{ config, ... }: let secrets = config.age.secrets; in { # this unit is broken and useless. I don't know how to not install # it, so let's mask it. systemd.services.mdmonitor.enable = false; my.services = { samba = { enable = true; publicShares = [ "/data/fast/music" "/data/fast/videos" ]; }; navidrome = { enable = true; vhostName = "music.fcuny.xyz"; musicFolder = "/data/fast/music"; }; unifi = { enable = true; vhostName = "unifi.fcuny.xyz"; }; monitoring = { prometheus = { enable = true; listenAddress = "192.168.6.40"; }; loki = { enable = true; listenAddress = "192.168.6.40"; }; grafana = { enable = true; vhostName = "dash.fcuny.xyz"; }; promtail.enable = true; node-exporter.enable = true; }; cgit = { enable = true; }; gitolite = { enable = true; stateDir = "/var/lib/gitolite"; }; rclone = { enable = true; }; nginx = { enable = true; }; transmission = { enable = true; vhostName = "bt.fcuny.xyz"; }; syncthing.enable = true; backup = { enable = true; repository = "/data/slow/backups/systems"; timerConfig = { OnCalendar = "00:15"; }; passwordFile = secrets."restic/repo-systems".path; paths = [ "/data/fast/music" "/data/fast/photos" "/home" ]; exclude = [ # nothing worth backing up on this machine in this location "/home/fcuny/.cache" "/home/fcuny/.local" # I might have media in this folder, and I don't want them to # be backuped up "/home/fcuny/import" # If it's something I care about it will be moved to /data "/home/fcuny/media/videos" ]; }; sendsms.enable = true; }; services.openssh.sftpServerExecutable = "internal-sftp"; services.openssh.extraConfig = '' Match User backup ChrootDirectory ${config.users.users.backup.home} ForceCommand internal-sftp AllowTcpForwarding no ''; }