{ config, lib, pkgs, modulesPath, ... }: let unstable = import (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { config = config.nixpkgs.config; }; in { imports = [ ./nginx.nix ]; users.groups = { nextcloud.gid = 990; piracy.gid = 985; kavita.gid = 982; }; users.users = let base = uid: { uid = uid; group = "piracy"; isSystemUser = true; }; in { prowlarr = base 987 // { }; sonarr = base 274 // { }; radarr = base 275 // { }; nextcloud = { isSystemUser = true; uid = 990; group = "nextcloud"; extraGroups = [ "render" ]; packages = (with pkgs; [ nodejs_14 perl (perlPackages.buildPerlPackage rec { pname = "Image-ExifTool"; version = "12.60"; src = fetchurl { url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz"; hash = "sha256-c9vgbQBMMQgqVueNfyRvK7AAL7sYNUR7wyorB289Mq0="; }; }) ]); }; }; services = let base = { enable = true; group = "piracy"; }; in { sonarr = base // { package = unstable.pkgs.sonarr; }; radarr = base // { package = unstable.pkgs.radarr; }; bazarr = base // { }; jellyfin = base // { }; prowlarr.enable = true; vaultwarden = { enable = true; dbBackend = "postgresql"; package = unstable.pkgs.vaultwarden; config = { ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; WEBSOCKET_PORT = 8333; ADMIN_TOKEN = "x9BLqz2QmnU5RmrMLt2kPpoPBTNPZxNFw/b8XrPgpQML2/01+MYENl87dmhDX+Jm"; DATABASE_URL = "postgresql://vaultwarden:sopacerias@127.0.0.1:5432/vaultwarden"; ENABLE_DB_WAL = false; WEBSOCKET_ENABLED = true; SHOW_PASSWORD_HINT = false; SIGNUPS_ALLOWED = false; EXTENDED_LOGGING = true; LOG_LEVEL = "warn"; }; }; kavita = { enable = true; tokenKeyFile = "${pkgs.writeText "kavitaToken" "Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}"; }; nextcloud = { enable = true; https = true; package = pkgs.nextcloud27; appstoreEnable = true; configureRedis = true; extraAppsEnable = true; enableImagemagick = true; maxUploadSize = "512M"; hostName = "cloud.servidos.lat"; config = { adminpassFile = "${pkgs.writeText "adminpass" "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}"; overwriteProtocol = "https"; defaultPhoneRegion = "MX"; dbtype = "pgsql"; dbuser = "nextcloud"; dbpassFile = "${pkgs.writeText "dbpass" "sopacerias"}"; dbtableprefix = "oc_"; dbname = "nextcloud"; trustedProxies = [ "nginx" ]; extraTrustedDomains = [ "cloud.rotehaare.art" "danilo-reyes.com" ]; }; phpOptions = { catch_workers_output = "yes"; display_errors = "stderr"; error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; expose_php = "Off"; "opcache.enable_cli" = "1"; "opcache.fast_shutdown" = "1"; "opcache.interned_strings_buffer" = "16"; "opcache.jit" = "1255"; "opcache.jit_buffer_size" = "128M"; "opcache.max_accelerated_files" = "10000"; "opcache.memory_consumption" = "128"; "opcache.revalidate_freq" = "1"; "opcache.save_comments" = "1"; "opcache.validate_timestamps" = "0"; "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; short_open_tag = "Off"; }; extraOptions = { mail_smtpmode = "sendmail"; mail_sendmailmode = "pipe"; "installed" = true; "memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool"; enabledPreviewProviders = [ "OC\\Preview\\Image" "OC\\Preview\\HEIC" "OC\\Preview\\TIFF" "OC\\Preview\\MKV" "OC\\Preview\\MP4" "OC\\Preview\\AVI" "OC\\Preview\\Movie" ]; }; phpExtraExtensions = all: [ all.pdlib all.bz2 ]; }; postgresql = { enable = true; ensureDatabases = [ "paperless" "nextcloud" "mealie" "vaultwarden" ]; ensureUsers = [ { name = "nextcloud"; ensurePermissions = { "DATABASE nextcloud" = "ALL PRIVILEGES"; }; } { name = "paperless"; ensurePermissions = { "DATABASE paperless" = "ALL PRIVILEGES"; }; } { name = "mealie"; ensurePermissions = { "DATABASE mealie" = "ALL PRIVILEGES"; }; } { name = "vaultwarden"; ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; }; } ]; authentication = pkgs.lib.mkOverride 10 '' local all all trust host all all 127.0.0.1/32 trust host all all ::1/128 trust ''; }; }; environment.systemPackages = with pkgs; [ docker-compose ]; virtualisation.docker = { enable = true; storageDriver = "btrfs"; }; systemd = { services = { docker-compose = { enable = true; restartIfChanged = true; description = "Start docker-compose servers"; after = [ "docker.service" "docker.socket" ]; requires = [ "docker.service" "docker.socket" ]; wantedBy = [ "default.target" ]; environment = { FILE = "/home/jawz/Development/Docker/docker-compose.yml"; }; path = [ pkgs.docker-compose ]; serviceConfig = { Restart = "on-failure"; RestartSec = 30; ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans"; ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down"; }; }; nextcloud-cronjob = let jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob" (builtins.readFile ./scripts/nextcloud-cronjob.sh); in { description = "Runs various nextcloud-related cronjobs"; wantedBy = [ "default.target" ]; path = [ pkgs.bash jawzNextcloudCronjob ]; serviceConfig = { Restart = "on-failure"; RestartSec = 30; # ${config.services.nextcloud.package} ExecStart = "${jawzNextcloudCronjob}/bin/nextcloud-cronjob"; }; }; }; timers = { nextcloud-cronjob = { enable = true; description = "Runs various nextcloud-related cronjobs"; wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = "*:0/10"; }; }; }; user.services = { update-dns = let jawzUpdateDns = pkgs.writeScriptBin "update-dns" (builtins.readFile ./scripts/update-dns.sh); in { restartIfChanged = true; description = "update DNS of my websites"; wantedBy = [ "default.target" ]; path = [ pkgs.bash pkgs.nix jawzUpdateDns ]; serviceConfig = { Restart = "on-failure"; RestartSec = 30; ExecStart = "${jawzUpdateDns}/bin/update-dns"; }; }; }; user.timers = { update-dns = { enable = true; description = "update DNS of my websites"; wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "1min"; OnUnitActiveSec = "6h"; }; }; }; }; }