{ config, pkgs, impermanence, ... }: { imports = [ ./hardware-configuration/lb.nix ../common ]; boot.loader = { grub.enable = false; raspberryPi = { enable = true; version = 3; firmwareConfig = '' gpu_mem=16 ''; }; }; boot.readOnlyNixStore = true; boot.kernelParams = [ "console=tty1" ]; boot.tmp.cleanOnBoot = true; fileSystems = { "/" = { device = "tmpfs"; fsType = "tmpfs"; options = [ "size=500M" "mode=755" ]; }; "/boot" = { device = "/dev/mmcblk0p1"; fsType = "vfat"; options = [ "ro" ]; }; "/nix" = { device = "/dev/mmcblk0p2"; fsType = "ext4"; }; "/state" = { device = "/dev/mmcblk0p3"; fsType = "btrfs"; options = [ "subvol=state" "compress=zstd" "ro" ]; neededForBoot = true; }; "/mnt/btr_pool" = { device = "/dev/mmcblk0p3"; fsType = "btrfs"; options = [ "subvolid=5" "compress=zstd" ]; }; "/mnt/data" = { device = "/dev/mmcblk0p3"; fsType = "btrfs"; options = [ "subvol=data" "compress=zstd" ]; }; "/srv/certs" = { device = "/dev/mmcblk0p3"; fsType = "btrfs"; options = [ "subvol=certs" "compress=zstd" ]; }; }; swapDevices = [ ]; environment.persistence."/state" = { files = [ "/etc/machine-id" "/etc/nix/id_rsa" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_ed25519_key-cert.pub" "/etc/ssh/user_ca.pub" "/etc/nixos" ]; }; networking.hostName = "lb"; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; virtualHosts = { "homer.monotremata.xyz" = { sslCertificate = "/srv/certs/acme/monotremata.xyz/fullchain.pem"; sslCertificateKey = "/srv/certs/acme/monotremata.xyz/key.pem"; addSSL = true; onlySSL = true; locations."/" = { recommendedProxySettings = true; proxyWebsockets = true; proxyPass = "http://narwhal:8020/"; }; }; }; }; system.stateVersion = "23.05"; }