mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mkModule various + fixes

Browse Source
This commit is contained in:
mjallen18
2025-12-18 17:20:21 -06:00
parent e0b1e72431
commit 05486efb75
14 changed files with 200 additions and 398 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/nixos/services/ersatztv/default.nix
View File

@@ -21,7 +21,7 @@ let
volumes = [
"${cfg.configDir}/ersatztv:/config"
"${cfg.dataDir}/movies:/libraries/movies"
"${cfg.dataDir}/movies:/libraries/tv"
"${cfg.dataDir}/tv:/libraries/tv"
"${cfg.configDir}/transcode:/transcode"
];
ports = [

4
modules/nixos/services/paperless/default.nix
View File

@@ -23,8 +23,8 @@ let
# user = "nix-apps";
address = cfg.listenAddress;
dataDir = "${cfg.configDir}/paperless";
passwordFile = "${cfg.configDir}/paperless/paperless-password";
# environmentFile = paperlessEnv;
# passwordFile = "${cfg.configDir}/paperless/paperless-passwords";
environmentFile = config.sops.templates."paperless.env".path;
domain = "paperless.mjallen.dev";
database.createLocally = true;
};

92
modules/nixos/services/protonmail-bridge/default.nix
View File

@@ -7,55 +7,65 @@
}:
with lib;
let
cfg = config.${namespace}.services.protonmail-bridge;
in
{
imports = [ ./options.nix ];
inherit (lib.${namespace}) mkOpt;
name = "protonmail-bridge";
cfg = config.${namespace}.services.${name};
config = mkIf cfg.enable {
# Open firewall for protonmail bridge if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [
cfg.smtpPort
cfg.imapPort
];
allowedUDPPorts = [
cfg.smtpPort
cfg.imapPort
];
protonmailConfig = lib.${namespace}.mkModule {
inherit config name;
description = "protonmail bridge";
options = {
imapPort = mkOpt types.int 1025 "imap port";
smtpPort = mkOpt types.int 1143 "smtp port";
};
# Install protonmail-bridge package
environment.systemPackages = with pkgs; [
protonmail-bridge
gnome-keyring
gnupg
pass
];
# Configure systemd user service for protonmail-bridge
systemd.user.services.protonmail-bridge = {
description = "Protonmail Bridge";
enable = true;
environment = {
GNUPGHOME = "%h/.gnupg";
PASSWORD_STORE_DIR = "%h/.password-store";
moduleConfig = {
# Open firewall for protonmail bridge if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [
cfg.smtpPort
cfg.imapPort
];
allowedUDPPorts = [
cfg.smtpPort
cfg.imapPort
];
};
script = "${lib.getExe pkgs.protonmail-bridge} --noninteractive";
path = with pkgs; [
# Install protonmail-bridge package
environment.systemPackages = with pkgs; [
protonmail-bridge
gnome-keyring
gnupg
pass
protonmail-bridge
];
wantedBy = [ "default.target" ];
after = [ "gpg-agent.service" ];
};
# Configure gpg-agent
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
# Configure systemd user service for protonmail-bridge
systemd.user.services.protonmail-bridge = {
description = "Protonmail Bridge";
enable = true;
environment = {
GNUPGHOME = "%h/.gnupg";
PASSWORD_STORE_DIR = "%h/.password-store";
};
script = "${lib.getExe pkgs.protonmail-bridge} --noninteractive";
path = with pkgs; [
gnome-keyring
gnupg
pass
protonmail-bridge
];
wantedBy = [ "default.target" ];
after = [ "gpg-agent.service" ];
};
# Configure gpg-agent
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
};
in
{
imports = [ protonmailConfig ];
}

31
modules/nixos/services/protonmail-bridge/options.nix
View File

@@ -1,31 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.protonmail-bridge = {
enable = mkEnableOption "protonmail bridge service";
smtpPort = mkOption {
type = types.port;
default = 1025;
description = "SMTP port for protonmail bridge";
};
imapPort = mkOption {
type = types.port;
default = 1143;
description = "IMAP port for protonmail bridge";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open firewall for protonmail bridge";
};
user = mkOption {
type = types.str;
default = "admin";
description = "User to run protonmail bridge as";
};
};
}

40
modules/nixos/services/restic/default.nix
View File

@@ -6,28 +6,26 @@
}:
with lib;
let
cfg = config.${namespace}.services.restic;
in
{
imports = [ ./options.nix ];
name = "restic";
cfg = config.${namespace}.services.${name};
config = mkIf cfg.enable {
# Configure the standard NixOS restic server service
services.restic.server = {
enable = true;
dataDir = cfg.dataDir;
prometheus = cfg.prometheus;
listenAddress = "${cfg.listenAddress}:${toString cfg.port}";
extraFlags = cfg.extraFlags;
}
// optionalAttrs (cfg.htpasswdFile != null) {
htpasswd-file = cfg.htpasswdFile;
};
# Open firewall for restic server if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
resticConfig = lib.${namespace}.mkModule {
inherit config name;
description = "restic";
options = { };
moduleConfig = {
# Configure the standard NixOS restic server service
services.restic.server = {
enable = true;
dataDir = "${cfg.dataDir}/backup/restic";
prometheus = true;
listenAddress = "${cfg.listenAddress}:${toString cfg.port}";
htpasswd-file = "${cfg.dataDir}/backup/restic/.htpasswd";
extraFlags = [ "--no-auth" ];
};
};
};
in
{
imports = [ resticConfig ];
}

49
modules/nixos/services/restic/options.nix
View File

@@ -1,49 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.restic = {
enable = mkEnableOption "restic server with enhanced configuration";
port = mkOption {
type = types.port;
default = 8008;
description = "Port for restic server";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open firewall for restic server";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/restic";
description = "Data directory for restic server";
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = "Address to bind restic server to";
};
prometheus = mkOption {
type = types.bool;
default = true;
description = "Whether to enable prometheus metrics";
};
htpasswdFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to htpasswd file for authentication";
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [ ];
description = "Extra flags to pass to restic server";
};
};
}

76
modules/nixos/services/tdarr/default.nix
View File

@@ -6,42 +6,50 @@
}:
with lib;
let
cfg = config.${namespace}.services.tdarr;
in
{
imports = [ ./options.nix ];
inherit (lib.${namespace}) mkOpt;
name = "tdarr";
cfg = config.${namespace}.services.${name};
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.${cfg.name} = {
autoStart = true;
image = cfg.image;
extraOptions = [ "--device=nvidia.com/gpu=0" ];
volumes = [
"${cfg.configPath}:/app/configs"
"${cfg.serverPath}:/app/server"
"${cfg.logPath}:/app/logs"
"${cfg.transcodePath}:/temp"
"${cfg.moviesPath}:/data/movies"
"${cfg.tvPath}:/data/tv"
];
ports = [
"${cfg.serverPort}:8266"
"${cfg.webUIPort}:8265"
];
environment = {
serverPort = "8266";
webUIPort = "8265";
internalNode = "true";
inContainer = "true";
ffmpegVersion = "6";
nodeName = "tdarr node";
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
tdarrConfig = lib.${namespace}.mkModule {
inherit config name;
description = "tdarr";
options = {
serverPort = mkOpt types.str "8266" "node port";
};
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "ghcr.io/haveagitgat/tdarr";
extraOptions = [ "--device=nvidia.com/gpu=0" ];
volumes = [
"${cfg.configDir}/tdarr/config:/app/configs"
"${cfg.configDir}/tdarr/server:/app/server"
"${cfg.configDir}/tdarr/logs:/app/logs"
"${cfg.configDir}/tdarr/transcode:/temp"
"${cfg.dataDir}/movies:/data/movies"
"${cfg.dataDir}/tv:/data/tv"
];
ports = [
"${cfg.serverPort}:8266"
"${cfg.port}:8265"
];
environment = {
serverPort = "8266";
webUIPort = "8265";
internalNode = "true";
inContainer = "true";
ffmpegVersion = "6";
nodeName = "tdarr node";
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
in
{
imports = [ tdarrConfig ];
}

77
modules/nixos/services/tdarr/options.nix
View File

@@ -1,77 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.tdarr = {
enable = mkEnableOption "tdarr docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
serverPort = mkOption {
type = types.str;
default = "8266";
};
webUIPort = mkOption {
type = types.str;
default = "8265";
};
name = mkOption {
type = types.str;
default = "tdarr";
};
image = mkOption {
type = types.str;
default = "ghcr.io/haveagitgat/tdarr";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/config";
};
serverPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/server";
};
logPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/logs";
};
transcodePath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/transcode";
};
moviesPath = mkOption {
type = types.str;
default = "/media/nas/main/movies";
};
tvPath = mkOption {
type = types.str;
default = "/media/nas/main/tv";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

75
modules/nixos/services/unmanic/default.nix
View File

@@ -7,55 +7,36 @@
with lib;
let
inherit (lib.${namespace}) mkOpt mkReverseProxyOpt;
cfg = config.${namespace}.services.unmanic;
in
{
options.${namespace}.services.unmanic = {
enable = mkEnableOption "unmanic service";
name = "unmanic";
cfg = config.${namespace}.services.${name};
name = mkOpt types.str "unmanic" "container name";
image = mkOpt types.str "josh5/unmanic" "container image";
port = mkOpt types.int 8265 "Port for unmanic to be hosted on";
configPath = mkOpt types.str "" "Path to the data dir";
moviesPath = mkOpt types.str "" "Path to the data dir";
tvPath = mkOpt types.str "" "Path to the data dir";
transcodePath = mkOpt types.str "" "Path to the data dir";
puid = mkOpt types.str "911" "uid";
pgid = mkOpt types.str "1000" "gid";
timeZone = mkOpt types.str "America/Chicago" "Timezone";
reverseProxy = mkReverseProxyOpt;
};
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.${cfg.name} = {
autoStart = true;
image = cfg.image;
extraOptions = [ "--device=/dev/dri" ];
volumes = [
"${cfg.configPath}:/config"
"${cfg.moviesPath}:/library/movies"
"${cfg.tvPath}:/library/tv"
"${cfg.transcodePath}:/tmp/unmanic"
];
ports = [
"${toString cfg.port}:8888"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
unmanicConfig = lib.${namespace}.mkModule {
inherit config name;
description = "unmanic";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "josh5/unmanic";
extraOptions = [ "--device=/dev/dri" ];
volumes = [
"${cfg.configDir}/unmanic:/config"
"${cfg.dataDir}/movies:/library/movies"
"${cfg.dataDir}/tv:/library/tv"
"${cfg.configDir}/unmanic/transcode:/tmp/unmanic"
];
ports = [
"${toString cfg.port}:8888"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
in
{
imports = [ unmanicConfig ];
}

72
modules/nixos/services/uptimekuma/default.nix
View File

@@ -6,67 +6,25 @@
}:
with lib;
let
inherit (lib.${namespace}) mkOpt mkReverseProxyOpt;
cfg = config.${namespace}.services.uptime-kuma;
name = "uptime-kuma";
cfg = config.${namespace}.services.${name};
uptime-kumaConfig = {
services.uptime-kuma = {
enable = true;
appriseSupport = true;
settings = {
HOST = "0.0.0.0";
PORT = "${toString cfg.port}";
# DATA_DIR = lib.mkForce cfg.dataDir;
uptime-kumaConfig = lib.${namespace}.mkModule {
inherit config name;
description = "uptime kuma";
options = { };
moduleConfig = {
services.uptime-kuma = {
enable = true;
appriseSupport = true;
settings = {
HOST = "0.0.0.0";
PORT = "${toString cfg.port}";
};
};
};
# systemd.services = {
# uptime-kuma = {
# serviceConfig = {
# WorkingDirectory = lib.mkForce cfg.dataDir;
# StateDirectory = lib.mkForce null; # cfg.dataDir;
# StateDirectoryMode = lib.mkForce 700;
# DynamicUser = lib.mkForce false;
# ProtectSystem = lib.mkForce false;
# };
# };
# };
# users.users.uptime-kuma = {
# isSystemUser = true;
# group = "uptime-kuma";
# home = cfg.dataDir;
# };
# users.groups.uptime-kuma = {};
};
# Create reverse proxy configuration using mkReverseProxy
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
name = "uptime-kuma";
subdomain = cfg.reverseProxy.subdomain;
url = "http://${cfg.localAddress}:${toString cfg.port}";
middlewares = cfg.reverseProxy.middlewares;
};
fullConfig = {
"${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable {
reverseProxies = [ reverseProxyConfig ];
};
}
// uptime-kumaConfig;
in
{
options.${namespace}.services.uptime-kuma = {
enable = mkEnableOption "uptime-kuma service";
port = mkOpt types.int 4000 "Port for uptime-kuma to be hosted on";
localAddress = mkOpt types.str "127.0.0.1" "local address of the service";
dataDir = mkOpt types.str "" "Path to the data dir";
reverseProxy = mkReverseProxyOpt;
};
config = mkIf cfg.enable fullConfig;
imports = [ uptime-kumaConfig ];
}

53
modules/nixos/services/wyoming/default.nix
View File

@@ -6,29 +6,46 @@
}:
with lib;
let
cfg = config.${namespace}.services.wyoming;
in
{
imports = [ ./options.nix ];
name = "wyoming";
cfg = config.${namespace}.services.${name};
config = mkIf cfg.enable {
services.wyoming = {
faster-whisper.servers.hass-whisper = {
enable = true;
useTransformers = false;
device = lib.mkForce "auto";
language = "en";
model = "distil-large-v3";
uri = "tcp://0.0.0.0:10300";
wyomingConfig = lib.${namespace}.mkModule {
inherit config name;
description = "wyoming protocol";
options = { };
moduleConfig = {
# Open firewall for protonmail bridge if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [
10200
10300
];
allowedUDPPorts = [
10200
10300
];
};
piper = {
servers.hass-piper = {
services.wyoming = {
faster-whisper.servers.hass-whisper = {
enable = true;
voice = "en-us-ryan-high";
uri = "tcp://0.0.0.0:10200";
useTransformers = false;
device = lib.mkForce "auto";
language = "en";
model = "distil-large-v3";
uri = "tcp://0.0.0.0:10300";
};
piper = {
servers.hass-piper = {
enable = true;
voice = "en-us-ryan-high";
uri = "tcp://0.0.0.0:10200";
};
};
};
};
};
in
{
imports = [ wyomingConfig ];
}

7
modules/nixos/services/wyoming/options.nix
View File

@@ -1,7 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.wyoming = {
enable = mkEnableOption "enable wyoming";
};
}

18
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -159,30 +159,24 @@ in
enable = true;
smtpPort = 1025;
imapPort = 1143;
user = "admin";
};
restic = {
enable = true;
port = 8008;
dataDir = "/media/nas/main/backup/restic";
prometheus = true;
listenAddress = "0.0.0.0";
htpasswdFile = "/media/nas/main/backup/restic/.htpasswd";
extraFlags = [ "--no-auth" ];
};
tdarr = disabled;
tdarr = {
enable = false;
port = 8265;
serverPort = 8266;
};
traefik = enabled;
unmanic = {
enable = true;
configPath = "/media/nas/main/nix-app-data/unmanic/config";
moviesPath = "/media/nas/main/movies";
tvPath = "/media/nas/main/tv";
transcodePath = "/media/nas/main/nix-app-data/unmanic/transcode";
port = 8265;
};
uptime-kuma = {
enable = true;
port = 3001;
dataDir = "/media/nas/main/nix-app-data/uptime-kuma";
};
wyoming = enabled;
};

2
systems/x86_64-linux/jallen-nas/sops.nix
View File

@@ -289,7 +289,7 @@ in
mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "container@paperless.service" ];
restartUnits = [ "paperless-web.service" ];
};
};
};