subject: [PATCH 1/2] fix heimserver config - its live now

---
 heimserver/configuration.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/heimserver/configuration.nix b/heimserver/configuration.nix
index b79a65e..b962f2e 100644
--- a/heimserver/configuration.nix
+++ b/heimserver/configuration.nix
@@ -14,7 +14,6 @@
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
-    specialArgs.inputs.vscode-server.nixosModules.default
   ];
 
   # System basics
@@ -74,7 +73,6 @@
     8555 # frigate rtsp
     2055 # ntopng sink
     8182 # ntopng frontend
-    3000 # adguardhome frontend
     8183 # adguardhome frontend
     9000
   ];

From d065751bdb375ca20c85fe31def3621753c5ea6c Mon Sep 17 00:00:00 2001
From: Stefan Kempinger <kempinger@ins.jku.at>
Date: Tue, 20 Jan 2026 22:32:55 +0100
Subject: [PATCH 2/2] improve formatting, add wireguard network to ntopng

---
 heimserver/configuration.nix | 117 ++++++++++++++++++-----------------
 1 file changed, 60 insertions(+), 57 deletions(-)

diff --git a/heimserver/configuration.nix b/heimserver/configuration.nix
index b962f2e..b5017f8 100644
--- a/heimserver/configuration.nix
+++ b/heimserver/configuration.nix
@@ -44,43 +44,45 @@
   # i18n.defaultLocale = "en_US.UTF-8";
 
   # Networking
-  networking.hostName = "nixos-server";
-  networking.useDHCP = false;
-  networking.hostId = "5506a8e7";
-  networking.interfaces.eth0.ipv4.addresses = [
-    {
-      address = "192.168.69.69";
-      prefixLength = 24;
-    }
-  ];
-  networking.defaultGateway = "192.168.69.1";
-  #networking.nameservers = [ "1.1.1.1" ];
-  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [
-    22
-    53
-    80
-    443
-    2222 # forgejo ssh
-    8184 # forgejo frontend
-    8123 # homeassistant
-    5580 # homeassistant matter
-    2283 # immich
-    3003 # immich ml
-    1984 # frigate go2rtc
-    8971 # frigate
-    8554 # frigate rtsp
-    8555 # frigate rtsp
-    2055 # ntopng sink
-    8182 # ntopng frontend
-    8183 # adguardhome frontend
-    9000
-  ];
-  networking.firewall.allowedUDPPorts = [
-    53
-    8555 # frigate rtsp
-    2055 # ntopng sink
-  ];
+  networking = {
+    hostName = "heimserver";
+    useDHCP = false;
+    hostId = "5506a8e7";
+    interfaces.eth0.ipv4.addresses = [
+      {
+        address = "192.168.69.69";
+        prefixLength = 24;
+      }
+    ];
+    defaultGateway = "192.168.69.1";
+    #nameservers = [ "1.1.1.1" ];
+    firewall.enable = true;
+    firewall.allowedTCPPorts = [
+      22
+      53
+      80
+      443
+      2222 # forgejo ssh
+      8184 # forgejo frontend
+      8123 # homeassistant
+      5580 # homeassistant matter
+      2283 # immich
+      3003 # immich ml
+      1984 # frigate go2rtc
+      8971 # frigate
+      8554 # frigate rtsp
+      8555 # frigate rtsp
+      2055 # ntopng sink
+      8182 # ntopng frontend
+      8183 # adguardhome frontend
+      9000
+    ];
+    firewall.allowedUDPPorts = [
+      53
+      8555 # frigate rtsp
+      2055 # ntopng sink
+    ];
+  };
 
   # Users
   users.users.root = {
@@ -98,7 +100,6 @@
 
   # Packages
   environment.systemPackages = with pkgs; [
-    vim
     nano
     wget
     curl
@@ -226,6 +227,12 @@
     };
   };
 
+  # systemd.services.forgejo.preStart =
+  #   ''
+  #     ${lib.getExe cfg.package} admin user create --admin --email "root@localhost" --username crazychaoz --password temp123 || true
+  #     '';
+ 
+
   # services.borgbackup.jobs."forgejo" = {
   #   paths = config.services.forgejo.repositoryRoot;
   #   repo = "/backup/forgejo";
@@ -254,10 +261,6 @@
     };
   };
 
-  # systemd.services.forgejo.preStart =
-  #   ''
-  #     ${lib.getExe cfg.package} admin user create --admin --email "root@localhost" --username crazychaoz --password temp123 || true
-  #     '';
 
   # Virtualisation
   virtualisation = {
@@ -305,7 +308,19 @@
         "--privileged"
       ];
     };
-
+    containers.mosquitto = {
+      #autoStart = true;
+      volumes = [
+        "mosquitto:/mosquitto"
+        "/run/dbus:/run/dbus:ro"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+      # Note: The image will not be updated on rebuilds, unless the version label changes
+      image = "eclipse-mosquitto";
+      extraOptions = [
+        "--network=host"
+      ];
+    };
     containers.frigate = {
       #autoStart = true;
       volumes = [
@@ -321,19 +336,6 @@
         "--network=host"
       ];
     };
-    containers.mosquitto = {
-      #autoStart = true;
-      volumes = [
-        "mosquitto:/mosquitto"
-        "/run/dbus:/run/dbus:ro"
-        "/etc/localtime:/etc/localtime:ro"
-      ];
-      # Note: The image will not be updated on rebuilds, unless the version label changes
-      image = "eclipse-mosquitto";
-      extraOptions = [
-        "--network=host"
-      ];
-    };
     containers.netflow2ng = {
       # Note: The image will not be updated on rebuilds, unless the version label changes
       image = "synfinatic/netflow2ng:v0.1.0";
@@ -360,7 +362,7 @@
     interfaces = [ "tcp://0.0.0.0:5556" ];
     extraConfig = ''
       --dns-mode 1
-      --local-networks "185.27.122.0/24=WAN,192.168.69.0/24=LAN"'';
+      --local-networks "185.27.122.0/24=WAN,192.168.69.0/24=LAN,192.168.42.0/24=Wireguard"'';
   };
 
   services.influxdb.enable = true;
@@ -393,6 +395,7 @@
     "nix-command"
     "flakes"
   ];
+
   nix.gc = {
     automatic = true;
     dates = "weekly";