{
modulesPath,
pubkeys,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
./adguard.nix
];
swapDevices = [
{ device = "/dev/disk/by-uuid/cc568199-7a9b-4aa2-83f8-2a63982ff4f1"; }
];
age.secrets = {
navidrome.file = ../../secrets/navidrome.age;
adguard-dns-list = {
file = ../../secrets/adguard-dns-list.age;
mode = "444";
};
};
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
modules = {
system.networking.bluetooth.enable = true;
container = {
kitchenowl = {
enable = true;
openFirewall = true;
version = "v0.6.4";
};
nginxproxymanager = {
enable = true;
};
};
server = {
paperless = {
enable = true;
openPort = true;
settings = {
PAPERLESS_URL = "https://paperless.ccnlc.eu";
PAPERLESS_OCR_USER_ARGS = {
invalidate_digital_signatures = true;
};
};
};
navidrome = {
enable = true;
library = {
path = "/mnt/music";
type = "nfs";
source = {
ip = "192.168.178.21";
path = "/mnt/Fort/data/music";
};
};
settings = {
Address = "0.0.0.0";
Port = 4533;
};
};
};
services = {
tailscale = {
enable = true;
isExitNode = true;
tags = [ "server" ];
};
rsync-backup = {
enable = true;
modules = [
{
sources = [ "/var/lib/paperless" ];
target = {
location = "paperless-backup";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
{
sources = [ "/var/lib/immich" ];
target = {
location = "immich-backup";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
{
sources = [ "/mnt/music" ];
target = {
location = "music-backup";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
{
sources = [ "/mnt/shows" ];
target = {
location = "shows-backup";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
{
sources = [ "/mnt/movies" ];
target = {
location = "movies";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
];
};
};
};
services = {
openssh = {
enable = true;
startWhenNeeded = true;
settings = {
PasswordAuthentication = false;
};
};
jellyfin = {
enable = true;
openFirewall = true;
};
immich = {
enable = true;
openFirewall = true;
host = "0.0.0.0";
};
radicale = {
enable = true;
# Documentation at <https://radicale.org/v3.html#configuration>
settings = {
server = {
hosts = [ "0.0.0.0:5232" ];
};
auth = {
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "autodetect";
};
storage = {
filesystem_folder = "/var/lib/radicale/collections";
};
};
};
ntfy-sh = {
enable = true;
settings =
let
root = "/var/lib/ntfy-sh";
in
{
base-url = "https://ntfy.ccnlc.eu";
listen-http = "0.0.0.0:9393";
auth-default-access = "deny-all";
behind-proxy = true;
attachment-cache-dir = "${root}/attachments";
enable-signup = true;
enable-login = true;
};
};
octoprint = {
enable = true;
openFirewall = true;
port = 5000;
};
home-assistant = {
enable = true;
openFirewall = true;
configWritable = true;
extraComponents = [
"tplink_tapo"
"tplink"
"default_config"
"met"
"esphome"
"mobile_app"
"octoprint"
"jellyfin"
"iron_os"
"wake_on_lan"
];
config = {
default_config = { };
http = {
server_port = 8123;
use_x_forwarded_for = true;
trusted_proxies = [
"127.0.0.1"
"::1"
"10.89.0.3"
];
};
};
};
};
networking.firewall.allowedTCPPorts = [
5232
9393
];
fileSystems = {
"/mnt/shows" = {
device = "192.168.178.21:/mnt/Fort/data/shows";
fsType = "nfs";
options = [
"x-systemd.automount"
"ro"
];
};
"/mnt/movies" = {
device = "192.168.178.21:/mnt/Fort/data/movies";
fsType = "nfs";
options = [
"x-systemd.automount"
"ro"
];
};
};
users.users.root.openssh.authorizedKeys.keys = [ pubkeys.ny ];
system.stateVersion = "23.11";
}