Setup home-manager for some service users
diff --git a/modules/home-manager-users.nix b/modules/home-manager-users.nix
new file mode 100644
index 0000000..e83e0cb
--- /dev/null
+++ b/modules/home-manager-users.nix
@@ -0,0 +1,29 @@
+# Home manager is used separately from this deploy, but we still need to create
+# user accounts in the system config
+{ pkgs, lib, ... }:
+let
+  mkUser = username: {
+    isSystemUser = true;
+    linger = true;
+    createHome = true;
+    home = "/services/${username}";
+    group = "clicks";
+    shell = pkgs.bashInteractive;
+  };
+in
+{
+  imports = [
+    (builtins.fetchurl {
+      url = "https://gist.githubusercontent.com/graham33/fdbdcc18317a621d9dd54beb36be6683/raw/776ed252749313470f1c9a286a0419ba9746d133/loginctl-linger.nix";
+      sha256 = "sha256:0hwm4f13dwd27gbdn5ddvbrmcvfb70jr658jz4nbkzwzh8c02qj8";
+    })
+  ];
+
+  users.users = lib.pipe ../services [
+    builtins.readDir
+    (lib.filterAttrs (_name: value: value == "directory"))
+    builtins.attrNames
+    (map (name: { inherit name; value = mkUser name; }))
+    builtins.listToAttrs
+  ];
+}
diff --git a/services/README.md b/services/README.md
new file mode 100644
index 0000000..6caca82
--- /dev/null
+++ b/services/README.md
@@ -0,0 +1,16 @@
+# README
+
+IMPORTANT: **ONLY UNPRIVILEGED, NIX/SYSTEMD RUN SERVICES ARE INCLUDED HERE.
+SERVICES RUN WITH PM2 OR THAT NEED ROOT ARE NOT INCLUDED HERE**
+
+- systemd services should be *user* services so the unprivileged service account
+  can run them
+- all configuration should be [home-manager](https://github.com/nix-community/home-manager)
+  configuration files rather than NixOS configuration files
+
+## Installed services
+
+<!-- spell-checker:words etherpad -->
+- etherpad: <https://etherpad.org/>
+  - uses git-sync with home-manager to sync the release-3.x
+  - runs using a systemd service
diff --git a/services/etherpad/default.nix b/services/etherpad/default.nix
new file mode 100644
index 0000000..ceeed92
--- /dev/null
+++ b/services/etherpad/default.nix
@@ -0,0 +1,42 @@
+{ pkgs, config, lib, ... }: {
+  home.packages = [ pkgs.nodejs-14_x ];
+
+  services.git-sync = {
+    enable = true;
+
+    repositories = {
+      "etherpad" = {
+        path = "${config.home.homeDirectory}/etherpad/";
+        uri = "https://github.com/ether/etherpad-lite";
+      };
+    };
+  };
+
+  systemd.user.services = {
+    git-sync-etherpad.Service = {
+      Environment = [
+        "GIT_SYNC_EXECHOOK_COMMAND=${pkgs.systemd}/bin/systemctl restart etherpad --user"
+        "GIT_SYNC_REV=1.8.18"
+        "GIT_SYNC_ONE_TIME=true"
+      ];
+      ExecStart = lib.mkForce (builtins.replaceStrings [ "\n" ] [ "" ]
+        ''${pkgs.bashInteractive}/bin/sh -c "
+          ${pkgs.coreutils}/bin/mkdir -p ${config.services.git-sync.repositories.etherpad.path}
+          && cd ${config.services.git-sync.repositories.etherpad.path}
+          && ${pkgs.git}/bin/git clone ${config.services.git-sync.repositories.etherpad.uri} .
+          && ${pkgs.git}/bin/git checkout $GIT_SYNC_REV
+          ; ${config.services.git-sync.package}/bin/git-sync"'');
+    };
+    /* etherpad = { */
+    /*   Unit.Description = "A service to run etherpad"; */
+
+    /*   Install.WantedBy = [ "default.target" ]; */
+
+    /*   Service = rec { */
+    /*     ExecStart = "${pkgs.bashInteractive}/bin/sh -c \"export PATH=$PATH:/run/current-system/sw/bin && ${WorkingDirectory}src/bin/run.sh\""; */
+    /*     Restart = "always"; */
+    /*     WorkingDirectory = "${config.home.homeDirectory}/etherpad/"; */
+    /*   }; */
+    /* }; */
+  };
+}
diff --git a/services/kavita/default.nix b/services/kavita/default.nix
new file mode 100644
index 0000000..c724ad7
--- /dev/null
+++ b/services/kavita/default.nix
@@ -0,0 +1 @@
+{ pkgs, config, lib, ... }: {}
diff --git a/services/mailu/default.nix b/services/mailu/default.nix
new file mode 100644
index 0000000..0967ef4
--- /dev/null
+++ b/services/mailu/default.nix
@@ -0,0 +1 @@
+{}