~abyxcos/nas.nix

2ca54c04770a68597ee8b07e17104e64203c8421 — root 1 year, 14 days ago 7cd19c8
Flatten the config. Remove the services block and just name the individual things services-dot. Less tabbing involved. There should be no functional changes here.
1 files changed, 104 insertions(+), 138 deletions(-)

M configuration.nix
M configuration.nix => configuration.nix +104 -138
@@ 39,15 39,15 @@ let options = {

	# To create the storage pool:
	# virsh pool-define --file *.xml
	virtualisation = {
		libvirtd.enable = true;
		libvirtd.qemu.ovmf.enable = true;

		docker.enable = true;
		docker.daemon.settings = {
			fixed-cidr-v6 = "fd01::/80";
			ipv6 = true;
		};
	virtualisation.libvirtd = {
		enable = true;
		qemu.ovmf.enable = true;
	};

	virtualisation.docker.enable = true;
	virtualisation.docker.daemon.settings = {
		fixed-cidr-v6 = "fd01::/80";
		ipv6 = true;
	};

	# libvirtd now requires polkit to be enabled


@@ 135,155 135,121 @@ let options = {

	# List services that you want to enable:

	services = {
		zfs = {
			autoScrub.enable = true;
			autoSnapshot.enable = true;
		};

		openssh = {
			enable = true;
			banner = "くコ:彡 くコ:彡 くコ:彡\n";
		};
	services.zfs = {
		autoScrub.enable = true;
		autoSnapshot.enable = true;
	};

		cron = {
			enable = true;
			systemCronJobs = [
				"* 3 * * *	abyxcos	cd /mnt/guava/backups/git && /bin/sh /home/abyxcos/src/backup_scripts/backup_git.sh"
			];
		};
	services.openssh = {
		enable = true;
		banner = "くコ:彡 くコ:彡 くコ:彡\n";
	};

		navidrome = {
			enable = true;
			# package = pkgs.unstable.navidrome;
			settings = {
				Address = "0.0.0.0";
				MusicFolder = "/mnt/guava/music";
			};
		};
	services.cron.enable = true;
	services.cron.systemCronJobs = [
		"* 3 * * *	abyxcos	cd /mnt/guava/backups/git && /bin/sh /home/abyxcos/src/backup_scripts/backup_git.sh"
	];

		nginx.virtualHosts."music.mnetic.ch" = {
			locations."/".proxyPass = "http://localhost:4533/";
		};
	services.navidrome.enable = true;
	services.navidrome.package = pkgs.unstable.navidrome;
	services.navidrome.settings = {
		Address = "0.0.0.0";
		MusicFolder = "/mnt/guava/music";
	};
	services.nginx.virtualHosts."music.mnetic.ch" = {
		locations."/".proxyPass = "http://localhost:4533/";
	};

		jellyfin = {
			enable = true;
		};
	services.jellyfin.enable = true;

		# Add users with: `smbpasswd -a <user>`
		samba = {
			enable = true;
			openFirewall = true;
			extraConfig = ''
				# Force directories to have at least user and group write.
				force directory mask = 0775
			'';
			shares.guava = {
				path = "/mnt/guava";
				writeable = "yes";
				browseable = "yes";
			};
	# Add users with: `smbpasswd -a <user>`
	services.samba = {
		enable = true;
		openFirewall = true;
		extraConfig = ''
			# Force directories to have at least user and group write.
			force directory mask = 0775
		'';
		shares.guava = {
			path = "/mnt/guava";
			writeable = "yes";
			browseable = "yes";
		};
	};

		#step-ca = {
		#	enable = true;
		#	intermediatePasswordFile = "/run/keys/smallstep-password";
		#};

		# https://carjorvaz.com/posts/setting-up-headscale-on-nixos/
		# https://github.com/gurucomputing/headscale-ui
		headscale = {
			enable = false;
			address = "0.0.0.0";
			port = 7610;
			settings = {
				serverUrl = "http://headscale.mnetic.ch";
				dns.base_domain = "headscale.mnetic.ch";
			};
	#services.step-ca.enable = true;
	#services.step-ac.intermediatePasswordFile = "/run/keys/smallstep-password";

	# https://carjorvaz.com/posts/setting-up-headscale-on-nixos/
	# https://github.com/gurucomputing/headscale-ui
	services.headscale.enable = false;
	services.headscale = {
		address = "0.0.0.0";
		port = 7610;
		settings = {
			serverUrl = "http://headscale.mnetic.ch";
			dns.base_domain = "headscale.mnetic.ch";
		};
	};

		nginx.virtualHosts."headscale.mnetic.ch" = {
			#forceSSL = true;
			#enableACME = true;
			locations."/" = {
				proxyPass = "http://localhost:${toString config.services.headscale.port}";
				proxyWebsockets = true;
			};
	services.nginx.virtualHosts."headscale.mnetic.ch" = {
		#forceSSL = true;
		#enableACME = true;
		locations."/" = {
			proxyPass = "http://localhost:${toString config.services.headscale.port}";
			proxyWebsockets = true;
		};
	};

		avahi = {
	services.avahi.enable = true;
	services.avahi = {
		#interfaces = [ "bond0" "lo" ];
		reflector = true;
		publish = {
			enable = true;
			#interfaces = [ "bond0" "lo" ];
			reflector = true;
			publish = {
				enable = true;
				addresses = true;
			};
			addresses = true;
		};
	};

		gitea = {
			enable = true;
			package = pkgs.forgejo;
			stateDir = "/mnt/guava/services/foregejo";

			settings = {
				server = {
					DOMAIN = "git.mnetic.ch";
					ROOT_URL = "http://git.mnetic.ch";
				};
				service = {
					# DISABLE_REGISTRATION = true;
					REGISTER_MANUAL_CONFIRM = true;
				};
				indexer = {
					# Enable searching repo files
					# https://docs.gitea.io/en-us/administration/repo-indexer/
					REPO_INDEXER_ENABLED = true;
					REPO_INDEXER_PATH = "data/indexers/repos.bleve";
				};
				actions = {
					ENABLED = true;
				};
			};
	services.gitea.enable = true;
	services.gitea.package = pkgs.forgejo;
	services.gitea.stateDir = "/mnt/guava/services/foregejo";
	services.gitea.settings = {
		server = {
			DOMAIN = "git.mnetic.ch";
			ROOT_URL = "http://git.mnetic.ch";
		};

		# https://forgejo.org/2023-02-27-forgejo-actions/
		# https://forgejo.org/docs/v1.20/admin/actions/
		gitea-actions-runner = {
			# package = pkgs.unstable.gitea-actions-runner;

			instances.nas = {
				enable = true;
				name = config.networking.hostName;
				url = "http://git.mnetic.ch";
				token = "mGULm6uyFKtMm84ExV2OrUfisaSUzoYf1pQOEDdI";
				labels = [];
			};
		service = {
			# DISABLE_REGISTRATION = true;
			REGISTER_MANUAL_CONFIRM = true;
		};

		nginx.virtualHosts."git.mnetic.ch" = {
			locations."/".proxyPass = "http://localhost:3000/";
		indexer = {
			# Enable searching repo files
			# https://docs.gitea.io/en-us/administration/repo-indexer/
			REPO_INDEXER_ENABLED = true;
			REPO_INDEXER_PATH = "data/indexers/repos.bleve";
		};

		postgresql = {
			enable = true;
			package = pkgs.postgresql_15;
			enableTCPIP = true;
			authentication = pkgs.lib.mkOverride 15 ''
				local all all trust
				host all all 127.0.0.1/32 trust
				host all all ::1/128 trust
			'';
			initialScript = pkgs.writeText "backend-initScript" ''
				CREATE ROLE wikijs WITH LOGIN PASSWORD 'wikijs' CREATEDB;
				CREATE DATABASE wikijs;
				GRANT ALL PRIVILEGES ON DATABASE wikijs TO wikijs;
			'';
		actions = {
			ENABLED = true;
		};
	};
	services.nginx.virtualHosts."git.mnetic.ch" = {
		locations."/".proxyPass = "http://localhost:3000/";
	};

	# https://forgejo.org/2023-02-27-forgejo-actions/
	# https://forgejo.org/docs/v1.20/admin/actions/
	services.gitea-actions-runner.package = pkgs.unstable.gitea-actions-runner;
	services.gitea-actions-runner.instances.nas = {
		enable = true;
		name = config.networking.hostName;
		url = "http://git.mnetic.ch";
		token = "mGULm6uyFKtMm84ExV2OrUfisaSUzoYf1pQOEDdI";
		labels = [];
	};

	mailserver.enable = false;
	mailserver = {
		enable = false;
		fqdn = "mail.bouncingkiwi.net";
		domains = [ "bouncingkiwi.net" ];
		loginAccounts = {


@@ 293,8 259,8 @@ let options = {
		};
	};

	services.roundcube.enable = false;
	services.roundcube = {
		enable = false;
		hostName = "mail.bouncingkiwi.net";
		extraConfig = ''
			$config['smtp_server'] = "tls://${config.mailserver.fqdn}";