2021-02-06 15:35:38 +01:00
|
|
|
# Deployed services
|
2022-04-08 20:54:39 +02:00
|
|
|
{ config, lib, ... }:
|
2021-02-06 15:35:38 +01:00
|
|
|
let
|
2021-09-25 12:49:08 +02:00
|
|
|
secrets = config.age.secrets;
|
2021-02-06 15:35:38 +01:00
|
|
|
in
|
|
|
|
{
|
|
|
|
# List services that you want to enable:
|
|
|
|
my.services = {
|
2021-04-22 19:19:47 +02:00
|
|
|
# Hosts-based adblock using unbound
|
|
|
|
adblock = {
|
|
|
|
enable = true;
|
|
|
|
};
|
2021-02-07 13:20:23 +01:00
|
|
|
# Backblaze B2 backup
|
|
|
|
backup = {
|
|
|
|
enable = true;
|
|
|
|
repository = "b2:porthos-backup";
|
|
|
|
# Backup every 6 hours
|
|
|
|
timerConfig = {
|
|
|
|
OnActiveSec = "6h";
|
|
|
|
OnUnitActiveSec = "6h";
|
|
|
|
};
|
2021-09-25 12:49:08 +02:00
|
|
|
passwordFile = secrets."backup/password".path;
|
|
|
|
credentialsFile = secrets."backup/credentials".path;
|
2021-02-07 13:20:23 +01:00
|
|
|
};
|
2021-02-07 22:07:46 +01:00
|
|
|
# My blog and related hosts
|
|
|
|
blog.enable = true;
|
2021-02-18 14:38:28 +01:00
|
|
|
calibre-web = {
|
|
|
|
enable = true;
|
|
|
|
libraryPath = "/data/media/library";
|
|
|
|
};
|
2023-02-20 10:04:23 +01:00
|
|
|
# Auto-ban spammy bots and incorrect logins
|
|
|
|
fail2ban = {
|
|
|
|
enable = true;
|
|
|
|
};
|
2021-05-22 22:45:47 +02:00
|
|
|
# Flood UI for transmission
|
|
|
|
flood = {
|
|
|
|
enable = true;
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# Gitea forge
|
2022-04-08 20:54:39 +02:00
|
|
|
gitea = {
|
|
|
|
enable = true;
|
|
|
|
mail = {
|
|
|
|
enable = true;
|
|
|
|
host = "smtp.migadu.com:465";
|
|
|
|
user = lib.my.mkMailAddress "gitea" "belanyi.fr";
|
|
|
|
passwordFile = secrets."gitea/mail-password".path;
|
|
|
|
};
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# Meta-indexers
|
|
|
|
indexers = {
|
2021-10-15 15:11:48 +02:00
|
|
|
prowlarr.enable = true;
|
2021-02-06 15:35:38 +01:00
|
|
|
};
|
|
|
|
# Jellyfin media server
|
|
|
|
jellyfin.enable = true;
|
2021-03-30 23:30:37 +02:00
|
|
|
# Gitea mirrorig service
|
|
|
|
lohr = {
|
|
|
|
enable = true;
|
2021-09-25 12:49:08 +02:00
|
|
|
sharedSecretFile = secrets."lohr/secret".path;
|
2021-11-05 16:56:45 +01:00
|
|
|
sshKeyFile = secrets."lohr/ssh-key".path;
|
2021-03-30 23:30:37 +02:00
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# Matrix backend and Element chat front-end
|
|
|
|
matrix = {
|
|
|
|
enable = true;
|
2021-09-25 12:49:08 +02:00
|
|
|
mailConfigFile = secrets."matrix/mail".path;
|
2021-09-25 13:20:22 +02:00
|
|
|
# Only necessary when doing the initial registration
|
2023-04-01 13:50:05 +02:00
|
|
|
secretFile = secrets."matrix/secret".path;
|
2023-09-28 17:53:46 +02:00
|
|
|
slidingSync = {
|
|
|
|
secretFile = secrets."matrix/sliding-sync-secret".path;
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
};
|
2021-02-15 18:45:38 +01:00
|
|
|
miniflux = {
|
|
|
|
enable = true;
|
2021-09-25 12:49:08 +02:00
|
|
|
credentialsFiles = secrets."miniflux/credentials".path;
|
2021-02-15 18:45:38 +01:00
|
|
|
};
|
2021-07-13 19:11:15 +02:00
|
|
|
# Various monitoring dashboards
|
|
|
|
monitoring = {
|
|
|
|
enable = true;
|
|
|
|
grafana = {
|
2021-09-25 12:49:08 +02:00
|
|
|
passwordFile = secrets."monitoring/password".path;
|
2023-07-17 12:58:29 +02:00
|
|
|
secretKeyFile = secrets."monitoring/secret-key".path;
|
2021-07-13 19:11:15 +02:00
|
|
|
};
|
|
|
|
};
|
2021-08-19 11:57:11 +02:00
|
|
|
# FLOSS music streaming server
|
|
|
|
navidrome = {
|
|
|
|
enable = true;
|
|
|
|
musicFolder = "/data/media/music";
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# Nextcloud self-hosted cloud
|
|
|
|
nextcloud = {
|
|
|
|
enable = true;
|
2021-09-25 12:49:08 +02:00
|
|
|
passwordFile = secrets."nextcloud/password".path;
|
2021-02-06 15:35:38 +01:00
|
|
|
};
|
2023-08-19 12:34:22 +02:00
|
|
|
nix-cache = {
|
2023-04-19 23:05:08 +02:00
|
|
|
enable = true;
|
2023-08-19 12:36:05 +02:00
|
|
|
secretKeyFile = secrets."nix-cache/cache-key".path;
|
2023-04-19 23:05:08 +02:00
|
|
|
};
|
2021-08-30 15:37:31 +02:00
|
|
|
nginx = {
|
|
|
|
enable = true;
|
2021-09-25 13:24:23 +02:00
|
|
|
acme = {
|
2021-09-25 12:49:08 +02:00
|
|
|
credentialsFile = secrets."acme/dns-key".path;
|
2021-09-25 13:24:23 +02:00
|
|
|
};
|
2021-09-25 13:41:43 +02:00
|
|
|
sso = {
|
|
|
|
authKeyFile = secrets."sso/auth-key".path;
|
|
|
|
users = {
|
|
|
|
ambroisie = {
|
2021-09-25 12:49:08 +02:00
|
|
|
passwordHashFile = secrets."sso/ambroisie/password-hash".path;
|
|
|
|
totpSecretFile = secrets."sso/ambroisie/totp-secret".path;
|
2021-09-25 13:41:43 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
groups = {
|
|
|
|
root = [ "ambroisie" ];
|
|
|
|
};
|
|
|
|
};
|
2021-08-30 15:37:31 +02:00
|
|
|
};
|
2021-08-19 13:05:25 +02:00
|
|
|
paperless = {
|
|
|
|
enable = true;
|
|
|
|
documentPath = "/data/media/paperless";
|
2021-09-25 12:49:08 +02:00
|
|
|
passwordFile = secrets."paperless/password".path;
|
|
|
|
secretKeyFile = secrets."paperless/secret-key".path;
|
2021-08-19 13:05:25 +02:00
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# The whole *arr software suite
|
2023-10-06 23:13:47 +02:00
|
|
|
pirate = {
|
|
|
|
enable = true;
|
|
|
|
# ... But not Lidarr because I don't care for music that much
|
|
|
|
lidarr = {
|
|
|
|
enable = false;
|
|
|
|
};
|
|
|
|
};
|
2021-04-02 11:08:24 +02:00
|
|
|
# Podcast automatic downloader
|
|
|
|
podgrab = {
|
|
|
|
enable = true;
|
2021-09-25 12:49:08 +02:00
|
|
|
passwordFile = secrets."podgrab/password".path;
|
2021-04-02 11:08:24 +02:00
|
|
|
port = 9598;
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# Regular backups
|
|
|
|
postgresql-backup.enable = true;
|
|
|
|
# RSS provider for websites that do not provide any feeds
|
|
|
|
rss-bridge.enable = true;
|
|
|
|
# Usenet client
|
|
|
|
sabnzbd.enable = true;
|
2021-02-07 11:39:13 +01:00
|
|
|
# Because I stilll need to play sysadmin
|
|
|
|
ssh-server.enable = true;
|
2022-09-24 21:53:50 +02:00
|
|
|
# Recipe manager
|
|
|
|
tandoor-recipes = {
|
|
|
|
enable = true;
|
|
|
|
secretKeyFile = secrets."tandoor-recipes/secret-key".path;
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# Torrent client and webui
|
|
|
|
transmission = {
|
|
|
|
enable = true;
|
2021-09-25 12:49:08 +02:00
|
|
|
credentialsFile = secrets."transmission/credentials".path;
|
2021-02-06 15:35:38 +01:00
|
|
|
};
|
2023-08-08 20:43:52 +02:00
|
|
|
# Self-hosted todo app
|
|
|
|
vikunja = {
|
|
|
|
enable = true;
|
|
|
|
mail = {
|
|
|
|
enable = true;
|
|
|
|
configFile = secrets."vikunja/mail".path;
|
|
|
|
};
|
|
|
|
};
|
2021-02-17 15:23:55 +01:00
|
|
|
# Simple, in-kernel VPN
|
|
|
|
wireguard = {
|
|
|
|
enable = true;
|
2021-04-23 20:29:06 +02:00
|
|
|
startAtBoot = true; # Server must be started to ensure clients can connect
|
2021-02-17 15:23:55 +01:00
|
|
|
};
|
2023-04-01 13:14:18 +02:00
|
|
|
woodpecker = {
|
|
|
|
enable = true;
|
|
|
|
# Avoid clashes with drone
|
|
|
|
port = 3035;
|
|
|
|
rpcPort = 3036;
|
|
|
|
runners = [ "docker" "exec" ];
|
|
|
|
secretFile = secrets."woodpecker/gitea".path;
|
|
|
|
sharedSecretFile = secrets."woodpecker/secret".path;
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
};
|
|
|
|
}
|