blob: a04225e7aa75b55de0eae860673a904f95a9ae9a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
{ config, ... }:
let secrets = config.age.secrets;
in
{
# this unit is broken and useless. I don't know how to not install
# it, so let's mask it.
systemd.services.mdmonitor.enable = false;
my.services = {
samba = {
enable = true;
publicShares = [ "/data/fast/music" "/data/fast/videos" ];
};
navidrome = {
enable = true;
vhostName = "music.fcuny.xyz";
musicFolder = "/data/fast/music";
};
unifi = {
enable = true;
vhostName = "unifi.fcuny.xyz";
};
monitoring = {
prometheus = {
enable = true;
listenAddress = "192.168.6.40";
};
loki = {
enable = true;
listenAddress = "192.168.6.40";
};
grafana = {
enable = true;
vhostName = "dash.fcuny.xyz";
};
promtail.enable = true;
node-exporter.enable = true;
};
cgit = {
enable = true;
};
gitolite = {
enable = true;
stateDir = "/var/lib/gitolite";
};
nginx = { enable = true; };
transmission = {
enable = true;
vhostName = "bt.fcuny.xyz";
};
syncthing.enable = true;
backup = {
enable = true;
repository = "/data/slow/backups/hosts/tahoe";
timerConfig = { OnCalendar = "00:15"; };
passwordFile = secrets."restic/repo-systems".path;
paths =
[
"/data/fast/music"
"/data/fast/photos"
"/home/fcuny/documents"
"/home/fcuny/workspace"
"/home/fcuny/media"
];
exclude = [ ];
};
backup.rsync = {
enable = true;
timerConfig = { OnCalendar = "00:15"; };
sourceDir = "/data/slow/backups/";
destination = "de2664@de2664.rsync.net:backups/";
};
sendsms.enable = true;
};
services.openssh.sftpServerExecutable = "internal-sftp";
services.openssh.extraConfig = ''
Match User backup
ChrootDirectory ${config.users.users.backup.home}
ForceCommand internal-sftp
AllowTcpForwarding no
'';
}
|
