nixos/machines/newton/services.nix

# Deployed services
{ config, lib, ... }:
let
  secrets = config.sops.secrets;
in
{
  sops.secrets."acme/inwx" = { };
  sops.secrets."borgbackup/password" = { };
  sops.secrets."borgbackup/ssh_key" = { };
  sops.secrets."sso/auth-key" = { };
  sops.secrets."sso/felix/password-hash" = { };
  sops.secrets."sso/felix/totp-secret" = { };
  sops.secrets."paperless/password" = { };
  sops.secrets."nextcloud/password" = {
    owner = config.users.users.nextcloud.name;
  };
  sops.secrets."freshrss/password" = {
    owner = config.users.users.freshrss.name;
  };
  sops.secrets."photoprism/password" = { };

  # List services that you want to enable:
  my.services = {
    backup = {
      enable = true;
      OnFailureMail = "server@buehler.rocks";
      passwordFile = secrets."borgbackup/password".path;
      sshKeyFile = secrets."borgbackup/ssh_key".path;
    };
    # My own personal homepage
    homepage = {
      enable = true;
    };
    # Dashboard
    homer = {
      enable = true;
    };
    # RSS provider for websites that do not provide any feeds
    rss-bridge = {
      enable = true;
    };
    # voice-chat server
    mumble-server = {
      enable = true;
    };
    # sandbox video game
    minecraft-server = {
      enable = true;
    };
    # music streaming server
    navidrome = {
      enable = true;
      musicFolder = "/srv/data/music";
    };
    # self-hosted cloud
    nextcloud = {
      enable = true;
      passwordFile = secrets."nextcloud/password".path;
    };
    # document management system
    paperless = {
      enable = true;
      passwordFile = secrets."paperless/password".path;
      extraConfig.PAPERLESS_ADMIN_USER = "felix";
    };
    # RSS aggregator and reader
    freshrss = {
      enable = true;
      defaultUser = "felix";
      baseUrl = "https://news.buehler.rocks";
      passwordFile = secrets."freshrss/password".path;
    };
    # self-hosted git service
    gitea = {
      enable = true;
    };
    # collaborative markdown editor
    hedgedoc = {
      enable = true;
    };
    # a password-generator using the marokov model
    passworts = {
      enable = true;
    };
    # self-hosted photo gallery
    photoprism = {
      enable = true;
      passwordFile = secrets."photoprism/password".path;
      originalsPath = "/srv/data/photos";
      settings = {
        PHOTOPRISM_ADMIN_USER = "felix";
        PHOTOPRISM_SPONSOR = "true";
      };
    };
    ssh-server = {
      enable = true;
    };
    initrd-ssh = {
      enable = true;
    };
    # self-hosted recipe manager
    tandoor-recipes = {
      enable = true;
    };
    # Webserver
    nginx = {
      enable = true;
      acme = {
        credentialsFile = secrets."acme/inwx".path;
      };
      sso = {
        authKeyFile = secrets."sso/auth-key".path;
        users = {
          felix = {
            passwordHashFile = secrets."sso/felix/password-hash".path;
            totpSecretFile = secrets."sso/felix/totp-secret".path;
          };
        };
        groups = {
          root = [ "felix" ];
        };
      };
    };
  };
}
services: add rss-bridge to newton 2022-07-30 15:01:21 +02:00			`# Deployed services`
			`{ config, lib, ... }:`
			`let`
			`secrets = config.sops.secrets;`
			`in`
			`{`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`sops.secrets."acme/inwx" = { };`
newton/serverle: update backup secrets 2023-01-29 15:23:12 +01:00			`sops.secrets."borgbackup/password" = { };`
machines: update ssh config naming 2023-02-05 19:04:16 +01:00			`sops.secrets."borgbackup/ssh_key" = { };`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`sops.secrets."sso/auth-key" = { };`
			`sops.secrets."sso/felix/password-hash" = { };`
			`sops.secrets."sso/felix/totp-secret" = { };`
			`sops.secrets."paperless/password" = { };`
service/photoprism: init & enable on newton 2022-12-25 12:24:28 +01:00			`sops.secrets."nextcloud/password" = {`
			`owner = config.users.users.nextcloud.name;`
			`};`
service/freshrss: enable on newton 2022-12-25 12:24:54 +01:00			`sops.secrets."freshrss/password" = {`
			`owner = config.users.users.freshrss.name;`
			`};`
service/photoprism: init & enable on newton 2022-12-25 12:24:28 +01:00			`sops.secrets."photoprism/password" = { };`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00
services: add rss-bridge to newton 2022-07-30 15:01:21 +02:00			`# List services that you want to enable:`
			`my.services = {`
newton/serverle: update backup secrets 2023-01-29 15:23:12 +01:00			`backup = {`
			`enable = true;`
			`OnFailureMail = "server@buehler.rocks";`
			`passwordFile = secrets."borgbackup/password".path;`
machines: update ssh config naming 2023-02-05 19:04:16 +01:00			`sshKeyFile = secrets."borgbackup/ssh_key".path;`
newton/serverle: update backup secrets 2023-01-29 15:23:12 +01:00			`};`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`# My own personal homepage`
			`homepage = {`
			`enable = true;`
			`};`
			`# Dashboard`
			`homer = {`
			`enable = true;`
			`};`
services: add rss-bridge to newton 2022-07-30 15:01:21 +02:00			`# RSS provider for websites that do not provide any feeds`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`rss-bridge = {`
			`enable = true;`
			`};`
			`# voice-chat server`
			`mumble-server = {`
			`enable = true;`
			`};`
			`# sandbox video game`
			`minecraft-server = {`
			`enable = true;`
			`};`
			`# music streaming server`
			`navidrome = {`
			`enable = true;`
			`musicFolder = "/srv/data/music";`
			`};`
			`# self-hosted cloud`
			`nextcloud = {`
			`enable = true;`
			`passwordFile = secrets."nextcloud/password".path;`
			`};`
			`# document management system`
			`paperless = {`
			`enable = true;`
			`passwordFile = secrets."paperless/password".path;`
			`extraConfig.PAPERLESS_ADMIN_USER = "felix";`
			`};`
service/freshrss: enable on newton 2022-12-25 12:24:54 +01:00			`# RSS aggregator and reader`
			`freshrss = {`
			`enable = true;`
			`defaultUser = "felix";`
			`baseUrl = "https://news.buehler.rocks";`
			`passwordFile = secrets."freshrss/password".path;`
			`};`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`# self-hosted git service`
			`gitea = {`
			`enable = true;`
			`};`
			`# collaborative markdown editor`
			`hedgedoc = {`
			`enable = true;`
			`};`
			`# a password-generator using the marokov model`
			`passworts = {`
			`enable = true;`
			`};`
service/photoprism: init & enable on newton 2022-12-25 12:24:28 +01:00			`# self-hosted photo gallery`
			`photoprism = {`
			`enable = true;`
			`passwordFile = secrets."photoprism/password".path;`
			`originalsPath = "/srv/data/photos";`
newton: update photoprism config 2023-01-15 12:18:37 +01:00			`settings = {`
service/photoprism: init & enable on newton 2022-12-25 12:24:28 +01:00			`PHOTOPRISM_ADMIN_USER = "felix";`
newton: update photoprism config 2023-01-15 12:18:37 +01:00			`PHOTOPRISM_SPONSOR = "true";`
service/photoprism: init & enable on newton 2022-12-25 12:24:28 +01:00			`};`
			`};`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`ssh-server = {`
			`enable = true;`
			`};`
service/initrd-ssh: init from legacy 2023-02-15 21:17:09 +01:00			`initrd-ssh = {`
			`enable = true;`
			`};`
service/tandoor-recipes: init 2022-12-25 12:07:38 +01:00			`# self-hosted recipe manager`
			`tandoor-recipes = {`
			`enable = true;`
			`};`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`# Webserver`
			`nginx = {`
			`enable = true;`
			`acme = {`
			`credentialsFile = secrets."acme/inwx".path;`
			`};`
			`sso = {`
			`authKeyFile = secrets."sso/auth-key".path;`
			`users = {`
			`felix = {`
			`passwordHashFile = secrets."sso/felix/password-hash".path;`
			`totpSecretFile = secrets."sso/felix/totp-secret".path;`
			`};`
			`};`
			`groups = {`
			`root = [ "felix" ];`
			`};`
			`};`
			`};`
services: add rss-bridge to newton 2022-07-30 15:01:21 +02:00			`};`
			`}`