Move server directory and syncthing into services directory

Separate service setup from traefik config for each, prep for future
server separation

Vanguard.nix

@@ -6,12 +6,7 @@
     ./hardware/bluetooth.nix
     ./locales/en_GB.nix
     ./desktop/hyprland.nix
-    ./syncthing/Vanguard.nix
+    ./services/Vanguard.nix
-    ./server/sshd.nix
-    ./server/adguardhome.nix
-    ./server/gitea.nix
-    ./server/qbittorrent.nix
-    # ./server/nextcloud.nix
   ];
 
   networking.hostName = "Vanguard"; # Define your hostname.

server/nextcloud.nix

@@ -1,31 +0,0 @@
-{
-  pkgs,
-  config,
-  ...
-}: {
-  imports = [./traefik.nix ./fail2ban.nix];
-  services.nextcloud = {
-    enable = true;
-    package = pkgs.nextcloud26;
-    hostName = "cloud.xenia.me.uk";
-    config = {
-      adminuser = "xenia";
-      adminpassFile = "/secrets/nextcloud_admin.txt";
-    };
-  };
-  services.nginx.virtualHosts.${config.services.nextcloud.hostName}.listen = [
-    {
-      addr = "localhost";
-      port = 8000;
-    }
-  ];
-  services.traefik.dynamicConfigOptions.http = {
-    routers.nextcloud = {
-      rule = "Host(`cloud.xenia.me.uk`)";
-      entryPoints = ["http" "https"];
-      service = "nextcloud-webinterface";
-      tls = {certResolver = "default";};
-    };
-    services.nextcloud-webinterface.loadBalancer.servers = [{url = "http://localhost:8000";}];
-  };
-}

services/Vanguard.nix

@@ -0,0 +1,16 @@
+{...}: {
+  imports = [
+    ./adguardhome
+    ./traefik/adguardhome.nix
+    ./gitea
+    ./traefik/gitea.nix
+    # ./nextcloud
+    ./traefik/nextcloud.nix
+    ./qbittorrent
+    ./traefik/qbittorrent.nix
+    ./sshd
+    ./traefik/sshd.nix
+    ./syncthing/Vanguard.nix
+    ./traefik/syncthing.nix
+  ];
+}

services/adguardhome/default.nix

@@ -0,0 +1,12 @@
+{...}: {
+  services.adguardhome = {
+    enable = true;
+    mutableSettings = true;
+    settings.bind_port = 3001;
+    openFirewall = true;
+  };
+  networking.firewall = {
+    allowedTCPPorts = [53];
+    allowedUDPPorts = [53];
+  };
+}

services/fail2ban/gitea.nix

@@ -0,0 +1,9 @@
+{...}: {
+  imports = [./default.nix];
+  services.fail2ban.jails.gitea = ''
+    enabled = true
+    filter = sshd
+    ports = 30922
+    backend = systemd
+  '';
+}

services/fail2ban/traefik.nix

@@ -0,0 +1,17 @@
+{...}: {
+  imports = [./default.nix];
+  services.fail2ban.jails = {
+    traefik-http = ''
+      enabled = true
+      filter = traefik-auth
+      ports = http,https,2222
+      backend = systemd
+    '';
+    traefik-ssh = ''
+      enabled = true
+      filter = sshd
+      ports = 2222
+      backend = systemd
+    '';
+  };
+}

services/gitea/default.nix

@@ -0,0 +1,21 @@
+{...}: {
+  imports = [ ../fail2ban/gitea.nix ];
+  services.gitea = {
+    enable = true;
+    settings = {
+      server = {
+        ROOT_URL = "https://git.xenia.me.uk";
+        DOMAIN = "git.xenia.me.uk";
+        START_SSH_SERVER = true;
+        SSH_DOMAIN = "git.xenia.me.uk";
+        SSH_PORT = 2222;
+        SSH_LISTEN_PORT = 30922;
+      };
+      service.DISABLE_REGISTRATION = true;
+      ui = {
+        THEMES = "auto,gitea,arc-green,catppuccin-latte-lavender,catppuccin-frappe-lavender,catppuccin-macchiato-lavender,catppuccin-mocha-lavender";
+      };
+    };
+    appName = "Gitea";
+  };
+}

services/nextcloud/default.nix

@@ -0,0 +1,21 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud26;
+    hostName = "cloud.xenia.me.uk";
+    config = {
+      adminuser = "xenia";
+      adminpassFile = "/etc/nextcloud/admin_secret.txt";
+    };
+  };
+  services.nginx.virtualHosts.${config.services.nextcloud.hostName}.listen = [
+    {
+      addr = "localhost";
+      port = 8000;
+    }
+  ];
+}

services/sshd/default.nix

@@ -0,0 +1,13 @@
+{...}: {
+  services.openssh = {
+    enable = true;
+    ports = [22];
+    settings = {
+      UseDns = true;
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+      GatewayPorts = "yes";
+      LogLevel = "VERBOSE";
+    };
+  };
+}

services/traefik/adguardhome.nix

@@ -1,15 +1,5 @@
 {...}: {
-  imports = [./traefik.nix];
+  imports = [./default.nix];
-  services.adguardhome = {
-    enable = true;
-    mutableSettings = true;
-    settings.bind_port = 3001;
-    openFirewall = true;
-  };
-  networking.firewall = {
-    allowedTCPPorts = [53];
-    allowedUDPPorts = [53];
-  };
   services.traefik.dynamicConfigOptions.http = {
     routers.adguard = {
       rule = "Host(`guard.xenia.me.uk`)";

services/traefik/default.nix

@@ -1,5 +1,5 @@
 {...}: {
-  imports = [./fail2ban.nix];
+  imports = [../fail2ban/traefik.nix];
   services.traefik = {
     enable = true;
     staticConfigOptions = {

services/traefik/gitea.nix

@@ -1,23 +1,5 @@
 {...}: {
-  imports = [./traefik.nix ./fail2ban.nix];
+  imports = [./default.nix];
-  services.gitea = {
-    enable = true;
-    settings = {
-      server = {
-        ROOT_URL = "https://git.xenia.me.uk";
-        DOMAIN = "git.xenia.me.uk";
-        START_SSH_SERVER = true;
-        SSH_DOMAIN = "git.xenia.me.uk";
-        SSH_PORT = 2222;
-        SSH_LISTEN_PORT = 30922;
-      };
-      service.DISABLE_REGISTRATION = true;
-      ui = {
-        THEMES = "auto,gitea,arc-green,catppuccin-latte-lavender,catppuccin-frappe-lavender,catppuccin-macchiato-lavender,catppuccin-mocha-lavender";
-      };
-    };
-    appName = "Gitea";
-  };
   services.traefik.dynamicConfigOptions = {
     http = {
       routers.gitea = {
@@ -43,10 +25,4 @@
       services.gitea-sshservice.loadBalancer.servers = [{address = "localhost:30922";}];
     };
   };
-  services.fail2ban.jails.gitea = ''
-    enabled = true
-    filter = sshd
-    ports = 30922
-    backend = systemd
-  '';
 }

services/traefik/nextcloud.nix

@@ -0,0 +1,12 @@
+{...}: {
+  imports = [./default.nix];
+  services.traefik.dynamicConfigOptions.http = {
+    routers.nextcloud = {
+      rule = "Host(`cloud.xenia.me.uk`)";
+      entryPoints = ["http" "https"];
+      service = "nextcloud-webinterface";
+      tls = {certResolver = "default";};
+    };
+    services.nextcloud-webinterface.loadBalancer.servers = [{url = "http://localhost:8000";}];
+  };
+}

services/traefik/qbittorrent.nix

@@ -1,5 +1,5 @@
 {pkgs, ...}: {
-  imports = [./traefik.nix];
+  imports = [./default.nix];
   environment.systemPackages = [pkgs.qbittorrent];
   services.traefik.dynamicConfigOptions.http = {
     routers.qbittorrent = {

services/traefik/sshd.nix

@@ -1,15 +1,5 @@
 {...}: {
-  services.openssh = {
+  imports = [./default.nix];
-    enable = true;
-    ports = [22];
-    settings = {
-      UseDns = true;
-      PermitRootLogin = "no";
-      PasswordAuthentication = false;
-      GatewayPorts = "yes";
-      LogLevel = "VERBOSE";
-    };
-  };
   services.traefik.dynamicConfigOptions.tcp = {
     routers.ssh = {
       rule = "ClientIP(`192.168.0.0/16`)";

services/traefik/syncthing.nix

@@ -1,4 +1,5 @@
 {...}: {
+  imports = [./default.nix];
   services.traefik.dynamicConfigOptions.http = {
     routers.syncthing = {
       rule = "Host(`syncthing.xenia.me.uk`)";

systemd/nixos-pull.nix

@@ -1,20 +0,0 @@
-{pkgs, ...}: {
-  systemd.timers."nixos-pull-config" = {
-    wantedBy = ["timers.target"];
-    description = "Timer to update /etc/nixos/config/ repository";
-    timerConfig = {
-      OnBootSec = "5m";
-      OnUnitActiveSec = "5m";
-      Unit = "hello-world.service";
-    };
-  };
-  systemd.services."nixos-pull-config" = {
-    script = ''
-      ${pkgs.git}/bin/git pull -C /etc/nixos/config/ --ff-only --no-edit
-    '';
-    serviceConfig = {
-      Type = "oneshot";
-      User = "root";
-    };
-  };
-}