nixos/machines/serverle/services.nix

# Deployed services
{ config, lib, ... }:
let
  secrets = config.sops.secrets;
in
{
  sops.secrets."acme/inwx" = { };
  sops.secrets."borgbackup/password" = { };
  sops.secrets."borgbackup/ssh_key" = { };
  sops.secrets."sso/auth-key" = { };
  sops.secrets."sso/felix/password-hash" = { };
  sops.secrets."sso/felix/totp-secret" = { };

  # List services that you want to enable:
  my.services = {
    backup = {
      enable = true;
      OnFailureMail = "server@buehler.rocks";
      passwordFile = secrets."borgbackup/password".path;
      sshKeyFile = secrets."borgbackup/ssh_key".path;
    };

    prowlarr = {
      enable = true;
    };
    radarr = {
      enable = true;
    };
    sonarr = {
      enable = true;
    };
    bazarr = {
      enable = true;
    };

    ssh-server = {
      enable = true;
    };

    jellyfin = {
      enable = true;
    };
    # Dashboard
    homer = {
      enable = true;
    };
    # Webserver
    nginx = {
      enable = true;
      acme = {
        credentialsFile = secrets."acme/inwx".path;
      };
      sso = {
        authKeyFile = secrets."sso/auth-key".path;
        users = {
          felix = {
            passwordHashFile = secrets."sso/felix/password-hash".path;
            totpSecretFile = secrets."sso/felix/totp-secret".path;
          };
        };
        groups = {
          root = [ "felix" ];
        };
      };
    };
  };
}
serverle: start using my-modules 2022-11-29 18:45:37 +01:00			`# Deployed services`
			`{ config, lib, ... }:`
			`let`
			`secrets = config.sops.secrets;`
			`in`
			`{`
machine/serverle: enable nginx with separate network config 2023-02-23 20:02:46 +01:00			`sops.secrets."acme/inwx" = { };`
service/backup: modularize backup 2022-12-04 18:06:51 +01:00			`sops.secrets."borgbackup/password" = { };`
machines: update ssh config naming 2023-02-05 19:04:16 +01:00			`sops.secrets."borgbackup/ssh_key" = { };`
machine/serverle: enable nginx with separate network config 2023-02-23 20:02:46 +01:00			`sops.secrets."sso/auth-key" = { };`
			`sops.secrets."sso/felix/password-hash" = { };`
			`sops.secrets."sso/felix/totp-secret" = { };`
service/backup: modularize backup 2022-12-04 18:06:51 +01:00
serverle: start using my-modules 2022-11-29 18:45:37 +01:00			`# List services that you want to enable:`
			`my.services = {`
service/backup: modularize backup 2022-12-04 18:06:51 +01:00			`backup = {`
			`enable = true;`
			`OnFailureMail = "server@buehler.rocks";`
			`passwordFile = secrets."borgbackup/password".path;`
machines: update ssh config naming 2023-02-05 19:04:16 +01:00			`sshKeyFile = secrets."borgbackup/ssh_key".path;`
service/backup: modularize backup 2022-12-04 18:06:51 +01:00			`};`

service/prowlarr: init from legacy 2023-03-15 22:36:29 +01:00			`prowlarr = {`
			`enable = true;`
			`};`
service/radarr: init from legacy 2023-03-15 22:35:46 +01:00			`radarr = {`
			`enable = true;`
			`};`
service/sonarr: init from legacy 2023-03-15 22:34:36 +01:00			`sonarr = {`
			`enable = true;`
			`};`
service/bazarr: init from legacy 2023-03-15 22:37:27 +01:00			`bazarr = {`
			`enable = true;`
			`};`
service/sonarr: init from legacy 2023-03-15 22:34:36 +01:00
serverle: start using my-modules 2022-11-29 18:45:37 +01:00			`ssh-server = {`
			`enable = true;`
			`};`
serverle: enable jellyfin 2022-11-30 13:41:31 +01:00
			`jellyfin = {`
			`enable = true;`
			`};`
machine/serverle: enable nginx with separate network config 2023-02-23 20:02:46 +01:00			`# Dashboard`
			`homer = {`
			`enable = true;`
			`};`
			`# Webserver`
			`nginx = {`
			`enable = true;`
			`acme = {`
			`credentialsFile = secrets."acme/inwx".path;`
			`};`
			`sso = {`
			`authKeyFile = secrets."sso/auth-key".path;`
			`users = {`
			`felix = {`
			`passwordHashFile = secrets."sso/felix/password-hash".path;`
			`totpSecretFile = secrets."sso/felix/totp-secret".path;`
			`};`
			`};`
			`groups = {`
			`root = [ "felix" ];`
			`};`
			`};`
			`};`
serverle: start using my-modules 2022-11-29 18:45:37 +01:00			`};`
			`}`