homelab framework module init (everything is a mess)

2025-07-28 02:05:13 +02:00 · 2025-07-28 02:05:13 +02:00 · bcbcc8b17b
commit bcbcc8b17b
parent 0347f4d325
94 changed files with 7289 additions and 436 deletions
--- a/hosts/photos/ente.nix
+++ b/hosts/photos/ente.nix
@ -0,0 +1,73 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  sops.secrets."ente/minio/root_password".owner = "ente";
+  sops.secrets."ente/minio/root_user".owner = "ente";
+  sops.secrets."service_accounts/ente/password".owner = "ente";
+
+  environment.systemPackages = with pkgs; [
+    ente-cli
+  ];
+
+  services.ente.api = {
+    enable = true;
+    enableLocalDB = true;
+
+    domain = "ente-museum.procopius.dk";
+    settings = {
+      # apps = {
+      #   accounts = "https://accounts.procopius.dk";
+      #   cast = "https://cast.procopius.dk";
+      #   public-albums = "https://albums.procopius.dk";
+      # };
+
+      smtp = {
+        host = "mail.procopius.dk";
+        port = "465";
+        username = "ente@procopius.dk";
+        password._secret = config.sops.secrets."service_accounts/ente/password".path;
+        # The email address from which to send the email. Set this to an email
+        # address whose credentials you're providing.
+        email = "ente@procopius.dk";
+        # Optional override for the sender name in the emails. If specified, it will
+        # be used for all emails sent by the instance (default is email specific).
+        sender-name = "ente";
+      };
+      internal.admins = [
+        1580559962386438
+      ];
+      s3 = {
+        use_path_style_urls = true;
+        b2-eu-cen = {
+          endpoint = "https://ente-minio-api.procopius.dk";
+          region = "us-east-1";
+          bucket = "ente";
+          key._secret = config.sops.secrets."ente/minio/root_user".path;
+          secret._secret = config.sops.secrets."ente/minio/root_password".path;
+        };
+      };
+    };
+  };
+  services.ente.web = {
+    enable = true;
+    domains = {
+      api = "ente-museum.procopius.dk";
+      accounts = "ente-accounts.procopius.dk";
+      albums = "ente-albums.procopius.dk";
+      cast = "ente-cast.procopius.dk";
+      photos = "ente-photos.procopius.dk";
+      auth = "ente-auth.procopius.dk";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    3000
+    3001
+    3002
+    3003
+    3004
+    8080
+  ];
+}