initial server config

2026-02-03 13:22:21 +01:00 · 2026-02-03 13:22:21 +01:00 · 8f6d63909a
commit 8f6d63909a
10 changed files with 313 additions and 0 deletions
--- a/services/backup.nix
+++ b/services/backup.nix
@ -0,0 +1,39 @@
+{ config, pkgs, ... }:
+
+{
+ 
+  services.postgresql.backup = {
+    enable = true;
+    location = "/var/lib/data/backups/postgres";
+    databases = [ "immich" "paperless" "nextcloud" "vaultwarden" ];
+  };
+ 
+  services.borgbackup.jobs."daily-backup" = {
+   
+    paths = [
+      "/var/lib/data"          
+      "/var/lib/vaultwarden"   
+      "/etc/nixos"             
+    ];
+    
+    exclude = [
+      "**/cache"
+      "**/.cache"
+      "/var/lib/data/immich/thumbs"
+    ];
+   
+    repo = "/var/lib/backup/borg-repo";
+   
+    encryption.mode = "none"; 
+
+    compression = "zstd,1";
+    startAt = "daily";
+
+    prune.keep = {
+      within = "1d";
+      daily = 7;
+      weekly = 4;
+      monthly = 6;
+    };
+  };
+}
--- a/services/caddy.nix
+++ b/services/caddy.nix
@ -0,0 +1,36 @@
+{ config, pkgs, ... }:
+
+{
+  users.users.caddy.extraGroups = [ "users" ];
+  systemd.tmpfiles.rules = [
+    "d /var/www/website 0755 daniel users - -"
+    "d /var/www/website/public 0755 daniel users - -"
+  ];
+  services.caddy = {
+    enable = true;
+    virtualHosts."danielk.me" = {
+      extraConfig = ''
+        handle_path /graphs/* {
+          root * /var/www/danielk.me/betterGraphs
+          file_server
+        }
+  
+        handle_path /tails/* {
+          root * /var/www/danielk.me/tails
+          file_server
+        }
+  
+        handle_path /public/* {
+          root * /var/www/danielk.me/public
+          file_server browse
+        }
+  
+        handle_path /git/* {
+          root * /var/www/danielk.me/git
+          file_server
+        }
+        reverse_proxy localhost:3333
+      '';
+    };
+  };
+}
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+{
+  services.forgejo = {
+    enable = true;
+    database.type = "sqlite3";    
+    settings = {
+      server = {
+        DOMAIN = "git.danielk.me";
+        ROOT_URL = "https://git.danielk.me/";
+        HTTP_PORT = 3723;
+      };
+    };
+  };
+
+  services.caddy.virtualHosts."git.danielk.me" = {
+    extraConfig = ''
+      reverse_proxy 127.0.0.1:3723
+    '';
+  };
+}
--- a/services/immich.nix
+++ b/services/immich.nix
@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+{
+  services.immich = {
+    enable = true;
+    mediaLocation = "/var/lib/data/immich";
+    host = "127.0.0.1";
+    port = 2283;
+    machine-learning.environment.MACHINE_LEARNING_REQUEST_THREADS = "2";
+  };
+
+
+  services.caddy.virtualHosts."photos.danielk.me" = {
+    extraConfig = ''
+      reverse_proxy 127.0.0.1:2283
+    '';
+  };
+
+  # Thumbnails on ssd for faster loading
+  fileSystems."/var/lib/data/immich/thumbs" = {
+    device = "/var/lib/immich-thumbnails";
+    options = [ "bind" ];
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /var/lib/data/immich 0750 immich immich -"
+    "d /var/lib/immich-thumbnails 0750 immich immich -"
+  ];
+}
--- a/services/vaultwarden.nix
+++ b/services/vaultwarden.nix
@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      DOMAIN = "https://passwords.danielk.me";
+      SIGNUPS_ALLOWED = false;
+      
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8222;
+    };
+  };
+
+  services.caddy.virtualHosts."passwords.danielk.me" = {
+    extraConfig = ''
+      reverse_proxy 127.0.0.1:8222
+    '';
+  };
+
+  # environment.persistence."/persistent".directories = [ "/var/lib/bitwarden_rs" ];
+}