mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mkModule migration begin

Browse Source
This commit is contained in:
mjallen18
2025-12-14 22:47:59 -06:00
parent fedba849a7
commit 3dc1055b54
3 changed files with 169 additions and 223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
lib/module/default.nix
View File

@@ -64,23 +64,23 @@ rec {
}; };
services = { services = {
# postgresql = lib.mkIf cfg.configureDb { postgresql = lib.mkIf cfg.configureDb {
# enable = true; enable = true;
# ensureDatabases = [ name ]; ensureDatabases = [ name ];
# ensureUsers = [ ensureUsers = [
# { {
# name = name; name = name;
# ensureDBOwnership = true; ensureDBOwnership = true;
# } }
# ]; ];
# }; };
}; };
systemd.tmpfiles.rules = [ # systemd.tmpfiles.rules = [
"d ${cfg.configDir} 0700 ${name} ${name} - -" # "d ${cfg.configDir} 0700 ${name} ${name} - -"
"d ${cfg.configDir}/server-files 0700 ${name} ${name} - -" # # "d ${cfg.configDir}/server-files 0775 ${name} ${name} - -"
"d ${cfg.configDir}/user-files 0700 ${name} ${name} - -" # # "d ${cfg.configDir}/user-files 0775 ${name} ${name} - -"
]; # ];
} // moduleConfig; } // moduleConfig;
in in
{ config, lib, ... }: { config, lib, ... }:

114
modules/nixos/services/authentik/default.nix
View File

@@ -6,68 +6,68 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.authentik; name = "authentik";
in cfg = config.${namespace}.services.${name};
{
imports = [ ./options.nix ];
config = mkIf cfg.enable { authentikConfig = lib.${namespace}.mkModule {
services.authentik = { inherit config name;
enable = true; description = "authentik Service";
environmentFile = cfg.environmentFile; options = { };
settings = { moduleConfig = {
port = cfg.port; services = {
authentik = {
enable = true;
environmentFile = cfg.environmentFile;
settings = {
port = cfg.port;
};
};
redis.servers.authentik = {
enable = mkDefault true;
port = mkDefault 6379;
};
# postgresql = {
# enable = mkDefault true;
# ensureDatabases = [ name ];
# ensureUsers = [
# {
# name = name;
# ensureDBOwnership = true;
# }
# ];
# };
}; };
};
# Open firewall for authentik if enabled # Open firewall for authentik if enabled
networking.firewall = mkIf cfg.openFirewall { networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ allowedTCPPorts = [
cfg.port 4822
4822 ];
]; allowedUDPPorts = [
allowedUDPPorts = [ 4822
cfg.port ];
4822 };
];
};
# Ensure PostgreSQL is configured for authentik virtualisation.oci-containers.containers.authentik_rac = {
services.postgresql = { autoStart = true;
enable = mkDefault true; image = "ghcr.io/goauthentik/rac";
ensureDatabases = [ "authentik" ]; ports = [ "4822:4822" ];
ensureUsers = [ volumes = [
{ "${cfg.configDir}/authentik-rac:/media"
name = "authentik"; ];
ensureDBOwnership = true; environment = {
} AUTHENTIK_HOST = "https://${name}.mjallen.dev";
]; AUTHENTIK_TOKEN = "0XGkB2pXoOTqcCMAjucAtfamvlsIZCPmy1Zri54Ozjj3zzMCvcLwkQPrukfx";
}; AUTHENTIK_INSECURE = "false"; # Set to true for self-signed certs
PUID = toString cfg.puid;
# Ensure Redis is configured for authentik PGID = toString cfg.pgid;
services.redis.servers.authentik = { TZ = cfg.timeZone;
enable = mkDefault true; };
port = mkDefault 6379;
};
virtualisation.oci-containers.containers.authentik_rac = {
autoStart = true;
image = "ghcr.io/goauthentik/rac";
ports = [ "4822:4822" ];
volumes = [
"/media/nas/main/nix-app-data/authentik-rac:/media"
];
# environmentFiles = [
# "/media/nas/main/nix-app-data/lubelogger/lubelogger.env"
# ];
environment = {
AUTHENTIK_HOST = "https://authentik.mjallen.dev";
AUTHENTIK_TOKEN = "0XGkB2pXoOTqcCMAjucAtfamvlsIZCPmy1Zri54Ozjj3zzMCvcLwkQPrukfx";
AUTHENTIK_INSECURE = "false"; # Set to true for self-signed certs
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
}; };
}; };
}; };
in
{
imports = [ authentikConfig ];
} }

248
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -1,29 +1,10 @@
{ config, namespace, ... }: { config, lib, namespace, ... }:
let
inherit (lib.${namespace}) enabled disabled;
in
{ {
${namespace} = { ${namespace} = {
services = { services = {
# Existing properly namespaced services
immich.enable = true;
jellyfin.enable = true;
jellyseerr = {
enable = true;
dataDir = "/media/nas/main/nix-app-data/jellyseerr";
};
lubelogger.enable = true;
nextcloud.enable = true;
opencloud = {
enable = true;
port = 9200;
reverseProxy.enable = true;
};
onlyoffice.enable = false;
collabora.enable = true;
ai.enable = true;
paperless.enable = true;
traefik.enable = true;
wyoming.enable = true;
# Newly migrated services
actual = { actual = {
enable = true; enable = true;
port = 3333; port = 3333;
@@ -37,51 +18,20 @@
]; ];
}; };
}; };
ai = enabled;
ocis.enable = false; arrs = enabled;
attic = {
ersatztv = {
enable = true; enable = true;
configPath = "/media/nas/main/nix-app-data/ersatztv"; port = 9012;
moviesPath = "/media/nas/main/movies"; listenAddress = "[::]";
tvPath = "/media/nas/main/tv"; environmentFile = "/run/secrets/jallen-nas/attic-key";
transcodePath = "/media/nas/main/nix-app-data/transcode";
}; };
authentik = {
arrs = {
enable = true; enable = true;
localAddress = "10.0.1.51"; # configureDb = true;
downloadsDir = "/media/nas/main/ssd_app_data/downloads"; port = 9000;
incompleteDownloadsDir = "/media/nas/main/ssd_app_data/downloads-incomplete"; environmentFile = "/run/secrets/jallen-nas/authentik-env";
moviesDir = "/media/nas/main/movies";
tvDir = "/media/nas/main/tv";
isosDir = "/media/nas/main/isos";
radarr = {
enable = true;
port = 7878;
dataDir = "/media/nas/main/nix-app-data/radarr";
};
sonarr = {
enable = true;
port = 8989;
dataDir = "/media/nas/main/nix-app-data/sonarr";
};
sabnzbd = {
enable = true;
port = 8280;
dataDir = "/media/nas/main/nix-app-data/sabnzbd";
};
deluge = {
enable = false;
port = 8112;
};
jackett = {
enable = false;
port = 9117;
dataDir = "/media/nas/main/nix-app-data/jackett";
};
}; };
calibre = { calibre = {
enable = true; enable = true;
port = 8084; port = 8084;
@@ -90,7 +40,19 @@
webDir = "/media/nas/main/nix-app-data/calibre-web"; webDir = "/media/nas/main/nix-app-data/calibre-web";
dataDir = "/media/nas/main/books"; dataDir = "/media/nas/main/books";
}; };
code-server = {
enable = true;
port = 4444;
user = "admin";
group = "jallen-nas";
host = "0.0.0.0";
auth = "none";
hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
extraEnvironment = {
PROXY_DOMAIN = "code.mjallen.dev";
};
};
collabora = enabled;
crowdsec = { crowdsec = {
enable = true; enable = true;
port = 8181; port = 8181;
@@ -98,7 +60,14 @@
apiKey = config.sops.secrets."jallen-nas/crowdsec-capi".path; apiKey = config.sops.secrets."jallen-nas/crowdsec-capi".path;
dataDir = "/media/nas/main/nix-app-data/crowdsec"; dataDir = "/media/nas/main/nix-app-data/crowdsec";
}; };
ersatztv = {
enable = true;
configPath = "/media/nas/main/nix-app-data/ersatztv";
moviesPath = "/media/nas/main/movies";
tvPath = "/media/nas/main/tv";
transcodePath = "/media/nas/main/nix-app-data/transcode";
};
free-games-claimer.enable = true;
gitea = { gitea = {
enable = true; enable = true;
httpPort = 3000; httpPort = 3000;
@@ -114,7 +83,15 @@
]; ];
}; };
}; };
glance = {
enable = true;
port = 5555;
};
glances = {
enable = true;
port = 61208;
bindAddress = "0.0.0.0";
};
headscale = { headscale = {
enable = false; enable = false;
port = 2112; port = 2112;
@@ -128,77 +105,14 @@
]; ];
}; };
}; };
immich = enabled;
unmanic = { jellyfin = enabled;
jellyseerr = {
enable = true; enable = true;
configPath = "/media/nas/main/nix-app-data/unmanic/config"; dataDir = "/media/nas/main/nix-app-data/jellyseerr";
moviesPath = "/media/nas/main/movies";
tvPath = "/media/nas/main/tv";
transcodePath = "/media/nas/main/nix-app-data/unmanic/transcode";
}; };
lubelogger = enabled;
uptime-kuma = { manyfold = enabled;
enable = true;
port = 3001;
dataDir = "/media/nas/main/nix-app-data/uptime-kuma";
};
glance = {
enable = true;
port = 5555;
};
free-games-claimer.enable = true;
manyfold.enable = true;
orca-slicer = {
enable = true;
httpPort = "3100";
httpsPort = "3101";
};
tdarr.enable = false;
authentik = {
enable = true;
port = 9000;
environmentFile = "/run/secrets/jallen-nas/authentik-env";
};
attic = {
enable = true;
port = 9012;
listenAddress = "[::]";
environmentFile = "/run/secrets/jallen-nas/attic-key";
};
protonmail-bridge = {
enable = true;
smtpPort = 1025;
imapPort = 1143;
user = "admin";
};
netbootxyz = {
enable = true;
};
ntfy = {
enable = true;
port = 2586;
localAddress = "10.0.1.3";
dataDir = "/media/nas/main/nix-app-data/ntfy";
reverseProxy = {
enable = true;
subdomain = "ntfy";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
};
};
matrix = { matrix = {
enable = true; enable = true;
port = 8448; port = 8448;
@@ -213,26 +127,43 @@
]; ];
}; };
}; };
netbootxyz = {
glances = {
enable = true; enable = true;
port = 61208;
bindAddress = "0.0.0.0";
}; };
nextcloud = enabled;
code-server = { ntfy = {
enable = true; enable = true;
port = 4444; port = 2586;
user = "admin"; localAddress = "10.0.1.3";
group = "jallen-nas"; dataDir = "/media/nas/main/nix-app-data/ntfy";
host = "0.0.0.0"; reverseProxy = {
auth = "none"; enable = true;
hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; subdomain = "ntfy";
extraEnvironment = { middlewares = [
PROXY_DOMAIN = "code.mjallen.dev"; "crowdsec"
"whitelist-geoblock"
];
}; };
}; };
ocis = disabled;
onlyoffice = disabled;
opencloud = {
enable = true;
port = 9200;
reverseProxy.enable = true;
};
orca-slicer = {
enable = true;
httpPort = "3100";
httpsPort = "3101";
};
paperless = enabled;
protonmail-bridge = {
enable = true;
smtpPort = 1025;
imapPort = 1143;
user = "admin";
};
restic = { restic = {
enable = true; enable = true;
port = 8008; port = 8008;
@@ -242,6 +173,21 @@
htpasswdFile = "/media/nas/main/backup/restic/.htpasswd"; htpasswdFile = "/media/nas/main/backup/restic/.htpasswd";
extraFlags = [ "--no-auth" ]; extraFlags = [ "--no-auth" ];
}; };
tdarr = disabled;
traefik = enabled;
unmanic = {
enable = true;
configPath = "/media/nas/main/nix-app-data/unmanic/config";
moviesPath = "/media/nas/main/movies";
tvPath = "/media/nas/main/tv";
transcodePath = "/media/nas/main/nix-app-data/unmanic/transcode";
};
uptime-kuma = {
enable = true;
port = 3001;
dataDir = "/media/nas/main/nix-app-data/uptime-kuma";
};
wyoming = enabled;
}; };
}; };
} }