nix-config/hosts/nixos/porthos/services.nix

177 lines
4.6 KiB
Nix
Raw Normal View History

# Deployed services
{ config, lib, ... }:
let
secrets = config.age.secrets;
in
{
# List services that you want to enable:
my.services = {
# Hosts-based adblock using unbound
adblock = {
enable = true;
};
2021-02-07 13:20:23 +01:00
# Backblaze B2 backup
backup = {
enable = true;
repository = "b2:porthos-backup";
# Backup every 6 hours
timerConfig = {
OnActiveSec = "6h";
OnUnitActiveSec = "6h";
};
passwordFile = secrets."backup/password".path;
credentialsFile = secrets."backup/credentials".path;
2021-02-07 13:20:23 +01:00
};
2021-02-07 22:07:46 +01:00
# My blog and related hosts
blog.enable = true;
calibre-web = {
enable = true;
libraryPath = "/data/media/library";
};
# Auto-ban spammy bots and incorrect logins
fail2ban = {
enable = true;
};
# Flood UI for transmission
flood = {
enable = true;
};
# Gitea forge
gitea = {
enable = true;
mail = {
enable = true;
host = "smtp.migadu.com:465";
user = lib.my.mkMailAddress "gitea" "belanyi.fr";
passwordFile = secrets."gitea/mail-password".path;
};
};
# Meta-indexers
indexers = {
prowlarr.enable = true;
};
# Jellyfin media server
jellyfin.enable = true;
# Gitea mirrorig service
lohr = {
enable = true;
sharedSecretFile = secrets."lohr/secret".path;
sshKeyFile = secrets."lohr/ssh-key".path;
};
# Matrix backend and Element chat front-end
matrix = {
enable = true;
mailConfigFile = secrets."matrix/mail".path;
# Only necessary when doing the initial registration
secretFile = secrets."matrix/secret".path;
slidingSync = {
secretFile = secrets."matrix/sliding-sync-secret".path;
};
};
2021-02-15 18:45:38 +01:00
miniflux = {
enable = true;
credentialsFiles = secrets."miniflux/credentials".path;
2021-02-15 18:45:38 +01:00
};
# Various monitoring dashboards
monitoring = {
enable = true;
grafana = {
passwordFile = secrets."monitoring/password".path;
secretKeyFile = secrets."monitoring/secret-key".path;
};
};
# FLOSS music streaming server
navidrome = {
enable = true;
musicFolder = "/data/media/music";
};
# Nextcloud self-hosted cloud
nextcloud = {
enable = true;
passwordFile = secrets."nextcloud/password".path;
};
nix-cache = {
enable = true;
secretKeyFile = secrets."nix-cache/cache-key".path;
};
nginx = {
enable = true;
acme = {
credentialsFile = secrets."acme/dns-key".path;
};
sso = {
authKeyFile = secrets."sso/auth-key".path;
users = {
ambroisie = {
passwordHashFile = secrets."sso/ambroisie/password-hash".path;
totpSecretFile = secrets."sso/ambroisie/totp-secret".path;
};
};
groups = {
root = [ "ambroisie" ];
};
};
};
paperless = {
enable = true;
documentPath = "/data/media/paperless";
passwordFile = secrets."paperless/password".path;
secretKeyFile = secrets."paperless/secret-key".path;
};
# The whole *arr software suite
pirate = {
enable = true;
# ... But not Lidarr because I don't care for music that much
lidarr = {
enable = false;
};
};
# Podcast automatic downloader
podgrab = {
enable = true;
passwordFile = secrets."podgrab/password".path;
port = 9598;
};
# Regular backups
postgresql-backup.enable = true;
# RSS provider for websites that do not provide any feeds
rss-bridge.enable = true;
# Usenet client
sabnzbd.enable = true;
2021-02-07 11:39:13 +01:00
# Because I stilll need to play sysadmin
ssh-server.enable = true;
# Recipe manager
tandoor-recipes = {
enable = true;
secretKeyFile = secrets."tandoor-recipes/secret-key".path;
};
# Torrent client and webui
transmission = {
enable = true;
credentialsFile = secrets."transmission/credentials".path;
};
# Self-hosted todo app
vikunja = {
enable = true;
mail = {
enable = true;
configFile = secrets."vikunja/mail".path;
};
};
2021-02-17 15:23:55 +01:00
# Simple, in-kernel VPN
wireguard = {
enable = true;
startAtBoot = true; # Server must be started to ensure clients can connect
2021-02-17 15:23:55 +01:00
};
woodpecker = {
enable = true;
# Avoid clashes with drone
port = 3035;
rpcPort = 3036;
runners = [ "docker" "exec" ];
secretFile = secrets."woodpecker/gitea".path;
sharedSecretFile = secrets."woodpecker/secret".path;
};
};
}