nix-config/systems/x86_64-linux/nuc-nixos/default.nix

{ lib, namespace, ... }:
let
  net = lib.${namespace}.network;
in
{
  imports = [
    ./boot.nix
    ./dashboard.nix
  ];

  ${namespace} = {
    sops.enable = true;

    bootloader.lanzaboote.enable = true;

    hardware.disko = {
      enable = true;
      enableLuks = true;
      filesystem = "btrfs";
    };

    headless.enable = true;

    impermanence = {
      enable = true;
      extraDirectories = [
        "/esphome"
        "/var/lib/homeassistant"
        "/var/lib/mosquitto"
        "/var/lib/music-assistant"
        "/var/lib/postgresql"
        "/var/lib/zigbee2mqtt"
      ];
    };

    network = {
      hostName = net.hosts.nuc.hostname;
      ipv4 = {
        inherit (net.hosts.nuc) gateway;
        method = "manual";
        address = net.hosts.nuc.lan4;
        dns = net.hosts.router.lan;
        interface = "enp2s0";
      };
      firewall = {
        enable = true;
        allowPing = true;
        allowedTCPPorts = [
          1883 # MQTT broker (mosquitto) for IoT devices
          8056 # govee2mqtt
          8192
          8880
          8881
        ];
        allowedUDPPorts = [
          8192
          8056 # govee2mqtt
          8880
          8881
        ];
      };
    };

    security.tpm.enable = true;

    services = {
      caddy-internal = {
        enable = true;
        proxies = {
          esphome = {
            subdomain = "esphome";
            upstream = "http://127.0.0.1:${toString net.ports.nuc.esphome}";
          };
          otbr = {
            subdomain = "otbr";
            upstream = "http://127.0.0.1:${toString net.ports.nuc.otbr}";
          };
          actual = {
            subdomain = "actual";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.actual}";
          };
          cache = {
            subdomain = "cache";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.attic}";
          };
          manyfold = {
            subdomain = "manyfold";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.manyfold}";
          };
          chat = {
            subdomain = "chat";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.llamaCpp}";
          };
          grafana = {
            subdomain = "grafana";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.grafana}";
          };
          orca = {
            subdomain = "orca";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.orcaSlicer}";
          };
          sabnzbd = {
            subdomain = "sabnzbd";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.sabnzbd}";
          };
          sonarr = {
            subdomain = "sonarr";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.sonarr}";
          };
          radarr = {
            subdomain = "radarr";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.radarr}";
          };
          tunarr = {
            subdomain = "tunarr";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.tunarr}";
          };
          unmanic = {
            subdomain = "unmanic";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.unmanic}";
          };
          code = {
            subdomain = "code";
            upstream = "http://${net.hosts.nas.lan}:${toString net.ports.nas.codeServer}";
          };
          # hass is currently proxied by the NAS Caddy (modules/nixos/services/caddy).
          # To migrate it here, remove the @hass block from that module and add:
          # hass = {
          #   subdomain = "hass";
          #   upstream = "http://127.0.0.1:${toString net.ports.nuc.homeAssistant}";
          # };
        };
      };

      home-assistant = {
        enable = true;
        automation = {
          lightswitch = {
            living-room-lights = {
              id = 1741726347213;
              alias = "Living Room Light Switch";
              mqttDeviceId = "c90174f076a500c6fd531ecd7e5e259b";
              lightEntityId = "light.living_room_lights";
            };
            bedroom-lights = {
              id = 1741726231261;
              alias = "Bedroom Light Switch";
              mqttDeviceId = "7578af456fc02ac36bf3c4e414ac0bd9";
              lightEntityId = "light.bedroom_lights";
            };
          };

          motion-light = {
            bedroom-closet-lights = {
              id = 1769548321857;
              alias = "Bedroom Closet Lights";
              motion-sensor = {
                mqttDeviceId = "fd73c1f3dfe08ab13d187fb49d781060";
                mqttEntityId = "33b83e8db95b213b16b4b8c1f591ec92";
              };
              switch = {
                deviceId = "a3dfab0c8d91554a7c92c65cdf655c86";
                entityId = "645855b6f4347d65f5a54c33b3a9a1d0";
              };
            };
            front-closet-lights = {
              id = 1769548321857;
              alias = "Front Closet Lights";
              motion-sensor = {
                mqttDeviceId = "7eb61ed09e48c1dcef8bcc0f7765c459";
                mqttEntityId = "a8b48ad080e70a0cdbb991b79c607ca1";
              };
              light = {
                entityId = "light.front_closet_lights";
              };
            };
          };
        };
      };
      otbr = {
        enable = true;
        restPort = 8881;
        port = 8880;
      };
    };

    user = {
      name = "admin";
      linger = true;
    };
  };
}