===== Services ===== The Coagulate estate is currently managed by NixOS ; the [[Linux|history of Coagulate's OS choices can be seen here]]. The NixOS configuration uses flakes and various included service modules, part of the deployment of NixOS includes automatically rendering this [[https://configuration.coagulate.net|site of hosts and services deployed]] Current services by name include: * **accounting** - Per systemd unit accounting of CPU/IO/network activity, logged to Zabbix. * **acpid** - Standard module for x86 variants for ACPI support. * **[[AppArmor|apparmor]]** - Enables custom AppArmor modules. * **auditd** - Configures the auditing daemon, backlog, and so on. * **backups** - Enables configuration to run backup scripts. * **bind-master** - Split view DNS server, with Samba DLZ for internal, running in zone master configuration for external. * **bind-slave** - Split view DNS server, with Samba DLZ for internal, running in zone slave configuration for external. * **bind-standalone** - Single view DNS server with Samba DLZ. * **bmon** - BMon bandwidth monitoring (and reporting). * **bootserver** - Installation of a PXE/NFS root server. * **ca** - Installation of Coagulate internal CA. * **certbot** - Performs regular certificate refreshes through Let's Encrypt, and pushes the resulting certificate material into the Nix OS deployments. * **certificate** - Hosting for the certificate website that publishes the Coagulate CA and CRL. * **configuration** - Exports active host configuration as JSON into /etc/configuration, for use by scripts. * **configuration-website** - Exports the estate's active configuration to files and webserves them as config.coagulate.net or configuration.coagulate.net. * **dhcp-forge** - Configuration of a DHCP server for internal staging VMs. * **dhcp-intranet** - Configuration of a DHCP server for LAN. * **dovecot** - IMAP server for reading email. * **energenie** - Power monitoring service. * **exim** - SMTP server for receiving/sending email. * **fetchmail** - Downloads mail from any third party mail services I use. * **filehistory** - Exposes a shared folder for use with Windows File History. * **forge** - Configures the machine as a build/development box. * **forge-updates** - Configures the machine to automatically run nix flake updates, and submit the results as a Merge Request for automated testing, merging and deployment, if successful. * **ganymede** - Specific configuration for this power safe node. * **gateway** - Configure forwarding/routing/etc. * **getpass** - Runs a console application. * **githooks** - Handles git related webhooks. * **gitlab** - GitLab - github like website, used to do builds and deploys internally. * **grafana** - Metrics graphing ; can graph Zabbix data. * **immich** - Image storage application. * **impermanence** - Enforces the boundary between data and everything else (read the linked page, this isn't entirely what it does, but it's a side effect) * **kerberos** - Deployment of host kerberos keys. * **keyserver-secondary** - Configure as a secondary key server. * **l4d2** - Left4Dead2 Steam Group server. * **logrotate** - Standard log rotations. * **mcp** - Master Control Program (aka TaskMaster ; a helper utility for running tasks. see its page) * **nat** - Enable Network Address Translation * **netshell** - Specific configuration for the environment running as a PXE booted NFS root. * **nfsbackup** - Mount NFS backup storage. * **nix-serve** - Serve Nix closures. * **nomodeset** - Disable modesetting in the kernel command line (I have one machine that bricks its SD card reader when it does this, which causes the boot sequence to not progress). * **not-forge** - Configuration for hosts that do not forge (as in sets substituters from the forge) * **ntp** - Network Time Protocol for LAN hosts * **ntp-gw** - Network Time Protocol for Internet hosts/gateways * **openssh** - Configures OpenSSH * **paperless** - Document storage system * **persistence** - Some basic things to persist over reboots * **python3** - Configuration for Python3 * **qemu** - Configuration for QEMU used to run Deployment Staging Virtual Machines. * **radicale** - Calendar WebDAV storage. * **raid** - Support for MD monitoring. * **raspberrypi** - Raspberry Pi specific settings * **releases** - WebDAV website used to download/upload binary releases internally. * **repo-tg** - Automatic download and update of the TG repo * **repos** - Automatic download and update of core repos * **root-unlock** - Root full disk encryption * **rsync** - Rsync configuration ; allows remote backups * **samba** - AD emulator * **scanner** - Support for scanner (probably broken) * **secureboot** - Enables secure boot and TPM. * **sl** - Second Life application. * **sl-stats** - Record (zabbix) information from the Second Life applications data. * **sl-wikis** - Documentation sites for Second Life. * **smartcard** - Support for smartcard, including yubikey. * **smartd** - SMART daemon for supporting hosts. * **sslkeys** - Deploys Let's Encrypt certificate and keys to relevant notes. * **staging-vms** - Creates systemd units to drive Staging VMs (both persistent and freshly recreated) and their relevant Software TPMs. * **sudo** - Standard estate wide sudo configuration. * **syslog** - System logging (journald is so wasteful) * **tpm2** - Support TPM * **unlimit-pings** - Disable rate limiting in ICMP Echo responses, otherwise you'll always get 90% packet loss on 0.1 second ping spam. * **upnp** - Punches holes in the firewall automatically. Yay! * **vaultwarden** - Password manager * **website** - This website * **wireguard** - VPN node * **wireless** - Wireless network support and configuration * **zabbix-agent** - Per server Zabbix monitoring agent * **zabbix-server** - Central Zabbix server and website