challenger: move more services from voyager: calibre-web, calibre-server, komga, nextcloud, postgres, timemachine

hosts/challenger/configuration.nix

@@ -9,8 +9,13 @@
       ./exports.nix
       ./filesystems.nix
 
-      ./services/nginx.nix
+      ./services/calibre.nix
       ./services/jellyfin.nix
+      ./services/komga.nix
+      ./services/nextcloud.nix
+      ./services/nginx.nix
+      ./services/postgres.nix
+      ./services/timemachine.nix
   ];
 
   networking = {

hosts/challenger/services/komga.nix

@@ -3,6 +3,12 @@ let
   domain = "komga.home.feal.no";
   cfg = config.services.komga;
 in {
+  services.komga = {
+    enable = true;
+    stateDir = "/tank/media/komga";
+    port = 5001;
+  };
+
   services.nginx.virtualHosts.${domain} = {
     locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
 
@@ -10,10 +16,4 @@ in {
       client_max_body_size 512M;
     '';
   };
-
-  services.komga = {
-    enable = true;
-    stateDir = "/tank/media/komga";
-    port = 8034;
-  };
 }

hosts/challenger/services/nextcloud.nix

@@ -109,6 +109,7 @@ in {
       ProtectProc = "invisible";
       ReadWritePaths = [ "/tank/nextcloud" "/run/phpfpm" "/run/systemd" ];
       ReadOnlyPaths = [ "/run/secrets" "/nix/store" ];
+      InaccessbilePaths = [ "/tank/media" "/tank/backup" ];
       RemoveIPC = true;
       RestrictSUIDSGID = true;
       UMask = "0007";

hosts/challenger/services/postgres.nix

@@ -19,5 +19,3 @@
 
   environment.systemPackages = [ config.services.postgresql.package ];
 }
-
-

hosts/voyager/configuration.nix

@@ -10,12 +10,8 @@
       ./exports.nix
       ./filesystems.nix
 
-      ./services/calibre.nix
       ./services/fancontrol.nix
-      ./services/komga.nix
-      ./services/nextcloud.nix
       ./services/podgrab.nix
-      ./services/postgres.nix
       ./services/snappymail.nix
       ./services/timemachine.nix
   ];