{
modulesPath,
pubkeys,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
./adguard.nix
];
swapDevices = [
{ device = "/dev/disk/by-uuid/cc568199-7a9b-4aa2-83f8-2a63982ff4f1"; }
];
age.secrets = {
navidrome.file = ../../secrets/navidrome.age;
adguard-dns-list = {
file = ../../secrets/adguard-dns-list.age;
mode = "444";
};
};
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
modules = {
container = {
kitchenowl = {
enable = true;
openFirewall = true;
version = "v0.6.4";
};
nginxproxymanager = {
enable = true;
};
};
server = {
paperless = {
enable = true;
openPort = true;
settings = {
PAPERLESS_URL = "https://paperless.ccnlc.eu";
PAPERLESS_OCR_USER_ARGS = {
invalidate_digital_signatures = true;
};
};
};
navidrome = {
enable = true;
library = {
path = "/mnt/music";
type = "nfs";
source = {
ip = "192.168.178.21";
path = "/mnt/Fort/data/music";
};
};
settings = {
Address = "0.0.0.0";
Port = 4533;
};
};
};
services = {
tailscale = {
enable = true;
isExitNode = true;
tags = [ "server" ];
};
rsync-backup = {
enable = true;
modules = [
{
sources = [ "/var/lib/paperless" ];
target = {
location = "paperless-backup";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
{
sources = [ "/var/lib/immich" ];
target = {
location = "immich-backup";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
{
sources = [ "/mnt/music" ];
target = {
location = "music-backup";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
{
sources = [ "/mnt/shows" ];
target = {
location = "shows-backup";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
{
sources = [ "/mnt/movies" ];
target = {
location = "movies";
type = "rsyncd";
host = "nihilus";
};
incremental.enable = true;
}
];
};
};
};
services = {
openssh.enable = true;
jellyfin = {
enable = true;
openFirewall = true;
};
immich = {
enable = true;
openFirewall = true;
host = "0.0.0.0";
};
radicale = {
enable = true;
# Documentation at <https://radicale.org/v3.html#configuration>
settings = {
server = {
hosts = [ "0.0.0.0:5232" ];
};
auth = {
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "autodetect";
};
storage = {
filesystem_folder = "/var/lib/radicale/collections";
};
};
};
};
networking.firewall.allowedTCPPorts = [ 5232 ];
# security.acme = {
#acceptTerms = true;
#certs = {
#"ccnlc.eu" = {
#email = "dns@ccnlc.eu";
#dnsProvider = "ovh";
#extraDomainNames = [ "*.ccnlc.eu" ];
#environmentFile = "/var/secrets/ovh-ccnlc";
#};
#};
#};
fileSystems = {
"/mnt/shows" = {
device = "192.168.178.21:/mnt/Fort/data/shows";
fsType = "nfs";
options = [
"x-systemd.automount"
"ro"
];
};
"/mnt/movies" = {
device = "192.168.178.21:/mnt/Fort/data/movies";
fsType = "nfs";
options = [
"x-systemd.automount"
"ro"
];
};
};
users.users.root.openssh.authorizedKeys.keys = [ pubkeys.ny ];
system.stateVersion = "23.11";
}