mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mkModule various + fixes

Browse Source
This commit is contained in:
mjallen18
2025-12-18 17:20:21 -06:00
parent e0b1e72431
commit 05486efb75
14 changed files with 200 additions and 398 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/nixos/services/ersatztv/default.nix
View File

@@ -21,7 +21,7 @@ let
volumes = [ volumes = [
"${cfg.configDir}/ersatztv:/config" "${cfg.configDir}/ersatztv:/config"
"${cfg.dataDir}/movies:/libraries/movies" "${cfg.dataDir}/movies:/libraries/movies"
"${cfg.dataDir}/movies:/libraries/tv" "${cfg.dataDir}/tv:/libraries/tv"
"${cfg.configDir}/transcode:/transcode" "${cfg.configDir}/transcode:/transcode"
]; ];
ports = [ ports = [

4
modules/nixos/services/paperless/default.nix
View File

@@ -23,8 +23,8 @@ let
# user = "nix-apps"; # user = "nix-apps";
address = cfg.listenAddress; address = cfg.listenAddress;
dataDir = "${cfg.configDir}/paperless"; dataDir = "${cfg.configDir}/paperless";
passwordFile = "${cfg.configDir}/paperless/paperless-password"; # passwordFile = "${cfg.configDir}/paperless/paperless-passwords";
# environmentFile = paperlessEnv; environmentFile = config.sops.templates."paperless.env".path;
domain = "paperless.mjallen.dev"; domain = "paperless.mjallen.dev";
database.createLocally = true; database.createLocally = true;
}; };

20
modules/nixos/services/protonmail-bridge/default.nix
View File

@@ -7,12 +7,18 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.protonmail-bridge; inherit (lib.${namespace}) mkOpt;
in name = "protonmail-bridge";
{ cfg = config.${namespace}.services.${name};
imports = [ ./options.nix ];
config = mkIf cfg.enable { protonmailConfig = lib.${namespace}.mkModule {
inherit config name;
description = "protonmail bridge";
options = {
imapPort = mkOpt types.int 1025 "imap port";
smtpPort = mkOpt types.int 1143 "smtp port";
};
moduleConfig = {
# Open firewall for protonmail bridge if enabled # Open firewall for protonmail bridge if enabled
networking.firewall = mkIf cfg.openFirewall { networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ allowedTCPPorts = [
@@ -58,4 +64,8 @@ in
enableSSHSupport = true; enableSSHSupport = true;
}; };
}; };
};
in
{
imports = [ protonmailConfig ];
} }

31
modules/nixos/services/protonmail-bridge/options.nix
View File

@@ -1,31 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.protonmail-bridge = {
enable = mkEnableOption "protonmail bridge service";
smtpPort = mkOption {
type = types.port;
default = 1025;
description = "SMTP port for protonmail bridge";
};
imapPort = mkOption {
type = types.port;
default = 1143;
description = "IMAP port for protonmail bridge";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open firewall for protonmail bridge";
};
user = mkOption {
type = types.str;
default = "admin";
description = "User to run protonmail bridge as";
};
};
}

32
modules/nixos/services/restic/default.nix
View File

@@ -6,28 +6,26 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.restic; name = "restic";
in cfg = config.${namespace}.services.${name};
{
imports = [ ./options.nix ];
config = mkIf cfg.enable { resticConfig = lib.${namespace}.mkModule {
inherit config name;
description = "restic";
options = { };
moduleConfig = {
# Configure the standard NixOS restic server service # Configure the standard NixOS restic server service
services.restic.server = { services.restic.server = {
enable = true; enable = true;
dataDir = cfg.dataDir; dataDir = "${cfg.dataDir}/backup/restic";
prometheus = cfg.prometheus; prometheus = true;
listenAddress = "${cfg.listenAddress}:${toString cfg.port}"; listenAddress = "${cfg.listenAddress}:${toString cfg.port}";
extraFlags = cfg.extraFlags; htpasswd-file = "${cfg.dataDir}/backup/restic/.htpasswd";
} extraFlags = [ "--no-auth" ];
// optionalAttrs (cfg.htpasswdFile != null) {
htpasswd-file = cfg.htpasswdFile;
};
# Open firewall for restic server if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
}; };
}; };
};
in
{
imports = [ resticConfig ];
} }

49
modules/nixos/services/restic/options.nix
View File

@@ -1,49 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.restic = {
enable = mkEnableOption "restic server with enhanced configuration";
port = mkOption {
type = types.port;
default = 8008;
description = "Port for restic server";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open firewall for restic server";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/restic";
description = "Data directory for restic server";
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = "Address to bind restic server to";
};
prometheus = mkOption {
type = types.bool;
default = true;
description = "Whether to enable prometheus metrics";
};
htpasswdFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to htpasswd file for authentication";
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [ ];
description = "Extra flags to pass to restic server";
};
};
}

38
modules/nixos/services/tdarr/default.nix
View File

@@ -6,28 +6,32 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.tdarr; inherit (lib.${namespace}) mkOpt;
in name = "tdarr";
{ cfg = config.${namespace}.services.${name};
imports = [ ./options.nix ];
config = mkIf cfg.enable { tdarrConfig = lib.${namespace}.mkModule {
inherit config name;
virtualisation.oci-containers.containers.${cfg.name} = { description = "tdarr";
options = {
serverPort = mkOpt types.str "8266" "node port";
};
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true; autoStart = true;
image = cfg.image; image = "ghcr.io/haveagitgat/tdarr";
extraOptions = [ "--device=nvidia.com/gpu=0" ]; extraOptions = [ "--device=nvidia.com/gpu=0" ];
volumes = [ volumes = [
"${cfg.configPath}:/app/configs" "${cfg.configDir}/tdarr/config:/app/configs"
"${cfg.serverPath}:/app/server" "${cfg.configDir}/tdarr/server:/app/server"
"${cfg.logPath}:/app/logs" "${cfg.configDir}/tdarr/logs:/app/logs"
"${cfg.transcodePath}:/temp" "${cfg.configDir}/tdarr/transcode:/temp"
"${cfg.moviesPath}:/data/movies" "${cfg.dataDir}/movies:/data/movies"
"${cfg.tvPath}:/data/tv" "${cfg.dataDir}/tv:/data/tv"
]; ];
ports = [ ports = [
"${cfg.serverPort}:8266" "${cfg.serverPort}:8266"
"${cfg.webUIPort}:8265" "${cfg.port}:8265"
]; ];
environment = { environment = {
serverPort = "8266"; serverPort = "8266";
@@ -44,4 +48,8 @@ in
}; };
}; };
}; };
};
in
{
imports = [ tdarrConfig ];
} }

77
modules/nixos/services/tdarr/options.nix
View File

@@ -1,77 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.tdarr = {
enable = mkEnableOption "tdarr docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
serverPort = mkOption {
type = types.str;
default = "8266";
};
webUIPort = mkOption {
type = types.str;
default = "8265";
};
name = mkOption {
type = types.str;
default = "tdarr";
};
image = mkOption {
type = types.str;
default = "ghcr.io/haveagitgat/tdarr";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/config";
};
serverPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/server";
};
logPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/logs";
};
transcodePath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/transcode";
};
moviesPath = mkOption {
type = types.str;
default = "/media/nas/main/movies";
};
tvPath = mkOption {
type = types.str;
default = "/media/nas/main/tv";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

53
modules/nixos/services/unmanic/default.nix
View File

@@ -7,46 +7,23 @@
with lib; with lib;
let let
inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; inherit (lib.${namespace}) mkOpt mkReverseProxyOpt;
cfg = config.${namespace}.services.unmanic; name = "unmanic";
in cfg = config.${namespace}.services.${name};
{
options.${namespace}.services.unmanic = {
enable = mkEnableOption "unmanic service";
name = mkOpt types.str "unmanic" "container name"; unmanicConfig = lib.${namespace}.mkModule {
inherit config name;
image = mkOpt types.str "josh5/unmanic" "container image"; description = "unmanic";
options = { };
port = mkOpt types.int 8265 "Port for unmanic to be hosted on"; moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
configPath = mkOpt types.str "" "Path to the data dir";
moviesPath = mkOpt types.str "" "Path to the data dir";
tvPath = mkOpt types.str "" "Path to the data dir";
transcodePath = mkOpt types.str "" "Path to the data dir";
puid = mkOpt types.str "911" "uid";
pgid = mkOpt types.str "1000" "gid";
timeZone = mkOpt types.str "America/Chicago" "Timezone";
reverseProxy = mkReverseProxyOpt;
};
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.${cfg.name} = {
autoStart = true; autoStart = true;
image = cfg.image; image = "josh5/unmanic";
extraOptions = [ "--device=/dev/dri" ]; extraOptions = [ "--device=/dev/dri" ];
volumes = [ volumes = [
"${cfg.configPath}:/config" "${cfg.configDir}/unmanic:/config"
"${cfg.moviesPath}:/library/movies" "${cfg.dataDir}/movies:/library/movies"
"${cfg.tvPath}:/library/tv" "${cfg.dataDir}/tv:/library/tv"
"${cfg.transcodePath}:/tmp/unmanic" "${cfg.configDir}/unmanic/transcode:/tmp/unmanic"
]; ];
ports = [ ports = [
"${toString cfg.port}:8888" "${toString cfg.port}:8888"
@@ -58,4 +35,8 @@ in
}; };
}; };
}; };
};
in
{
imports = [ unmanicConfig ];
} }

58
modules/nixos/services/uptimekuma/default.nix
View File

@@ -6,67 +6,25 @@
}: }:
with lib; with lib;
let let
inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; name = "uptime-kuma";
cfg = config.${namespace}.services.uptime-kuma; cfg = config.${namespace}.services.${name};
uptime-kumaConfig = { uptime-kumaConfig = lib.${namespace}.mkModule {
inherit config name;
description = "uptime kuma";
options = { };
moduleConfig = {
services.uptime-kuma = { services.uptime-kuma = {
enable = true; enable = true;
appriseSupport = true; appriseSupport = true;
settings = { settings = {
HOST = "0.0.0.0"; HOST = "0.0.0.0";
PORT = "${toString cfg.port}"; PORT = "${toString cfg.port}";
# DATA_DIR = lib.mkForce cfg.dataDir;
}; };
}; };
# systemd.services = {
# uptime-kuma = {
# serviceConfig = {
# WorkingDirectory = lib.mkForce cfg.dataDir;
# StateDirectory = lib.mkForce null; # cfg.dataDir;
# StateDirectoryMode = lib.mkForce 700;
# DynamicUser = lib.mkForce false;
# ProtectSystem = lib.mkForce false;
# };
# };
# };
# users.users.uptime-kuma = {
# isSystemUser = true;
# group = "uptime-kuma";
# home = cfg.dataDir;
# };
# users.groups.uptime-kuma = {};
}; };
# Create reverse proxy configuration using mkReverseProxy
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
name = "uptime-kuma";
subdomain = cfg.reverseProxy.subdomain;
url = "http://${cfg.localAddress}:${toString cfg.port}";
middlewares = cfg.reverseProxy.middlewares;
}; };
fullConfig = {
"${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable {
reverseProxies = [ reverseProxyConfig ];
};
}
// uptime-kumaConfig;
in in
{ {
options.${namespace}.services.uptime-kuma = { imports = [ uptime-kumaConfig ];
enable = mkEnableOption "uptime-kuma service";
port = mkOpt types.int 4000 "Port for uptime-kuma to be hosted on";
localAddress = mkOpt types.str "127.0.0.1" "local address of the service";
dataDir = mkOpt types.str "" "Path to the data dir";
reverseProxy = mkReverseProxyOpt;
};
config = mkIf cfg.enable fullConfig;
} }

27
modules/nixos/services/wyoming/default.nix
View File

@@ -6,12 +6,25 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.wyoming; name = "wyoming";
in cfg = config.${namespace}.services.${name};
{
imports = [ ./options.nix ];
config = mkIf cfg.enable { wyomingConfig = lib.${namespace}.mkModule {
inherit config name;
description = "wyoming protocol";
options = { };
moduleConfig = {
# Open firewall for protonmail bridge if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [
10200
10300
];
allowedUDPPorts = [
10200
10300
];
};
services.wyoming = { services.wyoming = {
faster-whisper.servers.hass-whisper = { faster-whisper.servers.hass-whisper = {
enable = true; enable = true;
@@ -31,4 +44,8 @@ in
}; };
}; };
}; };
};
in
{
imports = [ wyomingConfig ];
} }

7
modules/nixos/services/wyoming/options.nix
View File

@@ -1,7 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.wyoming = {
enable = mkEnableOption "enable wyoming";
};
}

18
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -159,30 +159,24 @@ in
enable = true; enable = true;
smtpPort = 1025; smtpPort = 1025;
imapPort = 1143; imapPort = 1143;
user = "admin";
}; };
restic = { restic = {
enable = true; enable = true;
port = 8008; port = 8008;
dataDir = "/media/nas/main/backup/restic";
prometheus = true;
listenAddress = "0.0.0.0";
htpasswdFile = "/media/nas/main/backup/restic/.htpasswd";
extraFlags = [ "--no-auth" ];
}; };
tdarr = disabled; tdarr = {
enable = false;
port = 8265;
serverPort = 8266;
};
traefik = enabled; traefik = enabled;
unmanic = { unmanic = {
enable = true; enable = true;
configPath = "/media/nas/main/nix-app-data/unmanic/config"; port = 8265;
moviesPath = "/media/nas/main/movies";
tvPath = "/media/nas/main/tv";
transcodePath = "/media/nas/main/nix-app-data/unmanic/transcode";
}; };
uptime-kuma = { uptime-kuma = {
enable = true; enable = true;
port = 3001; port = 3001;
dataDir = "/media/nas/main/nix-app-data/uptime-kuma";
}; };
wyoming = enabled; wyoming = enabled;
}; };

2
systems/x86_64-linux/jallen-nas/sops.nix
View File

@@ -289,7 +289,7 @@ in
mode = "0650"; mode = "0650";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
restartUnits = [ "container@paperless.service" ]; restartUnits = [ "paperless-web.service" ];
}; };
}; };
}; };