first commit

2025-04-10 13:45:57 +08:00 · 2025-04-10 13:45:57 +08:00 · d802466363
commit d802466363
14 changed files with 453 additions and 0 deletions
--- a/services/calibre-web.nix
+++ b/services/calibre-web.nix
@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+{
+
+  # Calibre-Web
+  # more options: https://mynixos.com/nixpkgs/options/services.calibre-web
+  services.calibre-web= {
+    enable = true;
+    listen = {
+      ip = "0.0.0.0";
+      port = 8083;
+    };
+    openFirewall = true;
+    options = {
+      enableBookUploading = true;
+      enableBookConversion = true;
+      # No " " around absolute path
+      # Make sure a calibre library .db file is in this folder
+      # Example file: https://github.com/janeczku/calibre-web/raw/master/library/metadata.db
+      calibreLibrary =/home/elias/books;
+    };
+  };
+
+#Using Caddy on VPS. Don't need this.
+services.nginx.enable = false;
+
+}
--- a/services/fail2ban.nix
+++ b/services/fail2ban.nix
@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+{
+
+  services.fail2ban = {
+    enable = true;
+   # Ban IP after 5 failures
+    maxretry = 5;
+    ignoreIP = [
+      # Whitelist some subnets
+      "100.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"
+    ];
+    bantime = "24h"; # Ban IPs for one day on the first ban
+    bantime-increment = {
+      enable = true; # Enable increment of bantime after each violation
+      formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
+      #multipliers = "1 2 4 8 16 32 64";
+      maxtime = "168h"; # Do not ban for more than 1 week
+      overalljails = true; # Calculate the bantime based on all the violations
+    };
+  };
+}
--- a/services/glances.nix
+++ b/services/glances.nix
@ -0,0 +1,10 @@
+{ config, pkgs, ... }:
+{
+
+  services.glances = {
+    enable = true;
+    port = 61208;
+    openFirewall = true;
+  };
+
+}
--- a/services/immich.nix
+++ b/services/immich.nix
@ -0,0 +1,9 @@
+{ config, pkgs, ... }:
+{
+
+  services.immich = {
+    enable = true;
+    port = 2283;
+  };
+
+}
--- a/services/jellyfin.nix
+++ b/services/jellyfin.nix
@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+{
+
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  environment.systemPackages = [
+    pkgs.jellyfin
+    pkgs.jellyfin-web
+    pkgs.jellyfin-ffmpeg
+  ];
+
+}
--- a/services/nextcloud-reset.sh
+++ b/services/nextcloud-reset.sh
@ -0,0 +1,6 @@
+#!/run/current-system/sw/bin/bash
+sudo systemctl stop postgresql
+sudo systemctl stop nextcloud-setup
+sudo rm -rf /var/lib/nextcloud
+sudo rm -rf /var/lib/postgresql
+
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+{
+services.nextcloud = {
+    enable = true;
+    configureRedis = true;
+    package = pkgs.nextcloud30;
+    hostName = "nextcloud.knossos";
+    datadir = "/var/lib/nextcloud/";
+    settings = {
+      overwriteprotocol = "https";
+      trusted_proxies = [ "localhost" "127.0.0.1" "100.122.246.61" ];
+      #trusted_domains = [ "knossos.zebra-rudd.ts.net" ];
+    };
+    config = {
+    dbtype = "pgsql";
+    dbuser = "nextcloud";
+    dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
+    dbname = "nextcloud";
+    adminpassFile = "/var/nextcloud-admin-pass";
+    adminuser = "admin";
+    };
+};
+
+services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "nextcloud" ];
+    ensureUsers = [
+    { name = "nextcloud";
+    ensureDBOwnership = true;
+    }
+    ];
+};
+
+# ensure that postgres is running *before* running the setup
+systemd.services."nextcloud-setup" = {
+    requires = ["postgresql.service"];
+    after = ["postgresql.service"];
+};
+
+services.nginx.virtualHosts."nextcloud.knossos".listen = [ { addr = "127.0.0.1"; port = 8009; } ];
+
+}
--- a/services/transmission.nix
+++ b/services/transmission.nix
@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+{
+# https://mynixos.com/nixpkgs/options/services.transmission
+
+
+  services.transmission {
+    enable = true;
+    openFirewall = true;
+  };
+
+}