{ pkgs, lib, ... }: { networking.firewall = { enable = true; allowedTCPPorts = [80 443 22 26615 25565 24454 8080 53]; allowedUDPPorts = [26615 25565 24454 8080 53]; }; security.acme = { acceptTerms = true; defaults.email = "markers711@gmail.com"; }; virtualisation.docker = {enable = true;}; services = { openssh = {enable = true;}; jellyfin = {enable = true;}; fail2ban = {enable = true;}; postgresql = {enable = true;}; i2p = {enable = true;}; nix-serve = { enable = true; secretKeyFile = "/var/cache-priv-key.pem"; }; ollama = { enable = true; package = pkgs.ollama-intel; }; crab-hole = { enable = true; settings = { api = { listen = "192.168.0.2"; port = 8080; show_doc = true; }; downstream = [ { listen = "192.168.0.2"; port = 53; protocol = "udp"; } ]; upstream = { name_servers = [ { protocol = "tls"; socket_addr = "[2606:4700:4700::1111]:853"; tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; trust_nx_responses = false; } { protocol = "tls"; socket_addr = "1.1.1.1:853"; tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; trust_nx_responses = false; } ]; }; blocklist.lists = [ "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt" "https://raw.githubusercontent.com/anudeepND/blacklist/master/CoinMiner.txt" "https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt" ]; }; }; gitea = { enable = true; settings = { service.DISABLE_REGISTRATION = true; service.ENABLE_PUSH_CREATE_USER = true; server = { HTTP_PORT = 8001; DOMAIN = "dhilton.xyz"; ROOT_URL = "https://git.dhilton.xyz"; ENABLE_PUSH_CREATE_USER = true; }; }; }; gitea-actions-runner.instances.home = { enable = true; url = "https://git.dhilton.xyz"; name = "nixsrv"; token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj"; labels = [ "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" "native:host" ]; }; home-assistant = { enable = true; extraComponents = ["wiz" "fail2ban" "ollama" "wyoming"]; config = { default_config = {}; "automation ui" = "!include automations.yaml"; http = { use_x_forwarded_for = "true"; trusted_proxies = ["127.0.0.1"]; server_port = 8003; }; }; }; wyoming = { piper.servers."piperNix" = { enable = true; uri = "tcp://0.0.0.0:10200"; voice = "en-us-ryan-low"; }; faster-whisper.servers."whisperNix" = { enable = true; uri = "tcp://0.0.0.0:10300"; language = "en"; }; }; searx = { enable = true; settings = { server.port = 8005; server.secret_key = "secretlol"; search.formats = ["html" "json"]; }; }; akkoma = { enable = true; initDb.enable = true; config = { ":pleroma" = { ":instance" = { name = "dhilton fedi"; description = "dhilton akkoma server"; email = "markers711@gmail.com"; registration_open = false; }; "Pleroma.Web.Endpoint" = {url.host = "fed.dhilton.xyz";}; }; }; nginx = { enableACME = true; forceSSL = true; }; }; nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "dhilton.xyz" = { enableACME = true; forceSSL = true; root = "/var/www/dhilton"; }; "git.dhilton.xyz" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8001"; proxyWebsockets = true; }; }; "jel.dhilton.xyz" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8096"; proxyWebsockets = true; }; }; "srx.dhilton.xyz" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8005"; proxyWebsockets = true; }; }; "hom.dhilton.xyz" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8003"; proxyWebsockets = true; }; }; "map.dhilton.xyz" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8100"; proxyWebsockets = true; }; }; "nix.dhilton.xyz" = { locations."/".proxyPass = "http://127.0.0.1:5000"; }; }; }; }; }