mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
96a05612c641bc73c67360dfd885acb2da62b7cd
nix-config/hosts/nas/services.nix
mjallen18 96a05612c6 tmp
2024-11-08 22:31:09 -06:00

318 lines
7.4 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
enableDisplayManager = true;
in
{
# Services configs
services = {
caddy = {
enable = false;
email = "jalle008@proton.me";
enableReload = true;
user = "nix-apps";
group = "jallen-nas";
dataDir = "/media/nas/ssd/nix-app-data/caddy";
virtualHosts = {
"authentik.mjallen.dev".extraConfig = ''
reverse_proxy http://10.0.1.18:9000
'';
"jellyfin.mjallen.dev".extraConfig = ''
reverse_proxy http://10.0.1.18:8096
'';
};
};
minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
dataDir = "/media/nas/ssd/ssd_app_data/minecraft";
serverProperties = {
enforce-whitelist = true;
white-list = true;
"enable-rcon" = true;
"rcon.password" = "BogieDudie1"; # todo
};
whitelist = {
mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189";
AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda";
Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3";
SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427";
};
jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
};
adguardhome = {
enable = false;
allowDHCP = true;
port = 1880;
openFirewall = true;
settings = {
dns = {
upstream_dns = [
"https://dns10.quad9.net/dns-query"
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"208.67.222.222"
"208.67.220.220"
];
fallback_dns = [
"https://dns10.quad9.net/dns-query"
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"208.67.222.222"
"208.67.220.220"
];
bootstrap_dns = [
"9.9.9.10"
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"8.8.4.4"
"208.67.222.222"
"208.67.220.220"
"149.112.112.10"
"2620:fe::10"
"2620:fe::fe:10"
];
};
dhcp = {
enabled = true;
interface_name = "wlp7s0";
dhcpv4 = {
gateway_ip = "10.0.1.1";
subnet_mask = "255.255.255.0";
range_start = "10.0.1.151";
range_end = "10.0.1.250";
};
};
};
};
udisks2.enable = true;
# Enable the X11 windowing system.
xserver = {
enable = enableDisplayManager;
# Enable the Desktop Environment.
desktopManager.lxqt.enable = enableDisplayManager;
displayManager = {
lightdm.enable = enableDisplayManager;
#defaultSession = "plasma";
};
};
# Set to enable Flatpak
flatpak.enable = false;
# Enable RDP
xrdp = {
enable = enableDisplayManager;
defaultWindowManager = "startplasma-x11";
openFirewall = enableDisplayManager;
};
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
# TODO is this needed?
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "client";
extraUpFlags = [
"--advertise-exit-node"
"--accept-dns=false"
"--advertise-routes=10.0.1.0/24"
"--hostname=jallen-nas"
];
extraSetFlags = [
"--advertise-exit-node"
"--hostname=jallen-nas"
"--webclient"
];
authKeyFile = "/media/nas/ssd/nix-app-data/tailscale/auth";
};
btrfs = {
autoScrub.enable = false;
autoScrub.fileSystems = [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
"/media/nas/ssd/nix-app-data"
"/media/nas/ssd/ssd_app_data"
"/media/nas/ssd/mariadb"
"/media/nas/main/3d_printer"
"/media/nas/main/backup"
"/media/nas/main/documents"
"/media/nas/main/nextcloud"
"/media/nas/main/movies"
"/media/nas/main/tv"
"/media/nas/main/isos"
];
};
authentik = {
enable = true;
environmentFile = "/media/nas/ssd/nix-app-data/authentik/.env";
};
postgresql = {
enable = true;
package = pkgs.postgresql_16;
dataDir = "/media/nas/ssd/nix-app-data/postgresql";
ensureDatabases = [ "authentik" ];
ensureUsers = [
{
name = "authentik";
ensureDBOwnership = true;
}
];
};
redis = {
servers = {
authentik = {
enable = true;
port = 6379;
};
manyfold = {
enable = true;
port = 6380;
# user = "911";#"${config.users.users.nix-apps.name}:${config.users.groups.jallen-nas.name}";
};
};
};
grafana = {
enable = true;
settings.server = {
http_port = 2342;
domain = "10.0.1.18";
serve_from_sub_path = true;
http_addr = "";
};
dataDir = "/media/nas/ssd/nix-app-data/grafana";
};
nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
prometheus = {
enable = true;
port = 8000;
exporters = {
node = {
enable = true;
enabledCollectors = [
"diskstats"
"systemd"
];
port = 8001;
};
smartctl = {
enable = true;
group = "disk";
devices = [
"/dev/mapper/ssd1"
"/dev/mapper/ssd2"
"/dev/mapper/hdd1"
"/dev/mapper/hdd2"
"/dev/mapper/hdd3"
"/dev/mapper/hdd4"
"/dev/mapper/hdd5"
];
};
};
scrapeConfigs = [
{
job_name = "jallen-nas";
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"
];
}
];
}
];
};
};
systemd.user.services = {
protonmail-bridge = {
description = "Protonmail Bridge";
enable = true;
script = "${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive";
path = [
pkgs.pass
pkgs.protonmail-bridge
];
wantedBy = [ "multi-user.target" ];
partOf = [ "multi-user.target" ];
};
};
systemd.services = {
rsync-ssd = {
path = [
pkgs.bash
pkgs.rsync
];
script = ''
rsync -rtpogvPlHzs --ignore-existing /media/nas/ssd /media/nas/main/backup/ssd
'';
};
glances-server = {
path = [
pkgs.bash
pkgs.glances
];
script = ''
glances -w
'';
wantedBy = [ "multi-user.target" ];
};
};
}
Reference in New Issue View Git Blame Copy Permalink