200 lines
4.1 KiB
Nix
200 lines
4.1 KiB
Nix
{
|
|
modulesPath,
|
|
pubkeys,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
(modulesPath + "/profiles/qemu-guest.nix")
|
|
./disk-config.nix
|
|
./adguard.nix
|
|
];
|
|
|
|
swapDevices = [
|
|
{ device = "/dev/disk/by-uuid/cc568199-7a9b-4aa2-83f8-2a63982ff4f1"; }
|
|
];
|
|
|
|
age.secrets = {
|
|
navidrome.file = ../../secrets/navidrome.age;
|
|
adguard-dns-list = {
|
|
file = ../../secrets/adguard-dns-list.age;
|
|
mode = "444";
|
|
};
|
|
};
|
|
|
|
boot.loader.grub = {
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
};
|
|
|
|
modules = {
|
|
container = {
|
|
kitchenowl = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
version = "v0.5.2";
|
|
};
|
|
nginxproxymanager = {
|
|
enable = true;
|
|
};
|
|
};
|
|
|
|
server = {
|
|
paperless = {
|
|
enable = true;
|
|
openPort = true;
|
|
settings = {
|
|
PAPERLESS_URL = "https://paperless.ccnlc.eu";
|
|
PAPERLESS_OCR_USER_ARGS = {
|
|
invalidate_digital_signatures = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
navidrome = {
|
|
enable = true;
|
|
library = {
|
|
path = "/mnt/music";
|
|
type = "nfs";
|
|
source = {
|
|
ip = "192.168.178.21";
|
|
path = "/mnt/Fort/data/music";
|
|
};
|
|
};
|
|
settings = {
|
|
Address = "0.0.0.0";
|
|
Port = 4533;
|
|
};
|
|
};
|
|
};
|
|
|
|
services = {
|
|
tailscale = {
|
|
enable = true;
|
|
isExitNode = true;
|
|
tags = [ "server" ];
|
|
};
|
|
|
|
rsync-backup = {
|
|
enable = true;
|
|
modules = [
|
|
{
|
|
sources = [ "/var/lib/paperless" ];
|
|
target = {
|
|
location = "paperless-backup";
|
|
type = "rsyncd";
|
|
host = "nihilus";
|
|
};
|
|
incremental.enable = true;
|
|
}
|
|
{
|
|
sources = [ "/var/lib/immich" ];
|
|
target = {
|
|
location = "immich-backup";
|
|
type = "rsyncd";
|
|
host = "nihilus";
|
|
};
|
|
incremental.enable = true;
|
|
}
|
|
{
|
|
sources = [ "/mnt/music" ];
|
|
target = {
|
|
location = "music-backup";
|
|
type = "rsyncd";
|
|
host = "nihilus";
|
|
};
|
|
incremental.enable = true;
|
|
}
|
|
{
|
|
sources = [ "/mnt/shows" ];
|
|
target = {
|
|
location = "shows-backup";
|
|
type = "rsyncd";
|
|
host = "nihilus";
|
|
};
|
|
incremental.enable = true;
|
|
}
|
|
{
|
|
sources = [ "/mnt/movies" ];
|
|
target = {
|
|
location = "movies";
|
|
type = "rsyncd";
|
|
host = "nihilus";
|
|
};
|
|
incremental.enable = true;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
services = {
|
|
openssh.enable = true;
|
|
|
|
jellyfin = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
};
|
|
|
|
immich = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
host = "0.0.0.0";
|
|
};
|
|
|
|
radicale = {
|
|
enable = true;
|
|
# Documentation at <https://radicale.org/v3.html#configuration>
|
|
settings = {
|
|
server = {
|
|
hosts = [ "0.0.0.0:5232" ];
|
|
};
|
|
auth = {
|
|
type = "htpasswd";
|
|
htpasswd_filename = "/etc/radicale/users";
|
|
htpasswd_encryption = "autodetect";
|
|
};
|
|
storage = {
|
|
filesystem_folder = "/var/lib/radicale/collections";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [ 5232 ];
|
|
|
|
# security.acme = {
|
|
#acceptTerms = true;
|
|
#certs = {
|
|
#"ccnlc.eu" = {
|
|
#email = "dns@ccnlc.eu";
|
|
#dnsProvider = "ovh";
|
|
#extraDomainNames = [ "*.ccnlc.eu" ];
|
|
#environmentFile = "/var/secrets/ovh-ccnlc";
|
|
#};
|
|
#};
|
|
#};
|
|
|
|
fileSystems = {
|
|
"/mnt/shows" = {
|
|
device = "192.168.178.21:/mnt/Fort/data/shows";
|
|
fsType = "nfs";
|
|
options = [
|
|
"x-systemd.automount"
|
|
"ro"
|
|
];
|
|
};
|
|
|
|
"/mnt/movies" = {
|
|
device = "192.168.178.21:/mnt/Fort/data/movies";
|
|
fsType = "nfs";
|
|
options = [
|
|
"x-systemd.automount"
|
|
"ro"
|
|
];
|
|
};
|
|
};
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [ pubkeys.ny ];
|
|
|
|
system.stateVersion = "23.11";
|
|
}
|