nix-config/machines/porthos/services.nix
Bruno BELANYI 77cf3430ae modules: services: use new nginx wrapper
And when not possible, document why.

Note for the future: there is some repetition in some modules to
configure the correct value of the subdomain, which I happen to know
will line up correctly thanks to the nginx wrapper. A good way to
refactor this in the future would involve avoiding this repetition,
allowing use to query the correct domain in some way...
2021-08-26 15:54:13 +02:00

128 lines
3.2 KiB
Nix

# Deployed services
{ config, ... }:
let
my = config.my;
in
{
# List services that you want to enable:
my.services = {
# Hosts-based adblock using unbound
adblock = {
enable = true;
};
# Backblaze B2 backup
backup = {
enable = true;
repository = "b2:porthos-backup";
# Backup every 6 hours
timerConfig = {
OnActiveSec = "6h";
OnUnitActiveSec = "6h";
};
# Insecure, I don't care.
passwordFile =
builtins.toFile "password.txt" my.secrets.backup.password;
credentialsFile =
builtins.toFile "creds.env" my.secrets.backup.credentials;
};
# My blog and related hosts
blog.enable = true;
calibre-web = {
enable = true;
libraryPath = "/data/media/library";
};
drone = {
enable = true;
runners = [ "docker" "exec" ];
# Insecure, I don't care.
secretFile =
builtins.toFile "gitea.env" my.secrets.drone.gitea;
sharedSecretFile =
builtins.toFile "rpc.env" my.secrets.drone.secret;
};
# Flood UI for transmission
flood = {
enable = true;
};
# Gitea forge
gitea.enable = true;
# Meta-indexers
indexers = {
jackett.enable = true;
nzbhydra.enable = true;
};
# Jellyfin media server
jellyfin.enable = true;
# Gitea mirrorig service
lohr = {
enable = true;
sharedSecretFile =
let
content = "LOHR_SECRET=${my.secrets.lohr.secret}";
in
builtins.toFile "lohr-secret.env" content;
};
# Matrix backend and Element chat front-end
matrix = {
enable = true;
mail = my.secrets.matrix.mail;
secret = my.secrets.matrix.secret;
};
miniflux = {
enable = true;
password = my.secrets.miniflux.password;
};
# Various monitoring dashboards
monitoring = {
enable = true;
grafana = {
passwordFile =
builtins.toFile "grafana.txt" my.secrets.monitoring.password; # Insecure, I don't care
};
};
# FLOSS music streaming server
navidrome = {
enable = true;
musicFolder = "/data/media/music";
};
# Nextcloud self-hosted cloud
nextcloud = {
enable = true;
password = my.secrets.nextcloud.password;
};
# The whole *arr software suite
pirate.enable = true;
# Podcast automatic downloader
podgrab = {
enable = true;
passwordFile =
let
contents = "PASSWORD=${my.secrets.podgrab.password}";
in
builtins.toFile "podgrab.env" contents;
port = 9598;
};
# Regular backups
postgresql-backup.enable = true;
# An IRC client daemon
quassel.enable = true;
# RSS provider for websites that do not provide any feeds
rss-bridge.enable = true;
# Usenet client
sabnzbd.enable = true;
# Because I stilll need to play sysadmin
ssh-server.enable = true;
# Torrent client and webui
transmission = {
enable = true;
username = "Ambroisie";
password = my.secrets.transmission.password;
};
# Simple, in-kernel VPN
wireguard = {
enable = true;
startAtBoot = true; # Server must be started to ensure clients can connect
};
};
}