Services

The Coagulate estate is currently managed by NixOS ; the history of Coagulate's OS choices can be seen here.

The NixOS configuration uses flakes and various included service modules, part of the deployment of NixOS includes automatically rendering this site of hosts and services deployed

Current services by name include:

  • accounting - Per systemd unit accounting of CPU/IO/network activity, logged to Zabbix.
  • acpid - Standard module for x86 variants for ACPI support.
  • apparmor - Enables custom AppArmor modules.
  • auditd - Configures the auditing daemon, backlog, and so on.
  • backups - Enables configuration to run backup scripts.
  • bind-master - Split view DNS server, with Samba DLZ for internal, running in zone master configuration for external.
  • bind-slave - Split view DNS server, with Samba DLZ for internal, running in zone slave configuration for external.
  • bind-standalone - Single view DNS server with Samba DLZ.
  • bmon - BMon bandwidth monitoring (and reporting).
  • bootserver - Installation of a PXE/NFS root server.
  • ca - Installation of Coagulate internal CA.
  • certbot - Performs regular certificate refreshes through Let's Encrypt, and pushes the resulting certificate material into the Nix OS deployments.
  • certificate - Hosting for the certificate website that publishes the Coagulate CA and CRL.
  • configuration - Exports active host configuration as JSON into /etc/configuration, for use by scripts.
  • configuration-website - Exports the estate's active configuration to files and webserves them as config.coagulate.net or configuration.coagulate.net.
  • dhcp-forge - Configuration of a DHCP server for internal staging VMs.
  • dhcp-intranet - Configuration of a DHCP server for LAN.
  • dovecot - IMAP server for reading email.
  • energenie - Power monitoring service.
  • exim - SMTP server for receiving/sending email.
  • fetchmail - Downloads mail from any third party mail services I use.
  • filehistory - Exposes a shared folder for use with Windows File History.
  • forge - Configures the machine as a build/development box.
  • forge-updates - Configures the machine to automatically run nix flake updates, and submit the results as a Merge Request for automated testing, merging and deployment, if successful.
  • ganymede - Specific configuration for this power safe node.
  • gateway - Configure forwarding/routing/etc.
  • getpass - Runs a console application.
  • githooks - Handles git related webhooks.
  • gitlab - GitLab - github like website, used to do builds and deploys internally.
  • grafana - Metrics graphing ; can graph Zabbix data.
  • immich - Image storage application.
  • impermanence - Enforces the boundary between data and everything else (read the linked page, this isn't entirely what it does, but it's a side effect)
  • kerberos - Deployment of host kerberos keys.
  • keyserver-secondary - Configure as a secondary key server.
  • l4d2 - Left4Dead2 Steam Group server.
  • logrotate - Standard log rotations.
  • mcp - Master Control Program (aka TaskMaster ; a helper utility for running tasks. see its page)
  • nat - Enable Network Address Translation
  • netshell - Specific configuration for the environment running as a PXE booted NFS root.
  • nfsbackup - Mount NFS backup storage.
  • nix-serve - Serve Nix closures.
  • nomodeset - Disable modesetting in the kernel command line (I have one machine that bricks its SD card reader when it does this, which causes the boot sequence to not progress).
  • not-forge - Configuration for hosts that do not forge (as in sets substituters from the forge)
  • ntp - Network Time Protocol for LAN hosts
  • ntp-gw - Network Time Protocol for Internet hosts/gateways
  • openssh - Configures OpenSSH
  • paperless - Document storage system
  • persistence - Some basic things to persist over reboots
  • python3 - Configuration for Python3
  • qemu - Configuration for QEMU used to run Deployment Staging Virtual Machines.
  • radicale - Calendar WebDAV storage.
  • raid - Support for MD monitoring.
  • raspberrypi - Raspberry Pi specific settings
  • releases - WebDAV website used to download/upload binary releases internally.
  • repo-tg - Automatic download and update of the TG repo
  • repos - Automatic download and update of core repos
  • root-unlock - Root full disk encryption
  • rsync - Rsync configuration ; allows remote backups
  • samba - AD emulator
  • scanner - Support for scanner (probably broken)
  • secureboot - Enables secure boot and TPM.
  • sl - Second Life application.
  • sl-stats - Record (zabbix) information from the Second Life applications data.
  • sl-wikis - Documentation sites for Second Life.
  • smartcard - Support for smartcard, including yubikey.
  • smartd - SMART daemon for supporting hosts.
  • sslkeys - Deploys Let's Encrypt certificate and keys to relevant notes.
  • staging-vms - Creates systemd units to drive Staging VMs (both persistent and freshly recreated) and their relevant Software TPMs.
  • sudo - Standard estate wide sudo configuration.
  • syslog - System logging (journald is so wasteful)
  • tpm2 - Support TPM
  • unlimit-pings - Disable rate limiting in ICMP Echo responses, otherwise you'll always get 90% packet loss on 0.1 second ping spam.
  • upnp - Punches holes in the firewall automatically. Yay!
  • vaultwarden - Password manager
  • website - This website
  • wireguard - VPN node
  • wireless - Wireless network support and configuration
  • zabbix-agent - Per server Zabbix monitoring agent
  • zabbix-server - Central Zabbix server and website