initial commit

services.nix

@@ -0,0 +1,41 @@
+{ ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.caddy = {
+    enable = true;
+    enableReload = true;
+    email = "admin@pimeys.pm";
+  };
+
+  services.postgresql.enable = true;
+
+  virtualisation.podman = {
+    enable = true;
+    autoPrune.enable = true;
+    dockerCompat = true;
+    defaultNetwork.settings = {
+      # Required for container networking to be able to use names.
+      dns_enabled = true;
+    };
+  };
+
+  virtualisation.oci-containers.backend = "podman";
+
+  networking.firewall = {
+    trustedInterfaces = [ "podman1" ];
+    interfaces.podman1.allowedUDPPorts = [ 53 ];
+  };
+
+  imports = [
+    ./vaultwarden.nix
+    ./immich.nix
+    ./syncthing.nix
+    ./invidious.nix
+    ./grafana.nix
+    ./gtrackmap.nix
+    ./owncast.nix
+    ./hydra.nix
+    ./wireguard.nix
+  ];
+}