init

services/caddy.nix

@@ -0,0 +1,41 @@
+{ service_configs, ... }:
+{
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      ":${builtins.toString service_configs.ports.https}".extraConfig = ''
+        tls ${service_configs.https.certs}/cert.crt ${service_configs.https.certs}/cert.key
+
+        handle_path /torrent* {
+        	reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.torrent}
+        }
+
+        root * ${service_configs.https.data_dir}
+        file_server browse
+      '';
+
+      "immich.gardling.com".extraConfig = ''
+        reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.immich}
+      '';
+
+      "jellyfin.gardling.com".extraConfig = ''
+        reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.jellyfin}
+        request_body {
+        	max_size 4096MB
+        }
+      '';
+
+      "git.gardling.com".extraConfig = ''
+        reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.git-server}
+      '';
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    service_configs.ports.https
+  ];
+
+  networking.firewall.allowedUDPPorts = [
+    service_configs.ports.https
+  ];
+}

services/git.nix

@@ -0,0 +1,40 @@
+{
+  config,
+  service_configs,
+  ...
+}:
+{
+  services.gitea = {
+    enable = true;
+    appName = "TBD name of my gitea server";
+    stateDir = service_configs.gitea.dir;
+    database = {
+      type = "postgres";
+      socket = service_configs.postgres.socket;
+    };
+    settings = {
+      server = {
+        DOMAIN = "git.gardling.com";
+        ROOT_URL = "https://git.gardling.com";
+        HTTP_PORT = service_configs.ports.git-server;
+      };
+      session = {
+        # https cookies or smth
+        COOKIE_SECURE = true;
+      };
+      # only I shall use gitea
+      service.DISABLE_REGISTRATION = true;
+    };
+  };
+
+  services.postgresql = {
+    ensureDatabases = [ config.services.gitea.user ];
+    ensureUsers = [
+      {
+        name = config.services.gitea.database.user;
+        ensureDBOwnership = true;
+        ensureClauses.login = true;
+      }
+    ];
+  };
+}

services/immich.nix

@@ -0,0 +1,26 @@
+{
+  service_configs,
+  pkgs,
+  config,
+  ...
+}:
+{
+  services.immich = {
+    enable = true;
+    mediaLocation = service_configs.immich.dir;
+    port = service_configs.ports.immich;
+    host = "0.0.0.0";
+    database = {
+      createDB = true;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    immich-go
+  ];
+
+  users.users.${config.services.immich.user}.extraGroups = [
+    "video"
+    "render"
+  ];
+}

services/jellyfin.nix

@@ -0,0 +1,18 @@
+{ pkgs, config, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    jellyfin
+    jellyfin-web
+    jellyfin-ffmpeg
+  ];
+
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  users.users.${config.services.jellyfin.user}.extraGroups = [
+    "video"
+    "render"
+  ];
+}

services/quadlet.nix

@@ -0,0 +1,84 @@
+{ service_configs, ... }:
+{
+  virtualisation.quadlet = {
+    containers =
+      let
+        baseContainerConfig = {
+          autoUpdate = "registry";
+          environments = {
+            PUID = 1000;
+            PGID = 1000;
+          };
+        };
+      in
+      {
+        minecraft-server.containerConfig = baseContainerConfig // {
+          image = "docker.io/itzg/minecraft-server:java21-graalvm";
+          name = "minecraft";
+
+          environments = {
+            TYPE = "QUILT";
+            MEMORY = "4G";
+            MOD_PLATFORM = "MODRINTH";
+            USE_AIKAR_FLAGS = true;
+            JVM_OPTS = "-XX:-UseJVMCICompiler";
+            MODRINTH_MODPACK = "https://modrinth.com/modpack/sop";
+            VERSION = "1.21.1";
+          };
+
+          publishPorts = [ "${builtins.toString service_configs.ports.minecraft}:25565" ];
+          volumes = [ "${service_configs.minecraft.dir}:/data:z" ];
+        };
+
+        gluetun.containerConfig = baseContainerConfig // {
+          image = "docker.io/qmcgaw/gluetun";
+          name = "gluetun";
+
+          addCapabilities = [
+            "NET_ADMIN"
+            "MKNOD"
+          ];
+
+          environments = import ../secrets/mullvad.nix;
+
+          publishPorts = [
+            "6081:6081"
+            "6081:6081/udp"
+            "${builtins.toString service_configs.ports.torrent}:6011"
+          ];
+
+          volumes = [ "${service_configs.gluetun.dir}:/gluetun:z" ];
+          podmanArgs = [
+            "--device=/dev/net/tun"
+            "--security-opt label=disable"
+          ];
+        };
+
+        qbittorrent = {
+          containerConfig = baseContainerConfig // {
+            image = "lscr.io/linuxserver/qbittorrent:latest";
+            name = "qbittorrent";
+            environments = {
+              WEBUI_PORT = service_configs.ports.torrent;
+              DOCKER_MODS = "ghcr.io/gabe565/linuxserver-mod-vuetorrent";
+            };
+
+            volumes = [
+              "${service_configs.torrent.config_dir}:/config:z"
+              "${service_configs.torrent.download_dir}:/downloads:z"
+            ];
+
+            networks = [ "container:gluetun" ];
+          };
+
+          serviceConfig = {
+            requires = [ "gluetun.service" ];
+            after = [ "gluetun.service" ];
+          };
+        };
+      };
+    networks = {
+      internal.networkConfig.subnets = [ "10.0.123.1/24" ];
+    };
+  };
+}