path: root/hosts/tahoe/services.nix

                      
                                 
{ self, config, ... }:
let secrets = config.age.secrets;
in
{
  # this unit is broken and useless. I don't know how to not install
  # it, so let's mask it.
  systemd.services.mdmonitor.enable = false;

  my.services = {
    samba = {
      enable = true;
      publicShares = [ "/data/fast/music" "/data/fast/videos" ];
    };
    navidrome = {
      enable = true;
      vhostName = "music.${config.homelab.domain}";
      musicFolder = "/data/fast/music";
    };
    unifi = {
      enable = true;
      vhostName = "unifi.${config.homelab.domain}";
    };

    monitoring = {
      prometheus = {
        enable = true;
        listenAddress = "192.168.6.40";
      };
      loki = {
        enable = true;
        listenAddress = "192.168.6.40";
      };
      grafana = {
        enable = true;
        vhostName = "dash.${config.homelab.domain}";
      };
      promtail.enable = true;
      node-exporter.enable = true;
    };

    cgit = {
      enable = true;
    };
    gitolite = {
      enable = true;
      stateDir = "/var/lib/gitolite";
    };
    syncthing.enable = true;
    backup = {
      enable = true;
      repository = "/data/slow/backups/hosts/tahoe";
      timerConfig = { OnCalendar = "00:15"; };
      passwordFile = secrets."restic/repo-systems".path;
      paths =
        [
          "/data/fast/music"
          "/data/fast/photos"
          "/home/fcuny/documents"
          "/home/fcuny/workspace"
          "/home/fcuny/media"
        ];
      exclude = [ ];
    };

    backup.rsync = {
      enable = true;
      timerConfig = { OnCalendar = "00:15"; };
      sourceDir = "/data/slow/backups/";
      destination = "de2664@de2664.rsync.net:backups/";
    };

    sendsms.enable = true;
  };

  services.openssh.sftpServerExecutable = "internal-sftp";
  services.openssh.extraConfig = ''
    Match User backup
      ChrootDirectory ${config.users.users.backup.home}
      ForceCommand internal-sftp
      AllowTcpForwarding no
  '';
}
{ self, config, ... }:
let secrets = config.age.secrets;
in
{
  # this unit is broken and useless. I don't know how to not install
  # it, so let's mask it.
  systemd.services.mdmonitor.enable = false;

  my.services = {
    samba = {
      enable = true;
      publicShares = [ "/data/fast/music" "/data/fast/videos" ];
    };
    navidrome = {
      enable = true;
      vhostName = "music.${config.homelab.domain}";
      musicFolder = "/data/fast/music";
    };
    unifi = {
      enable = true;
      vhostName = "unifi.${config.homelab.domain}";
    };

    monitoring = {
      prometheus = {
        enable = true;
        listenAddress = "192.168.6.40";
      };
      loki = {
        enable = true;
        listenAddress = "192.168.6.40";
      };
      grafana = {
        enable = true;
        vhostName = "dash.${config.homelab.domain}";
      };
      promtail.enable = true;
      node-exporter.enable = true;
    };

    cgit = {
      enable = true;
    };
    gitolite = {
      enable = true;
      stateDir = "/var/lib/gitolite";
    };
    syncthing.enable = true;
    backup = {
      enable = true;
      repository = "/data/slow/backups/hosts/tahoe";
      timerConfig = { OnCalendar = "00:15"; };
      passwordFile = secrets."restic/repo-systems".path;
      paths =
        [
          "/data/fast/music"
          "/data/fast/photos"
          "/home/fcuny/documents"
          "/home/fcuny/workspace"
          "/home/fcuny/media"
        ];
      exclude = [ ];
    };

    backup.rsync = {
      enable = true;
      timerConfig = { OnCalendar = "00:15"; };
      sourceDir = "/data/slow/backups/";
      destination = "de2664@de2664.rsync.net:backups/";
    };

    sendsms.enable = true;
  };

  services.openssh.sftpServerExecutable = "internal-sftp";
  services.openssh.extraConfig = ''
    Match User backup
      ChrootDirectory ${config.users.users.backup.home}
      ForceCommand internal-sftp
      AllowTcpForwarding no
  '';
}