nixos-config/config/host-config/zbox.nix

{ config, lib, pkgs, ... }:

with lib;
let
  primaryIp = pkgs.lib.getHostIpv4 "zbox";

  openVinoModel = "ssdlite_mobilenet_v2";

  libedgetpu =
    config.boot.kernelPackages.callPackage ./zbox/pkgs/libedgetpu.nix { };

in {
  config = {
    networking = {
      useDHCP = false;
      interfaces.intif0 = {
        ipv4.addresses = [{
          address = primaryIp;
          prefixLength = 22;
        }];
      };
      firewall.enable = false;
      defaultGateway = {
        address = "10.0.0.1";
        interface = "intif0";
      };
    };

    boot = let
      gasket =
        config.boot.kernelPackages.callPackage ./zbox/pkgs/gasket.nix { };
    in {
      extraModulePackages = [ gasket ];
      kernelModules = [ "gasket" ];
    };

    users.groups.plugdev = { };

    virtualisation = {
      podman = {
        enable = true;
        dockerSocket.enable = true;
        autoPrune.enable = true;
        enableNvidia = true;
      };

      arion.backend = "podman-socket";
    };

    services = {
      frigateContainer = {
        state-directory = "/state/services/frigate";
        # hwaccel = "preset-vaapi";
        devices = [ "/dev/apex_0" "/dev/dri/renderD128" ];
        detectors = {
          coral = {
            type = "edgetpu";
            device = "";
          };
        };
      };
      udev = {
        packages = [ "${libedgetpu}" ];
        extraRules = ''
          SUBSYSTEM=="pci",ATTRS{device}=="089a",GROUP="plugdev"
          SUBSYSTEM=="apex",ATTRS{device_type}=="apex",GROUP="plugdev"
        '';
      };

      xserver = {
        enable = mkForce true;
        videoDrivers = [ "nvidia" ];
      };

      nginx = {
        enable = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        recommendedProxySettings = true;

        virtualHosts = {
          "frigate.sea.fudo.org" = {
            locations."/" = {
              proxyPass = "http://localhost:5000";
              proxyWebsockets = true;
            };
          };

          "cam.sea.fudo.ninja" = {
            locations."/" = {
              proxyPass = "http://localhost:5000";
              proxyWebsockets = true;
            };
          };
        };
      };
    };

    security.sudo.extraConfig = ''
      # Due to rollback, sudo will lecture after every reboot
      Defaults lecture = never
    '';
  };
}