mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mkModule various + fixes

Browse Source
This commit is contained in:
mjallen18
2025-12-18 17:20:21 -06:00
parent e0b1e72431
commit 05486efb75
14 changed files with 200 additions and 398 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/nixos/services/ersatztv/default.nix
View File

@@ -21,7 +21,7 @@ let
volumes = [ volumes = [
"${cfg.configDir}/ersatztv:/config" "${cfg.configDir}/ersatztv:/config"
"${cfg.dataDir}/movies:/libraries/movies" "${cfg.dataDir}/movies:/libraries/movies"
"${cfg.dataDir}/movies:/libraries/tv" "${cfg.dataDir}/tv:/libraries/tv"
"${cfg.configDir}/transcode:/transcode" "${cfg.configDir}/transcode:/transcode"
]; ];
ports = [ ports = [

4
modules/nixos/services/paperless/default.nix
View File

@@ -23,8 +23,8 @@ let
# user = "nix-apps"; # user = "nix-apps";
address = cfg.listenAddress; address = cfg.listenAddress;
dataDir = "${cfg.configDir}/paperless"; dataDir = "${cfg.configDir}/paperless";
passwordFile = "${cfg.configDir}/paperless/paperless-password"; # passwordFile = "${cfg.configDir}/paperless/paperless-passwords";
# environmentFile = paperlessEnv; environmentFile = config.sops.templates."paperless.env".path;
domain = "paperless.mjallen.dev"; domain = "paperless.mjallen.dev";
database.createLocally = true; database.createLocally = true;
}; };

92
modules/nixos/services/protonmail-bridge/default.nix
View File

@@ -7,55 +7,65 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.protonmail-bridge; inherit (lib.${namespace}) mkOpt;
in name = "protonmail-bridge";
{ cfg = config.${namespace}.services.${name};
imports = [ ./options.nix ];
config = mkIf cfg.enable { protonmailConfig = lib.${namespace}.mkModule {
# Open firewall for protonmail bridge if enabled inherit config name;
networking.firewall = mkIf cfg.openFirewall { description = "protonmail bridge";
allowedTCPPorts = [ options = {
cfg.smtpPort imapPort = mkOpt types.int 1025 "imap port";
cfg.imapPort smtpPort = mkOpt types.int 1143 "smtp port";
];
allowedUDPPorts = [
cfg.smtpPort
cfg.imapPort
];
}; };
moduleConfig = {
# Install protonmail-bridge package # Open firewall for protonmail bridge if enabled
environment.systemPackages = with pkgs; [ networking.firewall = mkIf cfg.openFirewall {
protonmail-bridge allowedTCPPorts = [
gnome-keyring cfg.smtpPort
gnupg cfg.imapPort
pass ];
]; allowedUDPPorts = [
cfg.smtpPort
# Configure systemd user service for protonmail-bridge cfg.imapPort
systemd.user.services.protonmail-bridge = { ];
description = "Protonmail Bridge";
enable = true;
environment = {
GNUPGHOME = "%h/.gnupg";
PASSWORD_STORE_DIR = "%h/.password-store";
}; };
script = "${lib.getExe pkgs.protonmail-bridge} --noninteractive";
path = with pkgs; [ # Install protonmail-bridge package
environment.systemPackages = with pkgs; [
protonmail-bridge
gnome-keyring gnome-keyring
gnupg gnupg
pass pass
protonmail-bridge
]; ];
wantedBy = [ "default.target" ];
after = [ "gpg-agent.service" ];
};
# Configure gpg-agent # Configure systemd user service for protonmail-bridge
programs.gnupg.agent = { systemd.user.services.protonmail-bridge = {
enable = true; description = "Protonmail Bridge";
enableSSHSupport = true; enable = true;
environment = {
GNUPGHOME = "%h/.gnupg";
PASSWORD_STORE_DIR = "%h/.password-store";
};
script = "${lib.getExe pkgs.protonmail-bridge} --noninteractive";
path = with pkgs; [
gnome-keyring
gnupg
pass
protonmail-bridge
];
wantedBy = [ "default.target" ];
after = [ "gpg-agent.service" ];
};
# Configure gpg-agent
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
}; };
}; };
in
{
imports = [ protonmailConfig ];
} }

31
modules/nixos/services/protonmail-bridge/options.nix
View File

@@ -1,31 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.protonmail-bridge = {
enable = mkEnableOption "protonmail bridge service";
smtpPort = mkOption {
type = types.port;
default = 1025;
description = "SMTP port for protonmail bridge";
};
imapPort = mkOption {
type = types.port;
default = 1143;
description = "IMAP port for protonmail bridge";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open firewall for protonmail bridge";
};
user = mkOption {
type = types.str;
default = "admin";
description = "User to run protonmail bridge as";
};
};
}

40
modules/nixos/services/restic/default.nix
View File

@@ -6,28 +6,26 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.restic; name = "restic";
in cfg = config.${namespace}.services.${name};
{
imports = [ ./options.nix ];
config = mkIf cfg.enable { resticConfig = lib.${namespace}.mkModule {
# Configure the standard NixOS restic server service inherit config name;
services.restic.server = { description = "restic";
enable = true; options = { };
dataDir = cfg.dataDir; moduleConfig = {
prometheus = cfg.prometheus; # Configure the standard NixOS restic server service
listenAddress = "${cfg.listenAddress}:${toString cfg.port}"; services.restic.server = {
extraFlags = cfg.extraFlags; enable = true;
} dataDir = "${cfg.dataDir}/backup/restic";
// optionalAttrs (cfg.htpasswdFile != null) { prometheus = true;
htpasswd-file = cfg.htpasswdFile; listenAddress = "${cfg.listenAddress}:${toString cfg.port}";
}; htpasswd-file = "${cfg.dataDir}/backup/restic/.htpasswd";
extraFlags = [ "--no-auth" ];
# Open firewall for restic server if enabled };
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
}; };
}; };
in
{
imports = [ resticConfig ];
} }

49
modules/nixos/services/restic/options.nix
View File

@@ -1,49 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.restic = {
enable = mkEnableOption "restic server with enhanced configuration";
port = mkOption {
type = types.port;
default = 8008;
description = "Port for restic server";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open firewall for restic server";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/restic";
description = "Data directory for restic server";
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = "Address to bind restic server to";
};
prometheus = mkOption {
type = types.bool;
default = true;
description = "Whether to enable prometheus metrics";
};
htpasswdFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "Path to htpasswd file for authentication";
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [ ];
description = "Extra flags to pass to restic server";
};
};
}

76
modules/nixos/services/tdarr/default.nix
View File

@@ -6,42 +6,50 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.tdarr; inherit (lib.${namespace}) mkOpt;
in name = "tdarr";
{ cfg = config.${namespace}.services.${name};
imports = [ ./options.nix ];
config = mkIf cfg.enable { tdarrConfig = lib.${namespace}.mkModule {
inherit config name;
virtualisation.oci-containers.containers.${cfg.name} = { description = "tdarr";
autoStart = true; options = {
image = cfg.image; serverPort = mkOpt types.str "8266" "node port";
extraOptions = [ "--device=nvidia.com/gpu=0" ]; };
volumes = [ moduleConfig = {
"${cfg.configPath}:/app/configs" virtualisation.oci-containers.containers.${name} = {
"${cfg.serverPath}:/app/server" autoStart = true;
"${cfg.logPath}:/app/logs" image = "ghcr.io/haveagitgat/tdarr";
"${cfg.transcodePath}:/temp" extraOptions = [ "--device=nvidia.com/gpu=0" ];
"${cfg.moviesPath}:/data/movies" volumes = [
"${cfg.tvPath}:/data/tv" "${cfg.configDir}/tdarr/config:/app/configs"
]; "${cfg.configDir}/tdarr/server:/app/server"
ports = [ "${cfg.configDir}/tdarr/logs:/app/logs"
"${cfg.serverPort}:8266" "${cfg.configDir}/tdarr/transcode:/temp"
"${cfg.webUIPort}:8265" "${cfg.dataDir}/movies:/data/movies"
]; "${cfg.dataDir}/tv:/data/tv"
environment = { ];
serverPort = "8266"; ports = [
webUIPort = "8265"; "${cfg.serverPort}:8266"
internalNode = "true"; "${cfg.port}:8265"
inContainer = "true"; ];
ffmpegVersion = "6"; environment = {
nodeName = "tdarr node"; serverPort = "8266";
NVIDIA_VISIBLE_DEVICES = "all"; webUIPort = "8265";
NVIDIA_DRIVER_CAPABILITIES = "all"; internalNode = "true";
PUID = cfg.puid; inContainer = "true";
PGID = cfg.pgid; ffmpegVersion = "6";
TZ = cfg.timeZone; nodeName = "tdarr node";
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
}; };
}; };
}; };
in
{
imports = [ tdarrConfig ];
} }

77
modules/nixos/services/tdarr/options.nix
View File

@@ -1,77 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.tdarr = {
enable = mkEnableOption "tdarr docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
serverPort = mkOption {
type = types.str;
default = "8266";
};
webUIPort = mkOption {
type = types.str;
default = "8265";
};
name = mkOption {
type = types.str;
default = "tdarr";
};
image = mkOption {
type = types.str;
default = "ghcr.io/haveagitgat/tdarr";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/config";
};
serverPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/server";
};
logPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/logs";
};
transcodePath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/tdarr/transcode";
};
moviesPath = mkOption {
type = types.str;
default = "/media/nas/main/movies";
};
tvPath = mkOption {
type = types.str;
default = "/media/nas/main/tv";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

75
modules/nixos/services/unmanic/default.nix
View File

@@ -7,55 +7,36 @@
with lib; with lib;
let let
inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; inherit (lib.${namespace}) mkOpt mkReverseProxyOpt;
cfg = config.${namespace}.services.unmanic; name = "unmanic";
in cfg = config.${namespace}.services.${name};
{
options.${namespace}.services.unmanic = {
enable = mkEnableOption "unmanic service";
name = mkOpt types.str "unmanic" "container name"; unmanicConfig = lib.${namespace}.mkModule {
inherit config name;
image = mkOpt types.str "josh5/unmanic" "container image"; description = "unmanic";
options = { };
port = mkOpt types.int 8265 "Port for unmanic to be hosted on"; moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
configPath = mkOpt types.str "" "Path to the data dir"; autoStart = true;
image = "josh5/unmanic";
moviesPath = mkOpt types.str "" "Path to the data dir"; extraOptions = [ "--device=/dev/dri" ];
volumes = [
tvPath = mkOpt types.str "" "Path to the data dir"; "${cfg.configDir}/unmanic:/config"
"${cfg.dataDir}/movies:/library/movies"
transcodePath = mkOpt types.str "" "Path to the data dir"; "${cfg.dataDir}/tv:/library/tv"
"${cfg.configDir}/unmanic/transcode:/tmp/unmanic"
puid = mkOpt types.str "911" "uid"; ];
ports = [
pgid = mkOpt types.str "1000" "gid"; "${toString cfg.port}:8888"
];
timeZone = mkOpt types.str "America/Chicago" "Timezone"; environment = {
PUID = cfg.puid;
reverseProxy = mkReverseProxyOpt; PGID = cfg.pgid;
}; TZ = cfg.timeZone;
};
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.${cfg.name} = {
autoStart = true;
image = cfg.image;
extraOptions = [ "--device=/dev/dri" ];
volumes = [
"${cfg.configPath}:/config"
"${cfg.moviesPath}:/library/movies"
"${cfg.tvPath}:/library/tv"
"${cfg.transcodePath}:/tmp/unmanic"
];
ports = [
"${toString cfg.port}:8888"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
}; };
}; };
}; };
in
{
imports = [ unmanicConfig ];
} }

72
modules/nixos/services/uptimekuma/default.nix
View File

@@ -6,67 +6,25 @@
}: }:
with lib; with lib;
let let
inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; name = "uptime-kuma";
cfg = config.${namespace}.services.uptime-kuma; cfg = config.${namespace}.services.${name};
uptime-kumaConfig = { uptime-kumaConfig = lib.${namespace}.mkModule {
services.uptime-kuma = { inherit config name;
enable = true; description = "uptime kuma";
appriseSupport = true; options = { };
settings = { moduleConfig = {
HOST = "0.0.0.0"; services.uptime-kuma = {
PORT = "${toString cfg.port}"; enable = true;
# DATA_DIR = lib.mkForce cfg.dataDir; appriseSupport = true;
settings = {
HOST = "0.0.0.0";
PORT = "${toString cfg.port}";
};
}; };
}; };
# systemd.services = {
# uptime-kuma = {
# serviceConfig = {
# WorkingDirectory = lib.mkForce cfg.dataDir;
# StateDirectory = lib.mkForce null; # cfg.dataDir;
# StateDirectoryMode = lib.mkForce 700;
# DynamicUser = lib.mkForce false;
# ProtectSystem = lib.mkForce false;
# };
# };
# };
# users.users.uptime-kuma = {
# isSystemUser = true;
# group = "uptime-kuma";
# home = cfg.dataDir;
# };
# users.groups.uptime-kuma = {};
}; };
# Create reverse proxy configuration using mkReverseProxy
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
name = "uptime-kuma";
subdomain = cfg.reverseProxy.subdomain;
url = "http://${cfg.localAddress}:${toString cfg.port}";
middlewares = cfg.reverseProxy.middlewares;
};
fullConfig = {
"${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable {
reverseProxies = [ reverseProxyConfig ];
};
}
// uptime-kumaConfig;
in in
{ {
options.${namespace}.services.uptime-kuma = { imports = [ uptime-kumaConfig ];
enable = mkEnableOption "uptime-kuma service";
port = mkOpt types.int 4000 "Port for uptime-kuma to be hosted on";
localAddress = mkOpt types.str "127.0.0.1" "local address of the service";
dataDir = mkOpt types.str "" "Path to the data dir";
reverseProxy = mkReverseProxyOpt;
};
config = mkIf cfg.enable fullConfig;
} }

53
modules/nixos/services/wyoming/default.nix
View File

@@ -6,29 +6,46 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.wyoming; name = "wyoming";
in cfg = config.${namespace}.services.${name};
{
imports = [ ./options.nix ];
config = mkIf cfg.enable { wyomingConfig = lib.${namespace}.mkModule {
services.wyoming = { inherit config name;
faster-whisper.servers.hass-whisper = { description = "wyoming protocol";
enable = true; options = { };
useTransformers = false; moduleConfig = {
device = lib.mkForce "auto"; # Open firewall for protonmail bridge if enabled
language = "en"; networking.firewall = mkIf cfg.openFirewall {
model = "distil-large-v3"; allowedTCPPorts = [
uri = "tcp://0.0.0.0:10300"; 10200
10300
];
allowedUDPPorts = [
10200
10300
];
}; };
services.wyoming = {
piper = { faster-whisper.servers.hass-whisper = {
servers.hass-piper = {
enable = true; enable = true;
voice = "en-us-ryan-high"; useTransformers = false;
uri = "tcp://0.0.0.0:10200"; device = lib.mkForce "auto";
language = "en";
model = "distil-large-v3";
uri = "tcp://0.0.0.0:10300";
};
piper = {
servers.hass-piper = {
enable = true;
voice = "en-us-ryan-high";
uri = "tcp://0.0.0.0:10200";
};
}; };
}; };
}; };
}; };
in
{
imports = [ wyomingConfig ];
} }

7
modules/nixos/services/wyoming/options.nix
View File

@@ -1,7 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.wyoming = {
enable = mkEnableOption "enable wyoming";
};
}

18
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -159,30 +159,24 @@ in
enable = true; enable = true;
smtpPort = 1025; smtpPort = 1025;
imapPort = 1143; imapPort = 1143;
user = "admin";
}; };
restic = { restic = {
enable = true; enable = true;
port = 8008; port = 8008;
dataDir = "/media/nas/main/backup/restic";
prometheus = true;
listenAddress = "0.0.0.0";
htpasswdFile = "/media/nas/main/backup/restic/.htpasswd";
extraFlags = [ "--no-auth" ];
}; };
tdarr = disabled; tdarr = {
enable = false;
port = 8265;
serverPort = 8266;
};
traefik = enabled; traefik = enabled;
unmanic = { unmanic = {
enable = true; enable = true;
configPath = "/media/nas/main/nix-app-data/unmanic/config"; port = 8265;
moviesPath = "/media/nas/main/movies";
tvPath = "/media/nas/main/tv";
transcodePath = "/media/nas/main/nix-app-data/unmanic/transcode";
}; };
uptime-kuma = { uptime-kuma = {
enable = true; enable = true;
port = 3001; port = 3001;
dataDir = "/media/nas/main/nix-app-data/uptime-kuma";
}; };
wyoming = enabled; wyoming = enabled;
}; };

2
systems/x86_64-linux/jallen-nas/sops.nix
View File

@@ -289,7 +289,7 @@ in
mode = "0650"; mode = "0650";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
restartUnits = [ "container@paperless.service" ]; restartUnits = [ "paperless-web.service" ];
}; };
}; };
}; };