Simon Bruder
ebfa0ec16a
Sadly, they are so interconnected, that it is not easily possible to migrate it in smaller steps. It should be refactored to make them more modularised and independent of each other.
65 lines
1.3 KiB
Nix
65 lines
1.3 KiB
Nix
{ pkgs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
../../modules
|
|
|
|
./services/ankisyncd.nix
|
|
./services/element-web.nix
|
|
./services/gitea.nix
|
|
./services/grafana.nix
|
|
./services/hedgedoc.nix
|
|
./services/invidious
|
|
./services/libreddit.nix
|
|
./services/matrix
|
|
./services/murmur.nix
|
|
./services/nitter.nix
|
|
./services/prometheus.nix
|
|
./services/sbruder.xyz
|
|
];
|
|
|
|
sbruder = {
|
|
nginx.hardening.enable = true;
|
|
restic.system = {
|
|
enable = true;
|
|
};
|
|
wireguard.home.enable = true;
|
|
};
|
|
|
|
networking.hostName = "renge";
|
|
|
|
system.stateVersion = "21.11";
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts."sbruder.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
root = pkgs.sbruder.contact;
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
|
|
services.postgresqlBackup = {
|
|
enable = true;
|
|
startAt = [ ]; # triggered by restic system backup
|
|
location = "/var/lib/postgresql-backup";
|
|
};
|
|
systemd.services.restic-backups-system = {
|
|
after = [ "postgresqlBackup.service" ];
|
|
wants = [ "postgresqlBackup.service" ];
|
|
};
|
|
}
|