feat: refactor the modules/servers directory.

modules/servers/per-server/heimdall/services/atuin.nix

@@ -0,0 +1,28 @@
+{
+  services.atuin = {
+    enable = true;
+    openRegistration = false;
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.atuin.loadBalancer.servers = [
+      {
+        url = "http://localhost:8888";
+      }
+    ];
+
+    routers.atuin = {
+      rule = "Host(`atuin.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "atuin";
+      entrypoints = "websecure";
+    };
+  };
+
+  services.restic.backups = {
+    local.paths = ["/var/backup/postgresql"];
+    server.paths = ["/var/backup/postgresql"];
+  };
+}

modules/servers/per-server/heimdall/services/beszel-hub.nix

@@ -0,0 +1,52 @@
+{pkgs, ...}: {
+  systemd.services.beszel-hub = {
+    enable = true;
+    description = "Beszel agent";
+    after = ["network.target"];
+
+    serviceConfig = {
+      Type = "simple";
+      Restart = "always";
+      RestartSec = 3;
+      User = "beszel";
+      Group = "beszel";
+      WorkingDirectory = "/var/lib/beszel";
+    };
+
+    script = "${pkgs.beszel}/bin/beszel-hub serve --http '127.0.0.1:6789'";
+
+    wantedBy = ["multi-user.target"];
+  };
+
+  users = {
+    users.beszel = {
+      isSystemUser = true;
+      home = "/var/lib/beszel";
+      createHome = true;
+      group = "beszel";
+    };
+    groups.beszel = {};
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.beszel.loadBalancer.servers = [
+      {
+        url = "http://localhost:6789";
+      }
+    ];
+
+    routers.beszel = {
+      rule = "Host(`beszel.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "beszel";
+      entrypoints = "websecure";
+    };
+  };
+
+  services.restic.backups = {
+    local.paths = ["/var/lib/beszel"];
+    server.paths = ["/var/lib/beszel"];
+  };
+}

modules/servers/per-server/heimdall/services/ntfy-sh.nix

@@ -0,0 +1,33 @@
+{...}: {
+  services.ntfy-sh = {
+    enable = true;
+    settings = {
+      base-url = "https://ntfy.cronyakatsuki.xyz";
+      listen-http = "127.0.0.1:2586";
+      behind-proxy = true;
+      auth-default-access = "deny-all";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.ntfy-sh.loadBalancer.servers = [
+      {
+        url = "http://localhost:2586";
+      }
+    ];
+
+    routers.ntfy-sh = {
+      rule = "Host(`ntfy.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "ntfy-sh";
+      entrypoints = "websecure";
+    };
+  };
+
+  services.restic.backups = {
+    local.paths = ["/var/lib/ntfy-sh"];
+    server.paths = ["/var/lib/ntfy-sh"];
+  };
+}

modules/servers/per-server/heimdall/services/redlib.nix

@@ -0,0 +1,39 @@
+{...}: {
+  services.redlib = {
+    enable = true;
+    address = "127.0.0.1";
+    settings = {
+      ROBOTS_DISABLE_INDEXING = "on";
+      THEME = "gruvboxdark";
+      USE_HLS = "on";
+    };
+  };
+
+  # Setup anubis to block fucking ai bots
+  services.anubis.instances.redlib = {
+    settings = {
+      TARGET = "http://127.0.0.1:8080";
+      BIND_NETWORK = "tcp";
+      BIND = "127.0.0.1:8081";
+      SERVE_ROBOTS_TXT = true;
+      DIFFICULTY = 5;
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.redlib.loadBalancer.servers = [
+      {
+        url = "http://localhost:8081";
+      }
+    ];
+
+    routers.redlib = {
+      rule = "Host(`libreddit.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "redlib";
+      entrypoints = "websecure";
+    };
+  };
+}

modules/servers/per-server/heimdall/services/uptime-kuma.nix

@@ -0,0 +1,29 @@
+{...}: {
+  services.uptime-kuma = {
+    enable = true;
+    settings = {
+      HOST = "127.0.0.1";
+    };
+  };
+  services.traefik.dynamicConfigOptions.http = {
+    services.uptime-kuma.loadBalancer.servers = [
+      {
+        url = "http://localhost:3001";
+      }
+    ];
+
+    routers.uptime-kuma = {
+      rule = "Host(`uptime.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "uptime-kuma";
+      entrypoints = "websecure";
+    };
+  };
+
+  services.restic.backups = {
+    local.paths = ["/var/lib/uptime-kuma"];
+    server.paths = ["/var/lib/uptime-kuma"];
+  };
+}

modules/servers/per-server/heimdall/services/wireguard.nix

@@ -0,0 +1,24 @@
+{config, ...}: {
+  networking = {
+    nat = {
+      enable = true;
+      enableIPv6 = true;
+      externalInterface = "enp1s0";
+      internalInterfaces = ["wg0"];
+    };
+    firewall = {
+      allowedTCPPorts = [53];
+      allowedUDPPorts = [53 51820];
+    };
+    wg-quick.interfaces.wg0.configFile = "${config.age.secrets.wg-heimdall.path}";
+  };
+
+  services.dnsmasq = {
+    enable = true;
+    settings = {
+      interface = "wg0";
+    };
+  };
+
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+}