nixos/machines/newton/services.nix

# Deployed services
{ config, ... }:
let
  inherit (config.sops) secrets;
in
{
  sops.secrets = {
    "acme/inwx" = { };
    "borgbackup/password" = { };
    "borgbackup/ssh_key" = { };
    "sso/auth-key" = { };
    "sso/felix/password-hash" = { };
    "sso/felix/totp-secret" = { };
    "paperless/password" = { };
    "nextcloud/password" = {
      owner = config.users.users.nextcloud.name;
    };
    "nextcloud-exporter/password" = {
      owner = config.users.users.nextcloud-exporter.name;
    };
    "freshrss/password" = {
      owner = config.users.users.freshrss.name;
    };
    "photoprism/password" = { };
    "grafana/password" = {
      owner = config.users.users.grafana.name;
    };
    "matrix-bot/password" = {
      owner = config.systemd.services.go-neb.serviceConfig.User;
    };
  };

  # List services that you want to enable:
  my.services = {
    backup = {
      enable = true;
      OnFailureMail = "server@buehler.rocks";
      passwordFile = secrets."borgbackup/password".path;
      sshKeyFile = secrets."borgbackup/ssh_key".path;
      paths = [ "/" ];
    };
    # My own personal homepage
    homepage = {
      enable = true;
    };
    # Dashboard
    homer = {
      enable = true;
    };
    # remote build
    remote-build.enable = true;
    # RSS provider for websites that do not provide any feeds
    rss-bridge = {
      enable = true;
    };
    # voice-chat server
    mumble-server = {
      enable = true;
    };
    # sandbox video game
    # minecraft-server = {
    #   enable = true;
    # };
    # music streaming server
    navidrome = {
      enable = true;
      musicFolder = "/data/music";
    };
    # self-hosted cloud
    nextcloud = {
      enable = true;
      passwordFile = secrets."nextcloud/password".path;
      exporterPasswordFile = secrets."nextcloud-exporter/password".path;
    };
    # document management system
    paperless = {
      enable = true;
      passwordFile = secrets."paperless/password".path;
      settings.PAPERLESS_ADMIN_USER = "felix";
      mediaDir = "/data/docs";
    };
    # RSS aggregator and reader
    freshrss = {
      enable = true;
      defaultUser = "felix";
      passwordFile = secrets."freshrss/password".path;
    };
    # self-hosted git service
    gitea = {
      enable = true;
    };
    # collaborative markdown editor
    hedgedoc = {
      enable = true;
    };
    # a password-generator using the marokov model
    passworts = {
      enable = true;
    };
    # self-hosted photo gallery
    photoprism = {
      enable = true;
      passwordFile = secrets."photoprism/password".path;
      originalsPath = "/data/photos";
      settings = {
        PHOTOPRISM_ADMIN_USER = "felix";
        PHOTOPRISM_SPONSOR = "true";
      };
    };
    ssh-server = {
      enable = true;
    };
    initrd-ssh = {
      enable = true;
    };
    # self-hosted recipe manager
    tandoor-recipes = {
      enable = true;
    };

    prometheus = {
      enable = true;
    };
    alertmanager = {
      enable = true;
    };
    matrix-bot = {
      enable = true;
      PasswortFile = secrets."matrix-bot/password".path;
    };
    grafana = {
      enable = true;
      passwordFile = secrets."grafana/password".path;
    };
    loki = {
      enable = true;
    };
    promtail = {
      enable = true;
    };
    blackbox = {
      enable = true;
    };
    # Webserver
    nginx = {
      enable = true;
      acme = {
        credentialsFile = secrets."acme/inwx".path;
      };
      sso = {
        authKeyFile = secrets."sso/auth-key".path;
        users = {
          felix = {
            passwordHashFile = secrets."sso/felix/password-hash".path;
            totpSecretFile = secrets."sso/felix/totp-secret".path;
          };
        };
        groups = {
          root = [ "felix" ];
        };
      };
    };
  };
}
services: add rss-bridge to newton 2022-07-30 15:01:21 +02:00			`# Deployed services`
treewide: fix deadnix errors 2023-11-07 22:00:00 +01:00			`{ config, ... }:`
services: add rss-bridge to newton 2022-07-30 15:01:21 +02:00			`let`
treewide: fix statix errors 2023-11-07 23:13:51 +01:00			`inherit (config.sops) secrets;`
services: add rss-bridge to newton 2022-07-30 15:01:21 +02:00			`in`
			`{`
treewide: avoid repetitive keys in attrSets 2023-11-12 23:36:30 +01:00			`sops.secrets = {`
			`"acme/inwx" = { };`
			`"borgbackup/password" = { };`
			`"borgbackup/ssh_key" = { };`
			`"sso/auth-key" = { };`
			`"sso/felix/password-hash" = { };`
			`"sso/felix/totp-secret" = { };`
			`"paperless/password" = { };`
			`"nextcloud/password" = {`
			`owner = config.users.users.nextcloud.name;`
			`};`
			`"nextcloud-exporter/password" = {`
			`owner = config.users.users.nextcloud-exporter.name;`
			`};`
			`"freshrss/password" = {`
			`owner = config.users.users.freshrss.name;`
			`};`
			`"photoprism/password" = { };`
			`"grafana/password" = {`
			`owner = config.users.users.grafana.name;`
			`};`
			`"matrix-bot/password" = {`
			`owner = config.systemd.services.go-neb.serviceConfig.User;`
			`};`
service/matrix-bot: init 2023-05-15 22:09:17 +02:00			`};`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00
services: add rss-bridge to newton 2022-07-30 15:01:21 +02:00			`# List services that you want to enable:`
			`my.services = {`
newton/serverle: update backup secrets 2023-01-29 15:23:12 +01:00			`backup = {`
			`enable = true;`
			`OnFailureMail = "server@buehler.rocks";`
			`passwordFile = secrets."borgbackup/password".path;`
machines: update ssh config naming 2023-02-05 19:04:16 +01:00			`sshKeyFile = secrets."borgbackup/ssh_key".path;`
machines/backup: make sure everything is backedup 2023-09-05 22:45:08 +02:00			`paths = [ "/" ];`
newton/serverle: update backup secrets 2023-01-29 15:23:12 +01:00			`};`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`# My own personal homepage`
			`homepage = {`
			`enable = true;`
			`};`
			`# Dashboard`
			`homer = {`
			`enable = true;`
			`};`
service/remote-build: init 2024-03-17 12:11:50 +01:00			`# remote build`
			`remote-build.enable = true;`
services: add rss-bridge to newton 2022-07-30 15:01:21 +02:00			`# RSS provider for websites that do not provide any feeds`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`rss-bridge = {`
			`enable = true;`
			`};`
			`# voice-chat server`
			`mumble-server = {`
			`enable = true;`
			`};`
			`# sandbox video game`
machines/newton: disable minecraft for now 2023-04-07 22:41:11 +02:00			`# minecraft-server = {`
			`# enable = true;`
			`# };`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`# music streaming server`
			`navidrome = {`
			`enable = true;`
machines/newton: migrate from /srv to /data 2023-10-16 23:12:26 +02:00			`musicFolder = "/data/music";`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`};`
			`# self-hosted cloud`
			`nextcloud = {`
			`enable = true;`
			`passwordFile = secrets."nextcloud/password".path;`
service/nextcloud: add monitoring 2023-04-16 18:15:53 +02:00			`exporterPasswordFile = secrets."nextcloud-exporter/password".path;`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`};`
			`# document management system`
			`paperless = {`
			`enable = true;`
			`passwordFile = secrets."paperless/password".path;`
service/paperless: migrate to settings from extraConfig 2024-06-01 18:44:04 +02:00			`settings.PAPERLESS_ADMIN_USER = "felix";`
machines/newton: migrate from /srv to /data 2023-10-16 23:12:26 +02:00			`mediaDir = "/data/docs";`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`};`
service/freshrss: enable on newton 2022-12-25 12:24:54 +01:00			`# RSS aggregator and reader`
			`freshrss = {`
			`enable = true;`
			`defaultUser = "felix";`
			`passwordFile = secrets."freshrss/password".path;`
			`};`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`# self-hosted git service`
			`gitea = {`
			`enable = true;`
			`};`
			`# collaborative markdown editor`
			`hedgedoc = {`
			`enable = true;`
			`};`
			`# a password-generator using the marokov model`
			`passworts = {`
			`enable = true;`
			`};`
service/photoprism: init & enable on newton 2022-12-25 12:24:28 +01:00			`# self-hosted photo gallery`
			`photoprism = {`
			`enable = true;`
			`passwordFile = secrets."photoprism/password".path;`
machines/newton: migrate from /srv to /data 2023-10-16 23:12:26 +02:00			`originalsPath = "/data/photos";`
newton: update photoprism config 2023-01-15 12:18:37 +01:00			`settings = {`
service/photoprism: init & enable on newton 2022-12-25 12:24:28 +01:00			`PHOTOPRISM_ADMIN_USER = "felix";`
newton: update photoprism config 2023-01-15 12:18:37 +01:00			`PHOTOPRISM_SPONSOR = "true";`
service/photoprism: init & enable on newton 2022-12-25 12:24:28 +01:00			`};`
			`};`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`ssh-server = {`
			`enable = true;`
			`};`
service/initrd-ssh: init from legacy 2023-02-15 21:17:09 +01:00			`initrd-ssh = {`
			`enable = true;`
			`};`
service/tandoor-recipes: init 2022-12-25 12:07:38 +01:00			`# self-hosted recipe manager`
			`tandoor-recipes = {`
			`enable = true;`
			`};`
machines/newton: enable prometheus and grafana 2023-04-07 22:40:51 +02:00
			`prometheus = {`
			`enable = true;`
			`};`
service/alertmanager: init 2023-04-27 23:12:00 +02:00			`alertmanager = {`
			`enable = true;`
			`};`
service/matrix-bot: init 2023-05-15 22:09:17 +02:00			`matrix-bot = {`
			`enable = true;`
			`PasswortFile = secrets."matrix-bot/password".path;`
			`};`
machines/newton: enable prometheus and grafana 2023-04-07 22:40:51 +02:00			`grafana = {`
			`enable = true;`
			`passwordFile = secrets."grafana/password".path;`
			`};`
service/loki: init 2023-04-09 23:07:29 +02:00			`loki = {`
			`enable = true;`
			`};`
service/promtail: init 2023-04-09 23:07:39 +02:00			`promtail = {`
			`enable = true;`
			`};`
service/blackbox: init 2023-06-25 21:25:55 +02:00			`blackbox = {`
			`enable = true;`
			`};`
add nextcloud my-service with sqlite 2022-11-29 19:02:01 +01:00			`# Webserver`
			`nginx = {`
			`enable = true;`
			`acme = {`
			`credentialsFile = secrets."acme/inwx".path;`
			`};`
			`sso = {`
			`authKeyFile = secrets."sso/auth-key".path;`
			`users = {`
			`felix = {`
			`passwordHashFile = secrets."sso/felix/password-hash".path;`
			`totpSecretFile = secrets."sso/felix/totp-secret".path;`
			`};`
			`};`
			`groups = {`
			`root = [ "felix" ];`
			`};`
			`};`
			`};`
services: add rss-bridge to newton 2022-07-30 15:01:21 +02:00			`};`
			`}`