{ pkgs, lib, ... }: { networking.firewall = { enable = true; allowedTCPPorts = [80 443 22]; allowedUDPPorts = []; }; security.acme = { acceptTerms = true; defaults.email = "markers711@gmail.com"; }; virtualisation = { docker = {enable = true;}; libvirtd = {enable = true;}; kvmgt = {enable = true;}; }; services = { openssh = {enable = true;}; jellyfin = {enable = true;}; fail2ban = {enable = true;}; postgresql = {enable = true;}; i2p = {enable = true;}; cockpit = { enable = true; allowed-origins = ["https://pit.dhilton.xyz"]; }; nix-serve = { enable = true; secretKeyFile = "/var/cache-priv-key.pem"; }; ollama = { enable = true; package = pkgs.ollama-intel; }; gitea = { enable = true; settings = { service.DISABLE_REGISTRATION = true; service.ENABLE_PUSH_CREATE_USER = true; server = { HTTP_PORT = 8001; DOMAIN = "dhilton.xyz"; ROOT_URL = "https://git.dhilton.xyz"; ENABLE_PUSH_CREATE_USER = true; }; }; }; gitea-actions-runner.instances.home = { enable = true; url = "https://git.dhilton.xyz"; name = "nixsrv"; token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj"; labels = [ "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" "native:host" ]; }; home-assistant = { enable = true; extraComponents = ["wiz" "fail2ban" "ollama" "wyoming"]; config = { default_config = {}; "automation ui" = "!include automations.yaml"; http = { use_x_forwarded_for = "true"; trusted_proxies = ["127.0.0.1"]; server_port = 8002; }; }; }; wyoming = { piper.servers."piperNix" = { enable = true; uri = "tcp://0.0.0.0:10200"; voice = "en-us-ryan-low"; }; faster-whisper.servers."whisperNix" = { enable = true; uri = "tcp://0.0.0.0:10300"; language = "en"; }; }; searx = { enable = true; settings = { server.port = 8003; server.secret_key = "secretlol"; search.formats = ["html" "json"]; }; }; akkoma = { enable = true; initDb.enable = true; config = { ":pleroma" = { ":instance" = { name = "dhilton fedi"; description = "dhilton akkoma server"; email = "markers711@gmail.com"; registration_open = false; }; "Pleroma.Web.Endpoint" = {url.host = "fed.dhilton.xyz";}; }; }; nginx = { enableACME = true; forceSSL = true; }; }; nginx = { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { "dhilton.xyz" = { enableACME = true; forceSSL = true; root = "/var/www/dhilton"; }; "git.dhilton.xyz" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8001"; proxyWebsockets = true; }; }; "jel.dhilton.xyz" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8096"; proxyWebsockets = true; }; }; "hom.dhilton.xyz" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8002"; proxyWebsockets = true; }; }; "srx.dhilton.xyz" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8003"; proxyWebsockets = true; }; }; "pit.dhilton.xyz" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:9090"; proxyWebsockets = true; }; }; "nix.dhilton.xyz" = { locations."/".proxyPass = "http://127.0.0.1:5000"; }; }; }; }; }