blob: 401009425ba52d21eb69a8a2cbaedba03200db44 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
{ config, ... }:
let secrets = config.age.secrets;
in
{
# this unit is broken and useless. I don't know how to not install
# it, so let's mask it.
systemd.services.mdmonitor.enable = false;
my.services = {
samba = {
enable = true;
publicShares = [ "/data/fast/music" "/data/fast/videos" ];
};
navidrome = {
enable = true;
vhostName = "music.fcuny.xyz";
musicFolder = "/data/fast/music";
};
unifi = {
enable = true;
vhostName = "unifi.fcuny.xyz";
};
monitoring = {
prometheus = {
enable = true;
listenAddress = "192.168.6.40";
};
loki = {
enable = true;
listenAddress = "192.168.6.40";
};
grafana = {
enable = true;
vhostName = "dash.fcuny.xyz";
};
promtail.enable = true;
node-exporter.enable = true;
};
cgit = {
enable = true;
};
gitolite = {
enable = true;
stateDir = "/var/lib/gitolite";
};
rclone = { enable = true; };
nginx = { enable = true; };
transmission = {
enable = true;
vhostName = "bt.fcuny.xyz";
};
syncthing.enable = true;
backup = {
enable = true;
repository = "/data/slow/backups/systems";
timerConfig = { OnCalendar = "00:15"; };
passwordFile = secrets."restic/repo-systems".path;
paths =
[
"/data/fast/music"
"/data/fast/photos"
"/home"
];
exclude = [
# nothing worth backing up on this machine in this location
"/home/fcuny/.cache"
"/home/fcuny/.local"
# I might have media in this folder, and I don't want them to
# be backuped up
"/home/fcuny/import"
# If it's something I care about it will be moved to /data
"/home/fcuny/media/videos"
];
};
sendsms.enable = true;
};
services.openssh.sftpServerExecutable = "internal-sftp";
services.openssh.extraConfig = ''
Match User backup
ChrootDirectory ${config.users.users.backup.home}
ForceCommand internal-sftp
AllowTcpForwarding no
'';
}
|
