mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mkModule migration begin

Browse Source
This commit is contained in:
mjallen18
2025-12-14 22:47:59 -06:00
parent fedba849a7
commit 3dc1055b54
3 changed files with 169 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
lib/module/default.nix
View File

@@ -64,23 +64,23 @@ rec {
};
services = {
# postgresql = lib.mkIf cfg.configureDb {
# enable = true;
# ensureDatabases = [ name ];
# ensureUsers = [
# {
# name = name;
# ensureDBOwnership = true;
# }
# ];
# };
postgresql = lib.mkIf cfg.configureDb {
enable = true;
ensureDatabases = [ name ];
ensureUsers = [
{
name = name;
ensureDBOwnership = true;
}
];
};
};
systemd.tmpfiles.rules = [
"d ${cfg.configDir} 0700 ${name} ${name} - -"
"d ${cfg.configDir}/server-files 0700 ${name} ${name} - -"
"d ${cfg.configDir}/user-files 0700 ${name} ${name} - -"
];
# systemd.tmpfiles.rules = [
# "d ${cfg.configDir} 0700 ${name} ${name} - -"
# # "d ${cfg.configDir}/server-files 0775 ${name} ${name} - -"
# # "d ${cfg.configDir}/user-files 0775 ${name} ${name} - -"
# ];
} // moduleConfig;
in
{ config, lib, ... }:

114
modules/nixos/services/authentik/default.nix
View File

@@ -6,68 +6,68 @@
}:
with lib;
let
cfg = config.${namespace}.services.authentik;
in
{
imports = [ ./options.nix ];
name = "authentik";
cfg = config.${namespace}.services.${name};
config = mkIf cfg.enable {
services.authentik = {
enable = true;
environmentFile = cfg.environmentFile;
settings = {
port = cfg.port;
authentikConfig = lib.${namespace}.mkModule {
inherit config name;
description = "authentik Service";
options = { };
moduleConfig = {
services = {
authentik = {
enable = true;
environmentFile = cfg.environmentFile;
settings = {
port = cfg.port;
};
};
redis.servers.authentik = {
enable = mkDefault true;
port = mkDefault 6379;
};
# postgresql = {
# enable = mkDefault true;
# ensureDatabases = [ name ];
# ensureUsers = [
# {
# name = name;
# ensureDBOwnership = true;
# }
# ];
# };
};
};
# Open firewall for authentik if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [
cfg.port
4822
];
allowedUDPPorts = [
cfg.port
4822
];
};
# Open firewall for authentik if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [
4822
];
allowedUDPPorts = [
4822
];
};
# Ensure PostgreSQL is configured for authentik
services.postgresql = {
enable = mkDefault true;
ensureDatabases = [ "authentik" ];
ensureUsers = [
{
name = "authentik";
ensureDBOwnership = true;
}
];
};
# Ensure Redis is configured for authentik
services.redis.servers.authentik = {
enable = mkDefault true;
port = mkDefault 6379;
};
virtualisation.oci-containers.containers.authentik_rac = {
autoStart = true;
image = "ghcr.io/goauthentik/rac";
ports = [ "4822:4822" ];
volumes = [
"/media/nas/main/nix-app-data/authentik-rac:/media"
];
# environmentFiles = [
# "/media/nas/main/nix-app-data/lubelogger/lubelogger.env"
# ];
environment = {
AUTHENTIK_HOST = "https://authentik.mjallen.dev";
AUTHENTIK_TOKEN = "0XGkB2pXoOTqcCMAjucAtfamvlsIZCPmy1Zri54Ozjj3zzMCvcLwkQPrukfx";
AUTHENTIK_INSECURE = "false"; # Set to true for self-signed certs
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
virtualisation.oci-containers.containers.authentik_rac = {
autoStart = true;
image = "ghcr.io/goauthentik/rac";
ports = [ "4822:4822" ];
volumes = [
"${cfg.configDir}/authentik-rac:/media"
];
environment = {
AUTHENTIK_HOST = "https://${name}.mjallen.dev";
AUTHENTIK_TOKEN = "0XGkB2pXoOTqcCMAjucAtfamvlsIZCPmy1Zri54Ozjj3zzMCvcLwkQPrukfx";
AUTHENTIK_INSECURE = "false"; # Set to true for self-signed certs
PUID = toString cfg.puid;
PGID = toString cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
in
{
imports = [ authentikConfig ];
}

248
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -1,29 +1,10 @@
{ config, namespace, ... }:
{ config, lib, namespace, ... }:
let
inherit (lib.${namespace}) enabled disabled;
in
{
${namespace} = {
services = {
# Existing properly namespaced services
immich.enable = true;
jellyfin.enable = true;
jellyseerr = {
enable = true;
dataDir = "/media/nas/main/nix-app-data/jellyseerr";
};
lubelogger.enable = true;
nextcloud.enable = true;
opencloud = {
enable = true;
port = 9200;
reverseProxy.enable = true;
};
onlyoffice.enable = false;
collabora.enable = true;
ai.enable = true;
paperless.enable = true;
traefik.enable = true;
wyoming.enable = true;
# Newly migrated services
actual = {
enable = true;
port = 3333;
@@ -37,51 +18,20 @@
];
};
};
ocis.enable = false;
ersatztv = {
ai = enabled;
arrs = enabled;
attic = {
enable = true;
configPath = "/media/nas/main/nix-app-data/ersatztv";
moviesPath = "/media/nas/main/movies";
tvPath = "/media/nas/main/tv";
transcodePath = "/media/nas/main/nix-app-data/transcode";
port = 9012;
listenAddress = "[::]";
environmentFile = "/run/secrets/jallen-nas/attic-key";
};
arrs = {
authentik = {
enable = true;
localAddress = "10.0.1.51";
downloadsDir = "/media/nas/main/ssd_app_data/downloads";
incompleteDownloadsDir = "/media/nas/main/ssd_app_data/downloads-incomplete";
moviesDir = "/media/nas/main/movies";
tvDir = "/media/nas/main/tv";
isosDir = "/media/nas/main/isos";
radarr = {
enable = true;
port = 7878;
dataDir = "/media/nas/main/nix-app-data/radarr";
};
sonarr = {
enable = true;
port = 8989;
dataDir = "/media/nas/main/nix-app-data/sonarr";
};
sabnzbd = {
enable = true;
port = 8280;
dataDir = "/media/nas/main/nix-app-data/sabnzbd";
};
deluge = {
enable = false;
port = 8112;
};
jackett = {
enable = false;
port = 9117;
dataDir = "/media/nas/main/nix-app-data/jackett";
};
# configureDb = true;
port = 9000;
environmentFile = "/run/secrets/jallen-nas/authentik-env";
};
calibre = {
enable = true;
port = 8084;
@@ -90,7 +40,19 @@
webDir = "/media/nas/main/nix-app-data/calibre-web";
dataDir = "/media/nas/main/books";
};
code-server = {
enable = true;
port = 4444;
user = "admin";
group = "jallen-nas";
host = "0.0.0.0";
auth = "none";
hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
extraEnvironment = {
PROXY_DOMAIN = "code.mjallen.dev";
};
};
collabora = enabled;
crowdsec = {
enable = true;
port = 8181;
@@ -98,7 +60,14 @@
apiKey = config.sops.secrets."jallen-nas/crowdsec-capi".path;
dataDir = "/media/nas/main/nix-app-data/crowdsec";
};
ersatztv = {
enable = true;
configPath = "/media/nas/main/nix-app-data/ersatztv";
moviesPath = "/media/nas/main/movies";
tvPath = "/media/nas/main/tv";
transcodePath = "/media/nas/main/nix-app-data/transcode";
};
free-games-claimer.enable = true;
gitea = {
enable = true;
httpPort = 3000;
@@ -114,7 +83,15 @@
];
};
};
glance = {
enable = true;
port = 5555;
};
glances = {
enable = true;
port = 61208;
bindAddress = "0.0.0.0";
};
headscale = {
enable = false;
port = 2112;
@@ -128,77 +105,14 @@
];
};
};
unmanic = {
immich = enabled;
jellyfin = enabled;
jellyseerr = {
enable = true;
configPath = "/media/nas/main/nix-app-data/unmanic/config";
moviesPath = "/media/nas/main/movies";
tvPath = "/media/nas/main/tv";
transcodePath = "/media/nas/main/nix-app-data/unmanic/transcode";
dataDir = "/media/nas/main/nix-app-data/jellyseerr";
};
uptime-kuma = {
enable = true;
port = 3001;
dataDir = "/media/nas/main/nix-app-data/uptime-kuma";
};
glance = {
enable = true;
port = 5555;
};
free-games-claimer.enable = true;
manyfold.enable = true;
orca-slicer = {
enable = true;
httpPort = "3100";
httpsPort = "3101";
};
tdarr.enable = false;
authentik = {
enable = true;
port = 9000;
environmentFile = "/run/secrets/jallen-nas/authentik-env";
};
attic = {
enable = true;
port = 9012;
listenAddress = "[::]";
environmentFile = "/run/secrets/jallen-nas/attic-key";
};
protonmail-bridge = {
enable = true;
smtpPort = 1025;
imapPort = 1143;
user = "admin";
};
netbootxyz = {
enable = true;
};
ntfy = {
enable = true;
port = 2586;
localAddress = "10.0.1.3";
dataDir = "/media/nas/main/nix-app-data/ntfy";
reverseProxy = {
enable = true;
subdomain = "ntfy";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
};
};
lubelogger = enabled;
manyfold = enabled;
matrix = {
enable = true;
port = 8448;
@@ -213,26 +127,43 @@
];
};
};
glances = {
netbootxyz = {
enable = true;
port = 61208;
bindAddress = "0.0.0.0";
};
code-server = {
nextcloud = enabled;
ntfy = {
enable = true;
port = 4444;
user = "admin";
group = "jallen-nas";
host = "0.0.0.0";
auth = "none";
hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
extraEnvironment = {
PROXY_DOMAIN = "code.mjallen.dev";
port = 2586;
localAddress = "10.0.1.3";
dataDir = "/media/nas/main/nix-app-data/ntfy";
reverseProxy = {
enable = true;
subdomain = "ntfy";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
};
};
ocis = disabled;
onlyoffice = disabled;
opencloud = {
enable = true;
port = 9200;
reverseProxy.enable = true;
};
orca-slicer = {
enable = true;
httpPort = "3100";
httpsPort = "3101";
};
paperless = enabled;
protonmail-bridge = {
enable = true;
smtpPort = 1025;
imapPort = 1143;
user = "admin";
};
restic = {
enable = true;
port = 8008;
@@ -242,6 +173,21 @@
htpasswdFile = "/media/nas/main/backup/restic/.htpasswd";
extraFlags = [ "--no-auth" ];
};
tdarr = disabled;
traefik = enabled;
unmanic = {
enable = true;
configPath = "/media/nas/main/nix-app-data/unmanic/config";
moviesPath = "/media/nas/main/movies";
tvPath = "/media/nas/main/tv";
transcodePath = "/media/nas/main/nix-app-data/unmanic/transcode";
};
uptime-kuma = {
enable = true;
port = 3001;
dataDir = "/media/nas/main/nix-app-data/uptime-kuma";
};
wyoming = enabled;
};
};
}