nixos/hosts/app-01/default.nix

# hosts/app-01/default.nix
{
  config,
  lib,
  pkgs,
  pkgsUnstable,
  inputs,
  ...
}:
{
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  network-dhcp = {
    enable = true;
    hardwareAddress = "BC:24:11:B7:0C:49";
  };
  qemu.enable = true;
  spice.enable = true;

  sops.secrets = {
    "MINIFLUX_SECRETS" = {
      sopsFile = ../../secrets/app-01_miniflux.env;
      format = "binary";
      # Not necessary
      owner = "miniflux";
      mode = "0400";
    };
    "SEARXNG_SECRETS" = {
      sopsFile = ../../secrets/app-01_searxng.env;
      format = "binary";
      owner = "searx";
      mode = "0400";
    };
    "STIRLINGPDF_SECRETS" = {
      sopsFile = ../../secrets/app-01_stirlingpdf.env;
      format = "binary";
      # Not necessary
      #owner = "stirling-pdf";
      mode = "0400";
    };
  };

  dockerserver.enable = true;
  miniflux = {
    enable = true;
    environmentFile = config.sops.secrets."MINIFLUX_SECRETS".path;
  };
  radicale.enable = true;
  searxng = {
    enable = true;
    environmentFile = config.sops.secrets."SEARXNG_SECRETS".path;
  };
  stirling-pdf = {
    enable = true;
    environmentFiles = [ config.sops.secrets."STIRLINGPDF_SECRETS".path ];
  };

  services.traefik = {
    staticConfigOptions = {
      entryPoints = {
        gitea-ssh = {
          address = ":2200";
        };
      };
    };
  };

  borg-config = {
    enable = true;

    backupLabel = "appserver";
    localRepoPath = "ssh://borg@borg-01.tail755c5.ts.net/./";
    remoteRepoPath = "ssh://fm1833@fm1833.rsync.net/./appdata";
    sourceDirectories = [
      "/mnt/data/docker-compose"
      "/mnt/data/services"
    ];
    hcPingUrlLocal = "https://hc.its-et.me/ping/PlGPBqq-0rLI4N4ya3jYmg/backup-appdata";
    hcPingUrlRemote = "https://hc.its-et.me/ping/PlGPBqq-0rLI4N4ya3jYmg/backup-appdata-remote";
  };

  base.userSSHKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7okhAMUPfQQWlu2+627UwJNKqYUGVZhQScny8uutZL etorres@xenon"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIExID7De5qVOFAoe4o4+A0SkmVBKLxm1M75ngr3eAr4A etorres@erics-mac"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQyyYYTekJE2/nqfvzFq1MGmu7F6NMSTd5wFEEjenlA etorres@iphone"
  ];
}