{ config, lib, pkgs, modulesPath, ... }: let localhost = "127.0.0.1"; postgresPort = toString (config.services.postgresql.port); unstable = import (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { config = config.nixpkgs.config; }; in { imports = [ ./nginx.nix ]; nixpkgs.config = { permittedInsecurePackages = [ "nodejs-14.21.3" "openssl-1.1.1v" ]; }; users.groups = { piracy.gid = 985; }; users.users = let base = { isSystemUser = true; }; in { prowlarr = base // { group = "piracy"; }; paperless = base // { }; nextcloud = base // { extraGroups = [ "render" ]; packages = (with pkgs; [ nodejs_14 perl (perlPackages.buildPerlPackage rec { pname = "Image-ExifTool"; version = "12.60"; src = fetchurl { url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz"; hash = "sha256-c9vgbQBMMQgqVueNfyRvK7AAL7sYNUR7wyorB289Mq0="; }; }) ]); }; }; services = let base = { enable = true; group = "piracy"; }; in { sonarr = base // { package = unstable.pkgs.sonarr; }; radarr = base // { package = unstable.pkgs.radarr; }; bazarr = base // { }; jellyfin = base // { }; prowlarr.enable = true; paperless = { enable = true; consumptionDirIsPublic = true; extraConfig = { PAPERLESS_DBENGINE = "postgress"; PAPERLESS_DBHOST = "${localhost}"; PAPERLESS_DBNAME = "paperless"; PAPERLESS_DBUSER = "paperless"; PAPERLESS_DBPASS = "sopacerias"; PAPERLESS_DBPORT = "${postgresPort}"; PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [ ".DS_STORE/*" "desktop.ini" ]; PAPERLESS_TIME_ZONE = "America/Mexico_City"; PAPERLESS_OCR_USER_ARGS = builtins.toJSON { optimize = 1; pdfa_image_compression = "lossless"; }; }; }; vaultwarden = { enable = true; dbBackend = "postgresql"; package = unstable.pkgs.vaultwarden; config = { ROCKET_ADDRESS = "${localhost}"; ROCKET_PORT = 8222; WEBSOCKET_PORT = 8333; ADMIN_TOKEN = "x9BLqz2QmnU5RmrMLt2kPpoPBTNPZxNFw/b8XrPgpQML2/01+MYENl87dmhDX+Jm"; DATABASE_URL = "postgresql://vaultwarden:sopacerias@${localhost}:${postgresPort}/vaultwarden"; ENABLE_DB_WAL = false; WEBSOCKET_ENABLED = true; SHOW_PASSWORD_HINT = false; SIGNUPS_ALLOWED = false; EXTENDED_LOGGING = true; LOG_LEVEL = "warn"; }; }; kavita = { enable = true; tokenKeyFile = "${pkgs.writeText "kavitaToken" "Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}"; }; nextcloud = { enable = true; https = true; package = pkgs.nextcloud27; appstoreEnable = true; configureRedis = true; extraAppsEnable = true; enableImagemagick = true; maxUploadSize = "512M"; hostName = "cloud.servidos.lat"; config = { adminpassFile = "${pkgs.writeText "adminpass" "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}"; overwriteProtocol = "https"; defaultPhoneRegion = "MX"; dbtype = "pgsql"; dbuser = "nextcloud"; dbpassFile = "${pkgs.writeText "dbpass" "sopacerias"}"; dbtableprefix = "oc_"; dbname = "nextcloud"; trustedProxies = [ "nginx" ]; extraTrustedDomains = [ "cloud.rotehaare.art" "danilo-reyes.com" ]; }; phpOptions = { catch_workers_output = "yes"; display_errors = "stderr"; error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; expose_php = "Off"; "opcache.enable_cli" = "1"; "opcache.fast_shutdown" = "1"; "opcache.interned_strings_buffer" = "16"; "opcache.jit" = "1255"; "opcache.jit_buffer_size" = "128M"; "opcache.max_accelerated_files" = "10000"; "opcache.memory_consumption" = "128"; "opcache.revalidate_freq" = "1"; "opcache.save_comments" = "1"; "opcache.validate_timestamps" = "0"; "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; short_open_tag = "Off"; }; extraOptions = { mail_smtpmode = "sendmail"; mail_sendmailmode = "pipe"; "installed" = true; "memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool"; enabledPreviewProviders = [ "OC\\Preview\\Image" "OC\\Preview\\HEIC" "OC\\Preview\\TIFF" "OC\\Preview\\MKV" "OC\\Preview\\MP4" "OC\\Preview\\AVI" "OC\\Preview\\Movie" ]; }; phpExtraExtensions = all: [ all.pdlib all.bz2 ]; }; postgresql = { enable = true; ensureDatabases = [ "paperless" "nextcloud" "mealie" "vaultwarden" ]; ensureUsers = [ { name = "nextcloud"; ensurePermissions = { "DATABASE nextcloud" = "ALL PRIVILEGES"; }; } { name = "paperless"; ensurePermissions = { "DATABASE paperless" = "ALL PRIVILEGES"; }; } { name = "mealie"; ensurePermissions = { "DATABASE mealie" = "ALL PRIVILEGES"; }; } { name = "vaultwarden"; ensurePermissions = { "DATABASE vaultwarden" = "ALL PRIVILEGES"; }; } ]; authentication = pkgs.lib.mkOverride 10 '' local all all trust host all all ${localhost}/32 trust host all all ::1/128 trust ''; }; }; environment.systemPackages = with pkgs; [ docker-compose ]; virtualisation.docker = { enable = true; storageDriver = "btrfs"; }; systemd = { services = { docker-compose = { enable = true; restartIfChanged = true; description = "Start docker-compose servers"; after = [ "docker.service" "docker.socket" ]; requires = [ "docker.service" "docker.socket" ]; wantedBy = [ "default.target" ]; environment = { FILE = "/home/jawz/Development/Docker/docker-compose.yml"; }; path = [ pkgs.docker-compose ]; serviceConfig = { Restart = "on-failure"; RestartSec = 30; ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans"; ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down"; }; }; nextcloud-cronjob = let jawzNextcloudCronjob = pkgs.writeScriptBin "nextcloud-cronjob" (builtins.readFile ./scripts/nextcloud-cronjob.sh); in { description = "Runs various nextcloud-related cronjobs"; wantedBy = [ "default.target" ]; path = [ pkgs.bash jawzNextcloudCronjob ]; serviceConfig = { Restart = "on-failure"; RestartSec = 30; # ${config.services.nextcloud.package} ExecStart = "${jawzNextcloudCronjob}/bin/nextcloud-cronjob"; }; }; }; timers = { nextcloud-cronjob = { enable = true; description = "Runs various nextcloud-related cronjobs"; wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = "*:0/10"; }; }; }; user.services = { update-dns = let jawzUpdateDns = pkgs.writeScriptBin "update-dns" (builtins.readFile ./scripts/update-dns.sh); in { restartIfChanged = true; description = "update DNS of my websites"; wantedBy = [ "default.target" ]; path = [ pkgs.bash pkgs.nix jawzUpdateDns ]; serviceConfig = { Restart = "on-failure"; RestartSec = 30; ExecStart = "${jawzUpdateDns}/bin/update-dns"; }; }; }; user.timers = { update-dns = { enable = true; description = "update DNS of my websites"; wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "1min"; OnUnitActiveSec = "6h"; }; }; }; }; }