improve formatting, add wireguard network to ntopng

fix heimserver config - its live now
2026-01-20 22:32:55 +01:00 · 2026-01-20 14:05:27 +01:00
1 changed files with 60 additions and 59 deletions
--- a/heimserver/configuration.nix
+++ b/heimserver/configuration.nix
@ -14,7 +14,6 @@
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
-    specialArgs.inputs.vscode-server.nixosModules.default
  ];

  # System basics
@ -45,44 +44,45 @@
  # i18n.defaultLocale = "en_US.UTF-8";

  # Networking
-  networking.hostName = "nixos-server";
-  networking.useDHCP = false;
-  networking.hostId = "5506a8e7";
-  networking.interfaces.eth0.ipv4.addresses = [
-    {
-      address = "192.168.69.69";
-      prefixLength = 24;
-    }
-  ];
-  networking.defaultGateway = "192.168.69.1";
-  #networking.nameservers = [ "1.1.1.1" ];
-  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [
-    22
-    53
-    80
-    443
-    2222 # forgejo ssh
-    8184 # forgejo frontend
-    8123 # homeassistant
-    5580 # homeassistant matter
-    2283 # immich
-    3003 # immich ml
-    1984 # frigate go2rtc
-    8971 # frigate
-    8554 # frigate rtsp
-    8555 # frigate rtsp
-    2055 # ntopng sink
-    8182 # ntopng frontend
-    3000 # adguardhome frontend
-    8183 # adguardhome frontend
-    9000
-  ];
-  networking.firewall.allowedUDPPorts = [
-    53
-    8555 # frigate rtsp
-    2055 # ntopng sink
-  ];
+  networking = {
+    hostName = "heimserver";
+    useDHCP = false;
+    hostId = "5506a8e7";
+    interfaces.eth0.ipv4.addresses = [
+      {
+        address = "192.168.69.69";
+        prefixLength = 24;
+      }
+    ];
+    defaultGateway = "192.168.69.1";
+    #nameservers = [ "1.1.1.1" ];
+    firewall.enable = true;
+    firewall.allowedTCPPorts = [
+      22
+      53
+      80
+      443
+      2222 # forgejo ssh
+      8184 # forgejo frontend
+      8123 # homeassistant
+      5580 # homeassistant matter
+      2283 # immich
+      3003 # immich ml
+      1984 # frigate go2rtc
+      8971 # frigate
+      8554 # frigate rtsp
+      8555 # frigate rtsp
+      2055 # ntopng sink
+      8182 # ntopng frontend
+      8183 # adguardhome frontend
+      9000
+    ];
+    firewall.allowedUDPPorts = [
+      53
+      8555 # frigate rtsp
+      2055 # ntopng sink
+    ];
+  };

  # Users
  users.users.root = {
@ -100,7 +100,6 @@

  # Packages
  environment.systemPackages = with pkgs; [
-    vim
    nano
    wget
    curl
@ -228,6 +227,12 @@
    };
  };

+  # systemd.services.forgejo.preStart =
+  #   ''
+  #     ${lib.getExe cfg.package} admin user create --admin --email "root@localhost" --username crazychaoz --password temp123 || true
+  #     '';
+ 
+
  # services.borgbackup.jobs."forgejo" = {
  #   paths = config.services.forgejo.repositoryRoot;
  #   repo = "/backup/forgejo";
@ -256,10 +261,6 @@
    };
  };

-  # systemd.services.forgejo.preStart =
-  #   ''
-  #     ${lib.getExe cfg.package} admin user create --admin --email "root@localhost" --username crazychaoz --password temp123 || true
-  #     '';

  # Virtualisation
  virtualisation = {
@ -307,7 +308,19 @@
        "--privileged"
      ];
    };
-
+    containers.mosquitto = {
+      #autoStart = true;
+      volumes = [
+        "mosquitto:/mosquitto"
+        "/run/dbus:/run/dbus:ro"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+      # Note: The image will not be updated on rebuilds, unless the version label changes
+      image = "eclipse-mosquitto";
+      extraOptions = [
+        "--network=host"
+      ];
+    };
    containers.frigate = {
      #autoStart = true;
      volumes = [
@ -323,19 +336,6 @@
        "--network=host"
      ];
    };
-    containers.mosquitto = {
-      #autoStart = true;
-      volumes = [
-        "mosquitto:/mosquitto"
-        "/run/dbus:/run/dbus:ro"
-        "/etc/localtime:/etc/localtime:ro"
-      ];
-      # Note: The image will not be updated on rebuilds, unless the version label changes
-      image = "eclipse-mosquitto";
-      extraOptions = [
-        "--network=host"
-      ];
-    };
    containers.netflow2ng = {
      # Note: The image will not be updated on rebuilds, unless the version label changes
      image = "synfinatic/netflow2ng:v0.1.0";
@ -362,7 +362,7 @@
    interfaces = [ "tcp://0.0.0.0:5556" ];
    extraConfig = ''
      --dns-mode 1
-      --local-networks "185.27.122.0/24=WAN,192.168.69.0/24=LAN"'';
+      --local-networks "185.27.122.0/24=WAN,192.168.69.0/24=LAN,192.168.42.0/24=Wireguard"'';
  };

  services.influxdb.enable = true;
@ -395,6 +395,7 @@
    "nix-command"
    "flakes"
  ];
+
  nix.gc = {
    automatic = true;
    dates = "weekly";
Author	SHA1	Message	Date
Stefan Kempinger	d065751bdb	improve formatting, add wireguard network to ntopng	2026-01-20 22:32:55 +01:00
Stefan Kempinger	9106bf3903	fix heimserver config - its live now	2026-01-20 14:05:27 +01:00