nixos/machines/serverle/services.nix

# Deployed services
{ config, ... }:
let
  inherit (config.sops) secrets;
in
{
  sops.secrets = {
    "acme/inwx" = { };
    "borgbackup/password" = { };
    "borgbackup/ssh_key" = { };
    "dyndns/password" = { };
    "sso/auth-key" = { };
    "sso/felix/password-hash" = { };
    "sso/felix/totp-secret" = { };
    "prowlarr/apikey" = { };
    "radarr/apikey" = { };
    "sonarr/apikey" = { };
  };

  # List services that you want to enable:
  my.services = {
    backup = {
      enable = true;
      OnFailureMail = "server@buehler.rocks";
      passwordFile = secrets."borgbackup/password".path;
      sshKeyFile = secrets."borgbackup/ssh_key".path;
      paths = [ "/" ];
    };

    # dyndns = {
    #   enable = true;
    #   passwordFile = secrets."dyndns/password".path;
    # };

    # aria2 = {
    #   enable = true;
    #   downloadDir = "/data/tmp/aria2/";
    # };

    blocky = {
      enable = true;
    };

    prowlarr = {
      enable = true;
      apiKeyFile = secrets."prowlarr/apikey".path;
    };
    radarr = {
      enable = true;
      apiKeyFile = secrets."radarr/apikey".path;
    };
    sonarr = {
      enable = true;
      apiKeyFile = secrets."sonarr/apikey".path;
    };
    bazarr = {
      enable = true;
    };

    ssh-server = {
      enable = true;
    };

    jellyfin = {
      enable = true;
    };
    jellyseerr = {
      enable = true;
    };
    # Dashboard
    homer = {
      enable = true;
    };
    # Webserver
    nginx = {
      enable = true;
      acme = {
        credentialsFile = secrets."acme/inwx".path;
      };
      sso = {
        authKeyFile = secrets."sso/auth-key".path;
        users = {
          felix = {
            passwordHashFile = secrets."sso/felix/password-hash".path;
            totpSecretFile = secrets."sso/felix/totp-secret".path;
          };
        };
        groups = {
          root = [ "felix" ];
        };
      };
    };
  };
}
serverle: start using my-modules 2022-11-29 18:45:37 +01:00			`# Deployed services`
treewide: fix deadnix errors 2023-11-07 22:00:00 +01:00			`{ config, ... }:`
serverle: start using my-modules 2022-11-29 18:45:37 +01:00			`let`
treewide: fix statix errors 2023-11-07 23:13:51 +01:00			`inherit (config.sops) secrets;`
serverle: start using my-modules 2022-11-29 18:45:37 +01:00			`in`
			`{`
treewide: avoid repetitive keys in attrSets 2023-11-12 23:36:30 +01:00			`sops.secrets = {`
			`"acme/inwx" = { };`
			`"borgbackup/password" = { };`
			`"borgbackup/ssh_key" = { };`
			`"dyndns/password" = { };`
			`"sso/auth-key" = { };`
			`"sso/felix/password-hash" = { };`
			`"sso/felix/totp-secret" = { };`
			`"prowlarr/apikey" = { };`
			`"radarr/apikey" = { };`
			`"sonarr/apikey" = { };`
			`};`
service/backup: modularize backup 2022-12-04 18:06:51 +01:00
serverle: start using my-modules 2022-11-29 18:45:37 +01:00			`# List services that you want to enable:`
			`my.services = {`
service/backup: modularize backup 2022-12-04 18:06:51 +01:00			`backup = {`
			`enable = true;`
			`OnFailureMail = "server@buehler.rocks";`
			`passwordFile = secrets."borgbackup/password".path;`
machines: update ssh config naming 2023-02-05 19:04:16 +01:00			`sshKeyFile = secrets."borgbackup/ssh_key".path;`
machines/backup: make sure everything is backedup 2023-09-05 22:45:08 +02:00			`paths = [ "/" ];`
service/backup: modularize backup 2022-12-04 18:06:51 +01:00			`};`

machine/serverle: enable jellyseerr disable dyndns 2023-06-04 18:57:43 +02:00			`# dyndns = {`
			`# enable = true;`
			`# passwordFile = secrets."dyndns/password".path;`
			`# };`
service/dyndns: migrate from serverle 2023-06-04 17:17:35 +02:00
machine/serverle: add aria2 dummy 2023-09-05 22:22:34 +02:00			`# aria2 = {`
			`# enable = true;`
			`# downloadDir = "/data/tmp/aria2/";`
			`# };`

service/blocky: fix config 2023-06-04 21:08:37 +02:00			`blocky = {`
			`enable = true;`
			`};`

service/prowlarr: init from legacy 2023-03-15 22:36:29 +01:00			`prowlarr = {`
			`enable = true;`
service/exportarr: fix apikey 2023-07-25 22:20:49 +02:00			`apiKeyFile = secrets."prowlarr/apikey".path;`
service/prowlarr: init from legacy 2023-03-15 22:36:29 +01:00			`};`
service/radarr: init from legacy 2023-03-15 22:35:46 +01:00			`radarr = {`
			`enable = true;`
service/exportarr: fix apikey 2023-07-25 22:20:49 +02:00			`apiKeyFile = secrets."radarr/apikey".path;`
service/radarr: init from legacy 2023-03-15 22:35:46 +01:00			`};`
service/sonarr: init from legacy 2023-03-15 22:34:36 +01:00			`sonarr = {`
			`enable = true;`
service/exportarr: fix apikey 2023-07-25 22:20:49 +02:00			`apiKeyFile = secrets."sonarr/apikey".path;`
service/sonarr: init from legacy 2023-03-15 22:34:36 +01:00			`};`
service/bazarr: init from legacy 2023-03-15 22:37:27 +01:00			`bazarr = {`
			`enable = true;`
			`};`
service/sonarr: init from legacy 2023-03-15 22:34:36 +01:00
serverle: start using my-modules 2022-11-29 18:45:37 +01:00			`ssh-server = {`
			`enable = true;`
			`};`
serverle: enable jellyfin 2022-11-30 13:41:31 +01:00
			`jellyfin = {`
			`enable = true;`
			`};`
machine/serverle: enable jellyseerr disable dyndns 2023-06-04 18:57:43 +02:00			`jellyseerr = {`
			`enable = true;`
			`};`
machine/serverle: enable nginx with separate network config 2023-02-23 20:02:46 +01:00			`# Dashboard`
			`homer = {`
			`enable = true;`
			`};`
			`# Webserver`
			`nginx = {`
			`enable = true;`
			`acme = {`
			`credentialsFile = secrets."acme/inwx".path;`
			`};`
			`sso = {`
			`authKeyFile = secrets."sso/auth-key".path;`
			`users = {`
			`felix = {`
			`passwordHashFile = secrets."sso/felix/password-hash".path;`
			`totpSecretFile = secrets."sso/felix/totp-secret".path;`
			`};`
			`};`
			`groups = {`
			`root = [ "felix" ];`
			`};`
			`};`
			`};`
serverle: start using my-modules 2022-11-29 18:45:37 +01:00			`};`
			`}`