{ modulesPath, pubkeys, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ./disk-config.nix ./adguard.nix ]; swapDevices = [ { device = "/dev/disk/by-uuid/cc568199-7a9b-4aa2-83f8-2a63982ff4f1"; } ]; age.secrets = { navidrome.file = ../../secrets/navidrome.age; adguard-dns-list = { file = ../../secrets/adguard-dns-list.age; mode = "444"; }; }; boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; }; modules = { system.networking.bluetooth.enable = true; container = { kitchenowl = { enable = true; openFirewall = true; version = "v0.6.4"; }; nginxproxymanager = { enable = true; }; }; server = { paperless = { enable = true; openPort = true; settings = { PAPERLESS_URL = "https://paperless.ccnlc.eu"; PAPERLESS_OCR_USER_ARGS = { invalidate_digital_signatures = true; }; }; }; navidrome = { enable = true; library = { path = "/mnt/music"; type = "nfs"; source = { ip = "192.168.178.21"; path = "/mnt/Fort/data/music"; }; }; settings = { Address = "0.0.0.0"; Port = 4533; }; }; }; services = { tailscale = { enable = true; isExitNode = true; tags = [ "server" ]; }; rsync-backup = { enable = true; modules = [ { sources = [ "/var/lib/paperless" ]; target = { location = "paperless-backup"; type = "rsyncd"; host = "nihilus"; }; incremental.enable = true; } { sources = [ "/var/lib/immich" ]; target = { location = "immich-backup"; type = "rsyncd"; host = "nihilus"; }; incremental.enable = true; } { sources = [ "/mnt/music" ]; target = { location = "music-backup"; type = "rsyncd"; host = "nihilus"; }; incremental.enable = true; } { sources = [ "/mnt/shows" ]; target = { location = "shows-backup"; type = "rsyncd"; host = "nihilus"; }; incremental.enable = true; } { sources = [ "/mnt/movies" ]; target = { location = "movies"; type = "rsyncd"; host = "nihilus"; }; incremental.enable = true; } ]; }; }; }; services = { openssh = { enable = true; startWhenNeeded = true; settings = { PasswordAuthentication = false; }; }; jellyfin = { enable = true; openFirewall = true; }; immich = { enable = true; openFirewall = true; host = "0.0.0.0"; }; radicale = { enable = true; # Documentation at settings = { server = { hosts = [ "0.0.0.0:5232" ]; }; auth = { type = "htpasswd"; htpasswd_filename = "/etc/radicale/users"; htpasswd_encryption = "autodetect"; }; storage = { filesystem_folder = "/var/lib/radicale/collections"; }; }; }; ntfy-sh = { enable = true; settings = let root = "/var/lib/ntfy-sh"; in { base-url = "https://ntfy.ccnlc.eu"; listen-http = "0.0.0.0:9393"; auth-default-access = "deny-all"; behind-proxy = true; attachment-cache-dir = "${root}/attachments"; enable-signup = true; enable-login = true; }; }; octoprint = { enable = true; openFirewall = true; port = 5000; }; home-assistant = { enable = true; openFirewall = true; configWritable = true; extraComponents = [ "tplink_tapo" "tplink" "default_config" "met" "esphome" "mobile_app" "octoprint" "jellyfin" "iron_os" "wake_on_lan" ]; config = { default_config = { }; http = { server_port = 8123; use_x_forwarded_for = true; trusted_proxies = [ "127.0.0.1" "::1" "10.89.0.3" ]; }; }; }; }; networking.firewall.allowedTCPPorts = [ 5232 9393 ]; fileSystems = { "/mnt/shows" = { device = "192.168.178.21:/mnt/Fort/data/shows"; fsType = "nfs"; options = [ "x-systemd.automount" "ro" ]; }; "/mnt/movies" = { device = "192.168.178.21:/mnt/Fort/data/movies"; fsType = "nfs"; options = [ "x-systemd.automount" "ro" ]; }; }; users.users.root.openssh.authorizedKeys.keys = [ pubkeys.ny ]; system.stateVersion = "23.11"; }