{ config, pkgs, lib, inputs, ... }: let tailscaleMagicDNS = "neon-dory.ts.net"; email = "pasettodavide@gmail.com"; p = import ../parameters.nix; in { age.secrets = { searx-secret.file = ../../secrets/searx-secret.age; tailscale-authKey.file = ../../secrets/tailscale-authKey.age; cloudflare-tegola-apiKey = { file = ../../secrets/cloudflare-tegola-apiKey.age; owner = config.services.caddy.user; group = config.services.caddy.group; }; cloudflare-pasetto-apiKey = { file = ../../secrets/cloudflare-pasetto-apiKey.age; owner = config.services.caddy.user; group = config.services.caddy.group; }; ddclient = { file = ../../secrets/ddclient.age; mode = "400"; }; }; my = { utils = { commons.enable = true; lxc-standard.enable = true; }; services = { authentik.proxy = { enable = true; domain = p.domains.public; host = p.hosts.authentik; }; dashy = { enable = true; settings = import ./dashy-settings.nix; proxy = { enable = true; domain = p.domains.public; host = p.hosts.caddy; }; }; media-mgr = { proxy = { enable = true; domain = p.domains.ts; host = p.hosts.arr; }; }; nextcloud = { proxy = { enable = true; domain = p.domains.public; host = p.hosts.nextcloud; }; }; searx = { enable = true; secretFile = config.age.secrets.searx-secret.path; enableAI = true; perplexicaUrl = p.hosts.portainer; proxy = { enable = true; domain = p.domains.ts; host = p.hosts.caddy; }; }; vaultwarden = { proxy = { enable = true; domain = p.domains.public; host = p.hosts.vaultwarden; }; }; }; monitoring = { prometheus = { proxy = { enable = true; domain = p.domains.ts; host = p.hosts.metrics; }; }; grafana = { proxy = { enable = true; domain = p.domains.public; host = p.hosts.metrics; }; }; }; networking = { tailscale = { enable = true; magicDNSDomain = tailscaleMagicDNS; authKeyFile = config.age.secrets.tailscale-authKey.path; }; caddy = { enable = true; configEnvFile = config.age.secrets.cloudflare-pasetto-apiKey.path; domainsList = [ { domain = p.domains.ts; email = email; cloudflareApiKeyFile = config.age.secrets.cloudflare-tegola-apiKey.path; } { domain = p.domains.public; email = email; cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path; } ]; dynamicdnsDomains = [ { domain = p.domains.public; cloudflareApiEnvName = "CLOUDFLARE_API_TOKEN"; } ]; extraVirtualHosts = [ { subdomain = "h"; host = "http://${p.hosts.homeassistant}:8123"; domain = p.domains.public; } { subdomain = "torrent"; host = "http://qbittorrent.${p.domains.tsDns}:8080"; domain = p.domains.ts; } { subdomain = "ai"; host = "http://${p.hosts.librechat}:3080"; domain = p.domains.public; } ]; }; ddclient = { enable = false; configFile = config.age.secrets.ddclient.path; }; }; virtualisation = { proxmox.enable = true; portainer.proxy = { enable = true; domain = p.domains.public; host = p.hosts.portainer; }; }; }; # Extra packages environment.systemPackages = with pkgs; [ ]; services = { iperf3 = { enable = true; openFirewall = true; }; }; system.stateVersion = "24.05"; }