From 05486efb75d48372dda3f1cace499a66559b7050 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Thu, 18 Dec 2025 17:20:21 -0600 Subject: [PATCH] mkModule various + fixes --- modules/nixos/services/ersatztv/default.nix | 2 +- modules/nixos/services/paperless/default.nix | 4 +- .../services/protonmail-bridge/default.nix | 92 ++++++++++--------- .../services/protonmail-bridge/options.nix | 31 ------- modules/nixos/services/restic/default.nix | 40 ++++---- modules/nixos/services/restic/options.nix | 49 ---------- modules/nixos/services/tdarr/default.nix | 76 ++++++++------- modules/nixos/services/tdarr/options.nix | 77 ---------------- modules/nixos/services/unmanic/default.nix | 75 ++++++--------- modules/nixos/services/uptimekuma/default.nix | 72 +++------------ modules/nixos/services/wyoming/default.nix | 53 +++++++---- modules/nixos/services/wyoming/options.nix | 7 -- systems/x86_64-linux/jallen-nas/apps.nix | 18 ++-- systems/x86_64-linux/jallen-nas/sops.nix | 2 +- 14 files changed, 200 insertions(+), 398 deletions(-) delete mode 100644 modules/nixos/services/protonmail-bridge/options.nix delete mode 100644 modules/nixos/services/restic/options.nix delete mode 100755 modules/nixos/services/tdarr/options.nix delete mode 100644 modules/nixos/services/wyoming/options.nix diff --git a/modules/nixos/services/ersatztv/default.nix b/modules/nixos/services/ersatztv/default.nix index ab3c0e9..60802a6 100644 --- a/modules/nixos/services/ersatztv/default.nix +++ b/modules/nixos/services/ersatztv/default.nix @@ -21,7 +21,7 @@ let volumes = [ "${cfg.configDir}/ersatztv:/config" "${cfg.dataDir}/movies:/libraries/movies" - "${cfg.dataDir}/movies:/libraries/tv" + "${cfg.dataDir}/tv:/libraries/tv" "${cfg.configDir}/transcode:/transcode" ]; ports = [ diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index cfaf98a..eb21692 100755 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -23,8 +23,8 @@ let # user = "nix-apps"; address = cfg.listenAddress; dataDir = "${cfg.configDir}/paperless"; - passwordFile = "${cfg.configDir}/paperless/paperless-password"; - # environmentFile = paperlessEnv; + # passwordFile = "${cfg.configDir}/paperless/paperless-passwords"; + environmentFile = config.sops.templates."paperless.env".path; domain = "paperless.mjallen.dev"; database.createLocally = true; }; diff --git a/modules/nixos/services/protonmail-bridge/default.nix b/modules/nixos/services/protonmail-bridge/default.nix index 40d2e7b..cb07e50 100644 --- a/modules/nixos/services/protonmail-bridge/default.nix +++ b/modules/nixos/services/protonmail-bridge/default.nix @@ -7,55 +7,65 @@ }: with lib; let - cfg = config.${namespace}.services.protonmail-bridge; -in -{ - imports = [ ./options.nix ]; + inherit (lib.${namespace}) mkOpt; + name = "protonmail-bridge"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - # Open firewall for protonmail bridge if enabled - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ - cfg.smtpPort - cfg.imapPort - ]; - allowedUDPPorts = [ - cfg.smtpPort - cfg.imapPort - ]; + protonmailConfig = lib.${namespace}.mkModule { + inherit config name; + description = "protonmail bridge"; + options = { + imapPort = mkOpt types.int 1025 "imap port"; + smtpPort = mkOpt types.int 1143 "smtp port"; }; - - # Install protonmail-bridge package - environment.systemPackages = with pkgs; [ - protonmail-bridge - gnome-keyring - gnupg - pass - ]; - - # Configure systemd user service for protonmail-bridge - systemd.user.services.protonmail-bridge = { - description = "Protonmail Bridge"; - enable = true; - environment = { - GNUPGHOME = "%h/.gnupg"; - PASSWORD_STORE_DIR = "%h/.password-store"; + moduleConfig = { + # Open firewall for protonmail bridge if enabled + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ + cfg.smtpPort + cfg.imapPort + ]; + allowedUDPPorts = [ + cfg.smtpPort + cfg.imapPort + ]; }; - script = "${lib.getExe pkgs.protonmail-bridge} --noninteractive"; - path = with pkgs; [ + + # Install protonmail-bridge package + environment.systemPackages = with pkgs; [ + protonmail-bridge gnome-keyring gnupg pass - protonmail-bridge ]; - wantedBy = [ "default.target" ]; - after = [ "gpg-agent.service" ]; - }; - # Configure gpg-agent - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; + # Configure systemd user service for protonmail-bridge + systemd.user.services.protonmail-bridge = { + description = "Protonmail Bridge"; + enable = true; + environment = { + GNUPGHOME = "%h/.gnupg"; + PASSWORD_STORE_DIR = "%h/.password-store"; + }; + script = "${lib.getExe pkgs.protonmail-bridge} --noninteractive"; + path = with pkgs; [ + gnome-keyring + gnupg + pass + protonmail-bridge + ]; + wantedBy = [ "default.target" ]; + after = [ "gpg-agent.service" ]; + }; + + # Configure gpg-agent + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; }; }; +in +{ + imports = [ protonmailConfig ]; } diff --git a/modules/nixos/services/protonmail-bridge/options.nix b/modules/nixos/services/protonmail-bridge/options.nix deleted file mode 100644 index 4d55687..0000000 --- a/modules/nixos/services/protonmail-bridge/options.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.protonmail-bridge = { - enable = mkEnableOption "protonmail bridge service"; - - smtpPort = mkOption { - type = types.port; - default = 1025; - description = "SMTP port for protonmail bridge"; - }; - - imapPort = mkOption { - type = types.port; - default = 1143; - description = "IMAP port for protonmail bridge"; - }; - - openFirewall = mkOption { - type = types.bool; - default = true; - description = "Whether to open firewall for protonmail bridge"; - }; - - user = mkOption { - type = types.str; - default = "admin"; - description = "User to run protonmail bridge as"; - }; - }; -} diff --git a/modules/nixos/services/restic/default.nix b/modules/nixos/services/restic/default.nix index f42570a..64418e7 100644 --- a/modules/nixos/services/restic/default.nix +++ b/modules/nixos/services/restic/default.nix @@ -6,28 +6,26 @@ }: with lib; let - cfg = config.${namespace}.services.restic; -in -{ - imports = [ ./options.nix ]; + name = "restic"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - # Configure the standard NixOS restic server service - services.restic.server = { - enable = true; - dataDir = cfg.dataDir; - prometheus = cfg.prometheus; - listenAddress = "${cfg.listenAddress}:${toString cfg.port}"; - extraFlags = cfg.extraFlags; - } - // optionalAttrs (cfg.htpasswdFile != null) { - htpasswd-file = cfg.htpasswdFile; - }; - - # Open firewall for restic server if enabled - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.port ]; - allowedUDPPorts = [ cfg.port ]; + resticConfig = lib.${namespace}.mkModule { + inherit config name; + description = "restic"; + options = { }; + moduleConfig = { + # Configure the standard NixOS restic server service + services.restic.server = { + enable = true; + dataDir = "${cfg.dataDir}/backup/restic"; + prometheus = true; + listenAddress = "${cfg.listenAddress}:${toString cfg.port}"; + htpasswd-file = "${cfg.dataDir}/backup/restic/.htpasswd"; + extraFlags = [ "--no-auth" ]; + }; }; }; +in +{ + imports = [ resticConfig ]; } diff --git a/modules/nixos/services/restic/options.nix b/modules/nixos/services/restic/options.nix deleted file mode 100644 index f126515..0000000 --- a/modules/nixos/services/restic/options.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.restic = { - enable = mkEnableOption "restic server with enhanced configuration"; - - port = mkOption { - type = types.port; - default = 8008; - description = "Port for restic server"; - }; - - openFirewall = mkOption { - type = types.bool; - default = true; - description = "Whether to open firewall for restic server"; - }; - - dataDir = mkOption { - type = types.str; - default = "/var/lib/restic"; - description = "Data directory for restic server"; - }; - - listenAddress = mkOption { - type = types.str; - default = "0.0.0.0"; - description = "Address to bind restic server to"; - }; - - prometheus = mkOption { - type = types.bool; - default = true; - description = "Whether to enable prometheus metrics"; - }; - - htpasswdFile = mkOption { - type = types.nullOr types.str; - default = null; - description = "Path to htpasswd file for authentication"; - }; - - extraFlags = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "Extra flags to pass to restic server"; - }; - }; -} diff --git a/modules/nixos/services/tdarr/default.nix b/modules/nixos/services/tdarr/default.nix index ea50647..92806cc 100755 --- a/modules/nixos/services/tdarr/default.nix +++ b/modules/nixos/services/tdarr/default.nix @@ -6,42 +6,50 @@ }: with lib; let - cfg = config.${namespace}.services.tdarr; -in -{ - imports = [ ./options.nix ]; + inherit (lib.${namespace}) mkOpt; + name = "tdarr"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - - virtualisation.oci-containers.containers.${cfg.name} = { - autoStart = true; - image = cfg.image; - extraOptions = [ "--device=nvidia.com/gpu=0" ]; - volumes = [ - "${cfg.configPath}:/app/configs" - "${cfg.serverPath}:/app/server" - "${cfg.logPath}:/app/logs" - "${cfg.transcodePath}:/temp" - "${cfg.moviesPath}:/data/movies" - "${cfg.tvPath}:/data/tv" - ]; - ports = [ - "${cfg.serverPort}:8266" - "${cfg.webUIPort}:8265" - ]; - environment = { - serverPort = "8266"; - webUIPort = "8265"; - internalNode = "true"; - inContainer = "true"; - ffmpegVersion = "6"; - nodeName = "tdarr node"; - NVIDIA_VISIBLE_DEVICES = "all"; - NVIDIA_DRIVER_CAPABILITIES = "all"; - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; + tdarrConfig = lib.${namespace}.mkModule { + inherit config name; + description = "tdarr"; + options = { + serverPort = mkOpt types.str "8266" "node port"; + }; + moduleConfig = { + virtualisation.oci-containers.containers.${name} = { + autoStart = true; + image = "ghcr.io/haveagitgat/tdarr"; + extraOptions = [ "--device=nvidia.com/gpu=0" ]; + volumes = [ + "${cfg.configDir}/tdarr/config:/app/configs" + "${cfg.configDir}/tdarr/server:/app/server" + "${cfg.configDir}/tdarr/logs:/app/logs" + "${cfg.configDir}/tdarr/transcode:/temp" + "${cfg.dataDir}/movies:/data/movies" + "${cfg.dataDir}/tv:/data/tv" + ]; + ports = [ + "${cfg.serverPort}:8266" + "${cfg.port}:8265" + ]; + environment = { + serverPort = "8266"; + webUIPort = "8265"; + internalNode = "true"; + inContainer = "true"; + ffmpegVersion = "6"; + nodeName = "tdarr node"; + NVIDIA_VISIBLE_DEVICES = "all"; + NVIDIA_DRIVER_CAPABILITIES = "all"; + PUID = cfg.puid; + PGID = cfg.pgid; + TZ = cfg.timeZone; + }; }; }; }; +in +{ + imports = [ tdarrConfig ]; } diff --git a/modules/nixos/services/tdarr/options.nix b/modules/nixos/services/tdarr/options.nix deleted file mode 100755 index a7eea33..0000000 --- a/modules/nixos/services/tdarr/options.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.tdarr = { - enable = mkEnableOption "tdarr docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - serverPort = mkOption { - type = types.str; - default = "8266"; - }; - - webUIPort = mkOption { - type = types.str; - default = "8265"; - }; - - name = mkOption { - type = types.str; - default = "tdarr"; - }; - - image = mkOption { - type = types.str; - default = "ghcr.io/haveagitgat/tdarr"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/main/nix-app-data/tdarr/config"; - }; - - serverPath = mkOption { - type = types.str; - default = "/media/nas/main/nix-app-data/tdarr/server"; - }; - - logPath = mkOption { - type = types.str; - default = "/media/nas/main/nix-app-data/tdarr/logs"; - }; - - transcodePath = mkOption { - type = types.str; - default = "/media/nas/main/nix-app-data/tdarr/transcode"; - }; - - moviesPath = mkOption { - type = types.str; - default = "/media/nas/main/movies"; - }; - - tvPath = mkOption { - type = types.str; - default = "/media/nas/main/tv"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/nixos/services/unmanic/default.nix b/modules/nixos/services/unmanic/default.nix index b0438d8..88df1c3 100644 --- a/modules/nixos/services/unmanic/default.nix +++ b/modules/nixos/services/unmanic/default.nix @@ -7,55 +7,36 @@ with lib; let inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; - cfg = config.${namespace}.services.unmanic; -in -{ - options.${namespace}.services.unmanic = { - enable = mkEnableOption "unmanic service"; + name = "unmanic"; + cfg = config.${namespace}.services.${name}; - name = mkOpt types.str "unmanic" "container name"; - - image = mkOpt types.str "josh5/unmanic" "container image"; - - port = mkOpt types.int 8265 "Port for unmanic to be hosted on"; - - configPath = mkOpt types.str "" "Path to the data dir"; - - moviesPath = mkOpt types.str "" "Path to the data dir"; - - tvPath = mkOpt types.str "" "Path to the data dir"; - - transcodePath = mkOpt types.str "" "Path to the data dir"; - - puid = mkOpt types.str "911" "uid"; - - pgid = mkOpt types.str "1000" "gid"; - - timeZone = mkOpt types.str "America/Chicago" "Timezone"; - - reverseProxy = mkReverseProxyOpt; - }; - - config = mkIf cfg.enable { - - virtualisation.oci-containers.containers.${cfg.name} = { - autoStart = true; - image = cfg.image; - extraOptions = [ "--device=/dev/dri" ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.moviesPath}:/library/movies" - "${cfg.tvPath}:/library/tv" - "${cfg.transcodePath}:/tmp/unmanic" - ]; - ports = [ - "${toString cfg.port}:8888" - ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; + unmanicConfig = lib.${namespace}.mkModule { + inherit config name; + description = "unmanic"; + options = { }; + moduleConfig = { + virtualisation.oci-containers.containers.${name} = { + autoStart = true; + image = "josh5/unmanic"; + extraOptions = [ "--device=/dev/dri" ]; + volumes = [ + "${cfg.configDir}/unmanic:/config" + "${cfg.dataDir}/movies:/library/movies" + "${cfg.dataDir}/tv:/library/tv" + "${cfg.configDir}/unmanic/transcode:/tmp/unmanic" + ]; + ports = [ + "${toString cfg.port}:8888" + ]; + environment = { + PUID = cfg.puid; + PGID = cfg.pgid; + TZ = cfg.timeZone; + }; }; }; }; +in +{ + imports = [ unmanicConfig ]; } diff --git a/modules/nixos/services/uptimekuma/default.nix b/modules/nixos/services/uptimekuma/default.nix index 7ddbf35..4fe6d2f 100644 --- a/modules/nixos/services/uptimekuma/default.nix +++ b/modules/nixos/services/uptimekuma/default.nix @@ -6,67 +6,25 @@ }: with lib; let - inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; - cfg = config.${namespace}.services.uptime-kuma; + name = "uptime-kuma"; + cfg = config.${namespace}.services.${name}; - uptime-kumaConfig = { - services.uptime-kuma = { - enable = true; - appriseSupport = true; - settings = { - HOST = "0.0.0.0"; - PORT = "${toString cfg.port}"; - # DATA_DIR = lib.mkForce cfg.dataDir; + uptime-kumaConfig = lib.${namespace}.mkModule { + inherit config name; + description = "uptime kuma"; + options = { }; + moduleConfig = { + services.uptime-kuma = { + enable = true; + appriseSupport = true; + settings = { + HOST = "0.0.0.0"; + PORT = "${toString cfg.port}"; + }; }; }; - - # systemd.services = { - # uptime-kuma = { - # serviceConfig = { - # WorkingDirectory = lib.mkForce cfg.dataDir; - # StateDirectory = lib.mkForce null; # cfg.dataDir; - # StateDirectoryMode = lib.mkForce 700; - # DynamicUser = lib.mkForce false; - # ProtectSystem = lib.mkForce false; - # }; - # }; - # }; - - # users.users.uptime-kuma = { - # isSystemUser = true; - # group = "uptime-kuma"; - # home = cfg.dataDir; - # }; - # users.groups.uptime-kuma = {}; }; - - # Create reverse proxy configuration using mkReverseProxy - reverseProxyConfig = lib.${namespace}.mkReverseProxy { - name = "uptime-kuma"; - subdomain = cfg.reverseProxy.subdomain; - url = "http://${cfg.localAddress}:${toString cfg.port}"; - middlewares = cfg.reverseProxy.middlewares; - }; - - fullConfig = { - "${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable { - reverseProxies = [ reverseProxyConfig ]; - }; - } - // uptime-kumaConfig; in { - options.${namespace}.services.uptime-kuma = { - enable = mkEnableOption "uptime-kuma service"; - - port = mkOpt types.int 4000 "Port for uptime-kuma to be hosted on"; - - localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; - - dataDir = mkOpt types.str "" "Path to the data dir"; - - reverseProxy = mkReverseProxyOpt; - }; - - config = mkIf cfg.enable fullConfig; + imports = [ uptime-kumaConfig ]; } diff --git a/modules/nixos/services/wyoming/default.nix b/modules/nixos/services/wyoming/default.nix index 65d7e5f..f3c43dd 100755 --- a/modules/nixos/services/wyoming/default.nix +++ b/modules/nixos/services/wyoming/default.nix @@ -6,29 +6,46 @@ }: with lib; let - cfg = config.${namespace}.services.wyoming; -in -{ - imports = [ ./options.nix ]; + name = "wyoming"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - services.wyoming = { - faster-whisper.servers.hass-whisper = { - enable = true; - useTransformers = false; - device = lib.mkForce "auto"; - language = "en"; - model = "distil-large-v3"; - uri = "tcp://0.0.0.0:10300"; + wyomingConfig = lib.${namespace}.mkModule { + inherit config name; + description = "wyoming protocol"; + options = { }; + moduleConfig = { + # Open firewall for protonmail bridge if enabled + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ + 10200 + 10300 + ]; + allowedUDPPorts = [ + 10200 + 10300 + ]; }; - - piper = { - servers.hass-piper = { + services.wyoming = { + faster-whisper.servers.hass-whisper = { enable = true; - voice = "en-us-ryan-high"; - uri = "tcp://0.0.0.0:10200"; + useTransformers = false; + device = lib.mkForce "auto"; + language = "en"; + model = "distil-large-v3"; + uri = "tcp://0.0.0.0:10300"; + }; + + piper = { + servers.hass-piper = { + enable = true; + voice = "en-us-ryan-high"; + uri = "tcp://0.0.0.0:10200"; + }; }; }; }; }; +in +{ + imports = [ wyomingConfig ]; } diff --git a/modules/nixos/services/wyoming/options.nix b/modules/nixos/services/wyoming/options.nix deleted file mode 100644 index 1388279..0000000 --- a/modules/nixos/services/wyoming/options.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.wyoming = { - enable = mkEnableOption "enable wyoming"; - }; -} diff --git a/systems/x86_64-linux/jallen-nas/apps.nix b/systems/x86_64-linux/jallen-nas/apps.nix index ee4cf88..b6d60b4 100755 --- a/systems/x86_64-linux/jallen-nas/apps.nix +++ b/systems/x86_64-linux/jallen-nas/apps.nix @@ -159,30 +159,24 @@ in enable = true; smtpPort = 1025; imapPort = 1143; - user = "admin"; }; restic = { enable = true; port = 8008; - dataDir = "/media/nas/main/backup/restic"; - prometheus = true; - listenAddress = "0.0.0.0"; - htpasswdFile = "/media/nas/main/backup/restic/.htpasswd"; - extraFlags = [ "--no-auth" ]; }; - tdarr = disabled; + tdarr = { + enable = false; + port = 8265; + serverPort = 8266; + }; traefik = enabled; unmanic = { enable = true; - configPath = "/media/nas/main/nix-app-data/unmanic/config"; - moviesPath = "/media/nas/main/movies"; - tvPath = "/media/nas/main/tv"; - transcodePath = "/media/nas/main/nix-app-data/unmanic/transcode"; + port = 8265; }; uptime-kuma = { enable = true; port = 3001; - dataDir = "/media/nas/main/nix-app-data/uptime-kuma"; }; wyoming = enabled; }; diff --git a/systems/x86_64-linux/jallen-nas/sops.nix b/systems/x86_64-linux/jallen-nas/sops.nix index 675ab57..8da772c 100755 --- a/systems/x86_64-linux/jallen-nas/sops.nix +++ b/systems/x86_64-linux/jallen-nas/sops.nix @@ -289,7 +289,7 @@ in mode = "0650"; owner = config.users.users."${user}".name; group = config.users.users."${user}".group; - restartUnits = [ "container@paperless.service" ]; + restartUnits = [ "paperless-web.service" ]; }; }; };