{ config, pkgs, lib, inputs, ... }: let p = import ../parameters.nix; in { age.secrets = { searx-secret.file = ../../secrets/searx-secret.age; tailscale-authKey.file = ../../secrets/tailscale-authKey.age; cloudflare-pasetto-apiKey = { file = ../../secrets/cloudflare-pasetto-apiKey.age; owner = config.services.caddy.user; group = config.services.caddy.group; }; }; my = { utils = { commons.enable = true; lxc-standard.enable = true; }; services = { authentik.proxy = { enable = true; domain = p.domains.public; host = p.hosts.authentik; }; dashy = { enable = true; settings = import ./dashy-settings.nix; proxy = { enable = true; domain = p.domains.public; host = p.hosts.caddy; }; }; forgejo.proxy = { enable = true; domain = p.domains.public; host = p.hosts.forgejo; }; immich.proxy = { enable = true; domain = p.domains.public; host = p.hosts.immich; }; n8n.proxy = { enable = true; domain = p.domains.public; host = p.hosts.n8n; }; ilpost-addict.proxy = { enable = true; domain = p.domains.public; host = p.hosts.ilpost-podcast; }; media-mgr.proxy = { enable = true; domain = p.domains.public; host = p.hosts.arr; }; nextcloud.proxy = { enable = true; domain = p.domains.public; host = p.hosts.nextcloud; }; collabora-online.proxy = { enable = true; domain = p.domains.public; host = p.hosts.collabora; }; paperless.proxy = { enable = true; domain = p.domains.public; host = p.hosts.paperless; }; actual.proxy = { enable = true; domain = p.domains.public; host = p.hosts.actual; }; karakeep.proxy = { enable = true; domain = p.domains.public; host = p.hosts.karakeep; }; searx = { enable = true; secretFile = config.age.secrets.searx-secret.path; proxy = { enable = true; domain = p.domains.public; host = p.hosts.caddy; }; }; vaultwarden.proxy = { enable = true; domain = p.domains.public; host = p.hosts.vaultwarden; }; }; monitoring = { prometheus.proxy = { enable = true; domain = p.domains.public; host = p.hosts.metrics; }; grafana.proxy = { enable = true; domain = p.domains.public; host = p.hosts.metrics; }; uptime-kuma.proxy = { enable = true; domain = p.domains.public; host = p.hosts.docker; }; librenms.proxy = { enable = true; domain = p.domains.public; host = p.hosts.librenms; }; }; networking = { tailscale = { enable = true; magicDNSDomain = p.domains.tsDns; authKeyFile = config.age.secrets.tailscale-authKey.path; }; caddy = { enable = true; configEnvFile = config.age.secrets.cloudflare-pasetto-apiKey.path; domainsList = [ { domain = p.domains.public; email = p.personal.email; cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path; } ]; dynamicdnsDomains = [ { domain = p.domains.public; cloudflareApiEnvName = "CLOUDFLARE_API_TOKEN"; } ]; extraVirtualHosts = [ { subdomain = "h"; host = "http://${p.hosts.homeassistant}:8123"; domain = p.domains.public; } { subdomain = "bacco.ts"; host = "https://${p.hosts.bacco}:8006"; domain = p.domains.public; } { subdomain = "krzo.ts"; host = "https://${p.hosts.krzo}:8006"; domain = p.domains.public; } { subdomain = "node.ts"; host = "https://${p.hosts.node}:8006"; domain = p.domains.public; } { subdomain = "torrent.ts"; host = "http://qbittorrent.${p.domains.tsDns}:8090"; domain = p.domains.public; } { subdomain = "ai"; host = "http://${p.hosts.docker}:4080"; domain = p.domains.public; } { subdomain = "maps"; host = "http://${p.hosts.docker}:5000"; domain = p.domains.public; } { subdomain = "dock"; host = "http://${p.hosts.docker}:3333"; domain = p.domains.public; } { subdomain = "books"; host = "http://${p.hosts.docker-vm}:6060"; domain = p.domains.public; } { subdomain = "pulse.ts"; host = "http://${p.hosts.pulse}:7655"; domain = p.domains.public; } ]; }; }; virtualisation = { proxmox.enable = true; }; }; system.stateVersion = "24.05"; }