init

2024-05-08 21:48:33 -04:00
commit 12a445c435
12 changed files with 903 additions and 0 deletions
--- a/hosts/server/service.nix
+++ b/hosts/server/service.nix
@@ -0,0 +1,169 @@
+{pkgs,...}:
+{
+  services.openssh = {
+    enable = true;
+  };
+
+  services.jellyfin = {
+    enable = true;
+  };
+
+  services.gitea = {
+    enable = true;
+    settings = {
+      service.DISABLE_REGISTRATION = true;
+      server = {
+        HTTP_PORT = 8001;
+	DOMAIN = "dhilton.xyz";
+	ROOT_URL = "https://git.dhilton.xyz";
+      };
+    };
+  };
+
+  services.gitea-actions-runner.instances.home = {
+    enable = true;
+    url = "https://git.dhilton.xyz";
+    name = "nixsrv";
+    token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj";
+    labels = ["ubuntu-latest:docker://node:16-bullseye" "ubuntu-22.04:docker://node:16-bullseye" "ubuntu-20.04:docker://node:16-bullseye" "ubuntu-18.04:docker://node:16-buster" "native:host"];
+  };
+
+  services.pufferpanel = {
+    enable = true;
+    extraGroups =["docker"];
+    extraPackages = [pkgs.jre];
+    environment = {
+      PUFFER_WEB_HOST = ":8002";
+      PUFFER_PANEL_REGISTRATIONENABLED = "false";
+    };
+  };
+
+  services.home-assistant = {
+    enable = true;
+    extraComponents = ["wiz" "fail2ban"];
+    config = {
+      http.server_port=8003;
+      default_config = {};
+    };
+  };
+
+  services.ntfy-sh = {
+    enable = true;
+    settings = { 
+      listen-http = ":8004";
+      auth-file = "/var/lib/ntfy.db";
+      auth-default-access = "read-only";
+      base-url = "https://ntfy.dhilton.xyz";
+    };
+  };
+
+  services.searx = {
+    enable=true;
+    settings = { server.port = 8005; server.secret_key = "secretlol";};
+  };
+
+  networking.domain = "dhilton.xyz";
+
+  services.akkoma.enable = true;
+  services.akkoma.config = {
+  ":pleroma" = {
+    ":instance" = {
+      name = "dhilton fedi";
+      description = "dhilton akkoma server";
+      email = "markers711@gmail.com";
+      registration_open = false;
+    };
+
+    "Pleroma.Web.Endpoint" = {
+      url.host = "fed.dhilton.xyz";
+    };
+  };
+};
+  services.akkoma.nginx = {
+    enableACME = true;
+    forceSSL = true;
+  };
+
+  services.fail2ban = {
+    enable=false;
+  };
+
+  virtualisation.docker = {
+    enable = true;
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  services.nginx.virtualHosts = {
+
+    "dhilton.xyz" = {
+      enableACME = true;
+      forceSSL = true;
+      root = "/var/www/dhilton";
+    };
+
+    "git.dhilton.xyz" = {
+        addSSL = true;
+        enableACME = true;
+	locations."/" = {
+          proxyPass = "http://127.0.0.1:8001";
+	  proxyWebsockets = true;
+	};
+     };
+
+    "ntfy.dhilton.xyz" = {
+        addSSL = true;
+        enableACME = true;
+	locations."/" = {
+          proxyPass = "http://127.0.0.1:8004";
+	  proxyWebsockets = true;
+	};
+     };
+
+    "jel.dhilton.xyz" = {
+        addSSL = true;
+        enableACME = true;
+	locations."/" = {
+          proxyPass = "http://127.0.0.1:8096";
+	  proxyWebsockets = true;
+	};
+     };
+
+    "puf.dhilton.xyz" = {
+        addSSL = true;
+        enableACME = true;
+	locations."/" = {
+          proxyPass = "http://127.0.0.1:8002";
+	  proxyWebsockets = true;
+	};
+     };
+
+    "srx.dhilton.xyz" = {
+        addSSL = true;
+        enableACME = true;
+	locations."/" = {
+          proxyPass = "http://127.0.0.1:8005";
+	  proxyWebsockets = true;
+	};
+     };
+
+    "hom.dhilton.xyz" = {
+        addSSL = true;
+        enableACME = true;
+	locations."/" = {
+          proxyPass = "http://127.0.0.1:8003";
+	  proxyWebsockets = true;
+	};
+     };
+  };
+
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "markers711@gmail.com";
+  };
+}