{ self, config, ... }: let secrets = config.age.secrets; in { # this unit is broken and useless. I don't know how to not install # it, so let's mask it. systemd.services.mdmonitor.enable = false; my.services = { samba = { enable = true; publicShares = [ "/data/fast/music" "/data/fast/videos" ]; }; monitoring = { prometheus = { enable = true; listenAddress = "192.168.6.40"; }; loki = { enable = true; listenAddress = "192.168.6.40"; }; grafana = { enable = true; vhostName = "dash.${config.homelab.domain}"; }; promtail.enable = true; node-exporter.enable = true; }; cgit = { enable = true; }; gitolite = { enable = true; stateDir = "/var/lib/gitolite"; }; syncthing.enable = true; backup = { enable = true; repository = "/data/slow/backups/hosts/tahoe"; timerConfig = { OnCalendar = "00:15"; }; passwordFile = secrets."restic/repo-systems".path; paths = [ "/data/fast/music" "/data/fast/photos" "/home/fcuny/documents" "/home/fcuny/workspace" "/home/fcuny/media" ]; exclude = [ ]; }; backup.rsync = { enable = true; timerConfig = { OnCalendar = "00:15"; }; sourceDir = "/data/slow/backups/"; destination = "de2664@de2664.rsync.net:backups/"; }; sendsms.enable = true; }; services.openssh.sftpServerExecutable = "internal-sftp"; services.openssh.extraConfig = '' Match User backup ChrootDirectory ${config.users.users.backup.home} ForceCommand internal-sftp AllowTcpForwarding no ''; }