nix-config/hosts/nas/services.nix

{ pkgs, ... }:
let
  enableDisplayManager = true;
in
{
  # Services configs
  services = {

    minecraft-server = {
      enable = true;
      eula = true;
      declarative = true;
      openFirewall = true;
      dataDir = "/media/nas/ssd/ssd_app_data/minecraft";
      serverProperties = {
        enforce-whitelist = true;
        white-list = true;
        "enable-rcon" = true;
        "rcon.password" = "BogieDudie1"; # todo
      };
      whitelist = {
        mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189";
        AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda";
        Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3";
        SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427";
      };
      jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
    };

    adguardhome = {
      enable = true;
      allowDHCP = true;
      port = 1880;
      openFirewall = true;
      settings = {
        dns = {
          upstream_dns = [
            "https://dns10.quad9.net/dns-query"
            "1.1.1.1"
            "1.0.0.1"
            "8.8.8.8"
            "208.67.222.222"
            "208.67.220.220"
          ];
          fallback_dns = [
            "https://dns10.quad9.net/dns-query"
            "1.1.1.1"
            "1.0.0.1"
            "8.8.8.8"
            "208.67.222.222"
            "208.67.220.220"
          ];
          bootstrap_dns = [
            "9.9.9.10"
            "1.1.1.1"
            "1.0.0.1"
            "8.8.8.8"
            "8.8.4.4"
            "208.67.222.222"
            "208.67.220.220"
            "149.112.112.10"
            "2620:fe::10"
            "2620:fe::fe:10"
          ];
        };
        dhcp = {
          enabled = true;
          interface_name = "wlp6s0";
          dhcpv4 = {
            gateway_ip = "10.0.1.1";
            subnet_mask = "255.255.255.0";
            range_start = "10.0.1.151";
            range_end = "10.0.1.250";
          };
        };
      };
    };

    udisks2.enable = true;

    # Enable the X11 windowing system.
    xserver = {
      enable = enableDisplayManager;

      # Enable the Desktop Environment.
      desktopManager.lxqt.enable = enableDisplayManager;
      displayManager = {
        lightdm.enable = enableDisplayManager;
        #defaultSession = "plasma";
      };
    };

    # Set to enable Flatpak
    flatpak.enable = false;

    # Enable RDP
    xrdp = {
      enable = enableDisplayManager;
      defaultWindowManager = "startplasma-x11";
      openFirewall = enableDisplayManager;
    };

    avahi = {
      enable = true;
      nssmdns4 = true;
      publish = {
        enable = true;
        addresses = true;
        domain = true;
        hinfo = true;
        userServices = true;
        workstation = true;
      };
      extraServiceFiles = {
        # TODO is this needed?
        smb = ''
          <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
          <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
          <service-group>
            <name replace-wildcards="yes">%h</name>
            <service>
              <type>_smb._tcp</type>
              <port>445</port>
            </service>
          </service-group>
        '';
      };
    };

    apcupsd = {
      enable = true;
    };

    tailscale = {
      enable = true;
      openFirewall = true;
      useRoutingFeatures = "client";
      extraUpFlags = [ "--advertise-exit-node" ];
      extraSetFlags = [
        "--advertise-exit-node"
        "--hostname=jallen-nas"
        "--webclient"
      ];
      authKeyFile = "/media/nas/ssd/nix-app-data/tailscale/auth";
    };

    btrfs = {
      autoScrub.enable = false;
      autoScrub.fileSystems = [
        "/nix"
        "/root"
        "/etc"
        "/var/log"
        "/home"
        "/media/nas/ssd/nix-app-data"
        "/media/nas/ssd/ssd_app_data"
        "/media/nas/ssd/mariadb"
        "/media/nas/main/3d_printer"
        "/media/nas/main/backup"
        "/media/nas/main/documents"
        "/media/nas/main/nextcloud"
        "/media/nas/main/movies"
        "/media/nas/main/tv"
        "/media/nas/main/isos"
      ];
    };

    authentik = {
      enable = true;
      environmentFile = "/media/nas/ssd/nix-app-data/authentik/.env";

    };

    postgresql = {
      enable = true;
      package = pkgs.postgresql_16;
      dataDir = "/media/nas/ssd/nix-app-data/postgresql";
      ensureDatabases = [ "authentik" ];
      ensureUsers = [
        {
          name = "authentik";
          ensureDBOwnership = true;
        }
      ];
    };

    redis = {
      servers = {
        authentik = {
          enable = true;
          port = 6379;
        };

        manyfold = {
          enable = true;
          port = 6380;
          # user = "911";#"${config.users.users.nix-apps.name}:${config.users.groups.jallen-nas.name}";
        };
      };
    };
  };

  systemd.user.services = {
    protonmail-bridge = {
      description = "Protonmail Bridge";
      enable = true;
      script = "${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive";
      path = [
        pkgs.pass
        pkgs.protonmail-bridge
      ];
      wantedBy = [ "multi-user.target" ];
      partOf = [ "multi-user.target" ];
    };
  };

  systemd.services = {

    rsync-ssd = {
      path = [
        pkgs.bash
        pkgs.rsync
      ];
      script = ''
        rsync -rtpogvPlHzs --ignore-existing /media/nas/ssd /media/nas/main/backup/ssd
      '';
    };

    glances-server = {
      path = [
        pkgs.bash
        pkgs.glances
      ];
      script = ''
        glances -w
      '';
      wantedBy = [ "multi-user.target" ];
    };
  };
}