2021-02-06 15:35:38 +01:00
|
|
|
# Deployed services
|
|
|
|
{ config, ... }:
|
|
|
|
let
|
|
|
|
my = config.my;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
# List services that you want to enable:
|
|
|
|
my.services = {
|
2021-04-22 19:19:47 +02:00
|
|
|
# Hosts-based adblock using unbound
|
|
|
|
adblock = {
|
|
|
|
enable = true;
|
|
|
|
};
|
2021-02-07 13:20:23 +01:00
|
|
|
# Backblaze B2 backup
|
|
|
|
backup = {
|
|
|
|
enable = true;
|
|
|
|
repository = "b2:porthos-backup";
|
|
|
|
# Backup every 6 hours
|
|
|
|
timerConfig = {
|
|
|
|
OnActiveSec = "6h";
|
|
|
|
OnUnitActiveSec = "6h";
|
|
|
|
};
|
|
|
|
# Insecure, I don't care.
|
|
|
|
passwordFile =
|
|
|
|
builtins.toFile "password.txt" my.secrets.backup.password;
|
|
|
|
credentialsFile =
|
|
|
|
builtins.toFile "creds.env" my.secrets.backup.credentials;
|
|
|
|
};
|
2021-02-07 22:07:46 +01:00
|
|
|
# My blog and related hosts
|
|
|
|
blog.enable = true;
|
2021-02-18 14:38:28 +01:00
|
|
|
calibre-web = {
|
|
|
|
enable = true;
|
|
|
|
libraryPath = "/data/media/library";
|
|
|
|
};
|
2021-02-08 13:32:57 +01:00
|
|
|
drone = {
|
|
|
|
enable = true;
|
2021-02-10 21:02:24 +01:00
|
|
|
runners = [ "docker" "exec" ];
|
2021-02-08 13:32:57 +01:00
|
|
|
# Insecure, I don't care.
|
|
|
|
secretFile =
|
|
|
|
builtins.toFile "gitea.env" my.secrets.drone.gitea;
|
|
|
|
sharedSecretFile =
|
|
|
|
builtins.toFile "rpc.env" my.secrets.drone.secret;
|
|
|
|
};
|
2021-05-22 22:45:47 +02:00
|
|
|
# Flood UI for transmission
|
|
|
|
flood = {
|
|
|
|
enable = true;
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# Gitea forge
|
|
|
|
gitea.enable = true;
|
|
|
|
# Meta-indexers
|
|
|
|
indexers = {
|
|
|
|
jackett.enable = true;
|
|
|
|
nzbhydra.enable = true;
|
|
|
|
};
|
|
|
|
# Jellyfin media server
|
|
|
|
jellyfin.enable = true;
|
2021-03-30 23:30:37 +02:00
|
|
|
# Gitea mirrorig service
|
|
|
|
lohr = {
|
|
|
|
enable = true;
|
|
|
|
sharedSecretFile =
|
|
|
|
let
|
|
|
|
content = "LOHR_SECRET=${my.secrets.lohr.secret}";
|
|
|
|
in
|
|
|
|
builtins.toFile "lohr-secret.env" content;
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# Matrix backend and Element chat front-end
|
|
|
|
matrix = {
|
|
|
|
enable = true;
|
2021-09-25 13:20:22 +02:00
|
|
|
mailConfigFile = builtins.toFile "matrix-mail.yaml" ''
|
|
|
|
email:
|
|
|
|
smtp_host: "smtp.migadu.com"
|
|
|
|
smtp_port: 587
|
|
|
|
smtp_user: "${my.secrets.matrix.mail.username}"
|
|
|
|
smtp_pass: "${my.secrets.matrix.mail.password}"
|
|
|
|
notif_from: "${my.secrets.matrix.mail.notifFrom}"
|
|
|
|
# Refuse to connect unless the server supports STARTTLS.
|
|
|
|
require_transport_security: true
|
|
|
|
'';
|
|
|
|
# Only necessary when doing the initial registration
|
|
|
|
# secret = "change-me";
|
2021-02-06 15:35:38 +01:00
|
|
|
};
|
2021-02-15 18:45:38 +01:00
|
|
|
miniflux = {
|
|
|
|
enable = true;
|
2021-09-25 12:59:24 +02:00
|
|
|
credentialsFiles = builtins.toFile "miniflux-creds.txt" ''
|
|
|
|
ADMIN_USERNAME=Ambroisie
|
|
|
|
ADMIN_PASSWORD=${my.secrets.miniflux.password}
|
|
|
|
'';
|
2021-02-15 18:45:38 +01:00
|
|
|
};
|
2021-07-13 19:11:15 +02:00
|
|
|
# Various monitoring dashboards
|
|
|
|
monitoring = {
|
|
|
|
enable = true;
|
|
|
|
grafana = {
|
|
|
|
passwordFile =
|
|
|
|
builtins.toFile "grafana.txt" my.secrets.monitoring.password; # Insecure, I don't care
|
|
|
|
};
|
|
|
|
};
|
2021-08-19 11:57:11 +02:00
|
|
|
# FLOSS music streaming server
|
|
|
|
navidrome = {
|
|
|
|
enable = true;
|
|
|
|
musicFolder = "/data/media/music";
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# Nextcloud self-hosted cloud
|
|
|
|
nextcloud = {
|
|
|
|
enable = true;
|
2021-09-25 13:02:13 +02:00
|
|
|
passwordFile =
|
|
|
|
builtins.toFile "nextcloud-pass.txt" my.secrets.nextcloud.password;
|
2021-02-06 15:35:38 +01:00
|
|
|
};
|
2021-08-30 15:37:31 +02:00
|
|
|
nginx = {
|
|
|
|
enable = true;
|
|
|
|
};
|
2021-08-19 13:05:25 +02:00
|
|
|
paperless = {
|
|
|
|
enable = true;
|
|
|
|
documentPath = "/data/media/paperless";
|
|
|
|
# Insecure, I don't care
|
|
|
|
passwordFile =
|
|
|
|
builtins.toFile "paperless.env" my.secrets.paperless.password;
|
2021-09-25 13:15:34 +02:00
|
|
|
secretKeyFile = builtins.toFile "paperless-key.env" ''
|
|
|
|
PAPERLESS_SECRET_KEY=${my.secrets.paperless.secretKey}
|
|
|
|
'';
|
2021-08-19 13:05:25 +02:00
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# The whole *arr software suite
|
|
|
|
pirate.enable = true;
|
2021-04-02 11:08:24 +02:00
|
|
|
# Podcast automatic downloader
|
|
|
|
podgrab = {
|
|
|
|
enable = true;
|
|
|
|
passwordFile =
|
|
|
|
let
|
|
|
|
contents = "PASSWORD=${my.secrets.podgrab.password}";
|
|
|
|
in
|
|
|
|
builtins.toFile "podgrab.env" contents;
|
|
|
|
port = 9598;
|
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
# Regular backups
|
|
|
|
postgresql-backup.enable = true;
|
|
|
|
# An IRC client daemon
|
|
|
|
quassel.enable = true;
|
|
|
|
# RSS provider for websites that do not provide any feeds
|
|
|
|
rss-bridge.enable = true;
|
|
|
|
# Usenet client
|
|
|
|
sabnzbd.enable = true;
|
2021-02-07 11:39:13 +01:00
|
|
|
# Because I stilll need to play sysadmin
|
|
|
|
ssh-server.enable = true;
|
2021-02-06 15:35:38 +01:00
|
|
|
# Torrent client and webui
|
|
|
|
transmission = {
|
|
|
|
enable = true;
|
2021-09-25 12:52:49 +02:00
|
|
|
credentialsFile = builtins.toFile "transmission-creds.txt" ''
|
|
|
|
{
|
|
|
|
"rpc-username": "Ambroisie",
|
|
|
|
"rpc-password": "${my.secrets.transmission.password}"
|
|
|
|
}
|
|
|
|
'';
|
2021-02-06 15:35:38 +01:00
|
|
|
};
|
2021-02-17 15:23:55 +01:00
|
|
|
# Simple, in-kernel VPN
|
|
|
|
wireguard = {
|
|
|
|
enable = true;
|
2021-04-23 20:29:06 +02:00
|
|
|
startAtBoot = true; # Server must be started to ensure clients can connect
|
2021-02-17 15:23:55 +01:00
|
|
|
};
|
2021-02-06 15:35:38 +01:00
|
|
|
};
|
|
|
|
}
|