Services

2025-09-19 16:28:03 +02:00 · 2025-09-19 16:28:03 +02:00 · 22a3f0b5de
commit 22a3f0b5de
parent fb0d8526ff
9 changed files with 160 additions and 3 deletions
--- a/systems/x86_64-linux/kylekrein-framework12/default.nix
+++ b/systems/x86_64-linux/kylekrein-framework12/default.nix
@ -59,6 +59,10 @@ in
      blender
      video-downloader
    ];
+
+    services.fprintd.enable = true;
+    #services.fprintd.tod.enable = true;
+    #services.fprintd.tod.driver = pkgs.libfprint-2-tod1-elan;
    #services.power-profiles-daemon.enable = true;
    #services.tlp.enable = false;
    #Chat host
--- a/systems/x86_64-linux/stargate/default.nix
+++ b/systems/x86_64-linux/stargate/default.nix
@ -13,7 +13,10 @@
 }:
 with lib;
 with lib.custom; {
-  #facter.reportPath = ./facter.json;
+  facter.reportPath =
+    if (builtins.pathExists ./facter.json)
+    then ./facter.json
+    else null;
  imports = lib.snowfall.fs.get-non-default-nix-files ./. ++ [./services];
  #systemd.network.wait-online.enable = lib.mkForce false; #facter
  boot.supportedFilesystems = ["zfs"];
--- a/systems/x86_64-linux/stargate/services/caddy.nix
+++ b/systems/x86_64-linux/stargate/services/caddy.nix
@ -0,0 +1,57 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.custom; {
+  services.caddy = {
+    enable = true;
+    #virtualHosts."kylekrein.com:8448".extraConfig = ''
+    #  reverse_proxy http://localhost:6167
+    #'';
+    virtualHosts."kylekrein.com".extraConfig = config.services.caddy.virtualHosts."matrix.kylekrein.com".extraConfig;
+    #  reverse_proxy /.well-known/* http://localhost:6167
+    #'';
+    virtualHosts."matrix.kylekrein.com".extraConfig = ''
+      handle_path /.well-known/matrix/* {
+
+          header Access-Control-Allow-Origin *
+
+          ## `Content-Type: application/json` isn't required by the matrix spec
+          ## but some browsers (firefox) and some other tooling might preview json
+          ## content prettier when they are made aware via Content-Type
+          header Content-Type application/json
+
+          respond /client `{ "m.homeserver": { "base_url": "https://matrix.kylekrein.com/" }, "org.matrix.msc3575.proxy": { "url": "https://matrix.kylekrein.com/"}, "org.matrix.msc4143.rtc_foci": [ { "type": "livekit", "livekit_service_url": "https://livekit-jwt.call.matrix.org" } ] }`
+
+          respond /server `{ "m.server": "matrix.kylekrein.com:443" }`
+
+          ## return http/404 if nothing matches
+          respond 404
+      }
+      respond /.well-known/element/element.json `{"call":{"widget_url":"https://call.element.io"}}`
+          reverse_proxy * http://localhost:6167
+    '';
+    virtualHosts."gitlab.kylekrein.com".extraConfig = ''
+      reverse_proxy * unix//run/gitlab/gitlab-workhorse.socket
+    '';
+    virtualHosts."immich.kylekrein.com".extraConfig = ''
+      reverse_proxy * http://[::1]:${toString config.services.immich.port}
+    '';
+    virtualHosts."nextcloud.kylekrein.com".extraConfig = ''
+      reverse_proxy * http://nextcloud.localhost"
+    '';
+    virtualHosts."ntfy.kylekrein.com".extraConfig = ''
+      reverse_proxy * http://[::1]${config.services.ntfy-sh.settings.listen-http}
+    '';
+  };
+}
--- a/systems/x86_64-linux/stargate/services/default.nix
+++ b/systems/x86_64-linux/stargate/services/default.nix
@ -13,4 +13,5 @@
 }:
 with lib;
 with lib.custom; {
+  imports = lib.snowfall.fs.get-non-default-nix-files ./.;
 }
--- a/systems/x86_64-linux/stargate/services/immich.nix
+++ b/systems/x86_64-linux/stargate/services/immich.nix
@ -0,0 +1,27 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.custom; {
+  #https://wiki.nixos.org/wiki/Immich
+  services.immich = {
+    enable = true;
+    port = 2283;
+    accelerationDevices = null;
+  };
+  users.users.immich.extraGroups = ["video" "render"];
+  hardware.graphics = {
+    enable = true;
+  };
+  #networking.firewallAllowedTCPPorts = [config.services.immich.port];
+}
--- a/systems/x86_64-linux/stargate/services/nextcloud.nix
+++ b/systems/x86_64-linux/stargate/services/nextcloud.nix
@ -0,0 +1,26 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.custom; {
+  sops.secrets."services/nextcloud" = {owner = "nextcloud";};
+  services.nextcloud = {
+    enable = true;
+    database.createLocally = true;
+    config = {
+      dbtype = "pgsql";
+      adminpassFile = config.sops.secrets."services/nextcloud".path;
+    };
+    hostName = "nextcloud.localhost";
+  };
+}
--- a/systems/x86_64-linux/stargate/services/ntfy-sh.nix
+++ b/systems/x86_64-linux/stargate/services/ntfy-sh.nix
@ -0,0 +1,26 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  namespace,
+  system,
+  target,
+  format,
+  virtual,
+  systems,
+  config,
+  ...
+}:
+with lib;
+with lib.custom; {
+  services.ntfy-sh = {
+    enable = true;
+    settings = {
+      base-url = "https://ntfy.kylekrein.com";
+      listen-http = ":9000";
+      auth-default-access = "deny-all";
+      behind-proxy = true;
+      enable-login = false;
+    };
+  };
+}