nix-config/hosts/radiobert/default.nix

{ hostRegistry, config, lib, pkgs, modulesPath, ... }:

{
  boot.initrd.availableKernelModules = [ "usbhid" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];

  fileSystems."/" = {
    device = "/dev/disk/by-label/NIXOS_SD";
    fsType = "ext4";
  };

  fileSystems."/boot/firmware" = {
    device = "/dev/disk/by-label/FIRMWARE";
    fsType = "vfat";
  };

  swapDevices = [ ];

  hardware.enableRedistributableFirmware = true;
  #networking.wireless.enable = true;
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";

  boot = {
    loader = {
      grub.enable = false;
      raspberryPi = {
        enable = true;
        version = 3;
        uboot.enable = true;
        firmwareConfig = ''
          gpu_mem=192
          dtparam=audio=on
        '';
      };
    };
    kernelPackages = pkgs.linuxPackages_5_13;
    # Don't build ZFS for aarch64 (broken?)
    supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];

    tmpOnTmpfs = true;
  };
  sdImage = {
    compressImage = false;
    imageBaseName = config.networking.hostName;
    firmwareSize = 512;
  };

  c3d2.isInHq = false;

  nix = {
    buildCores = 4;
    maxJobs = 2;
  };

  networking = {
    hostName = "radiobert"; # Define your hostname.
    useDHCP = false;
    interfaces.eth0.ipv4.addresses = [{
      address = hostRegistry.hosts.${config.networking.hostName}.ip4;
      prefixLength = 26;
    }];
    defaultGateway = "172.20.73.1";
    firewall.allowedTCPPorts = [ 22 80 443 ];
  };

  services.openwebrx.enable = true;

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    git
    libraspberrypi
    vim
    wget
    dump1090_sdrplus
  ];

  programs.tmux.enable = true;

  # Do not log to flash:
  services.journald.extraConfig = ''
    Storage=volatile
  '';

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    permitRootLogin = "yes";
  };
  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };

  users.users.k-ot = {
    isNormalUser = true;
    extraGroups = [ "wheel" "audio" ];
  };

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts."sdr.hq.c3d2.de" = {
      default = true;
      forceSSL = true;
      enableACME = true;
      locations."/".proxyPass = "http://localhost:8073";
    };
  };
  security.acme = {
    acceptTerms = true;
    email = "mail@c3d2.de";
  };

  # Allow access to USB
  services.udev.extraRules = ''
    SUBSYSTEM=="usb", MODE:="0666"
  '';

  # Reboot on hang
  systemd.watchdog = {
    runtimeTime = "10s";
    rebootTime = "15s";
  };

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.05"; # Did you read the comment?
}