diff --git a/modules/nixos/services/crowdsec/default.nix b/modules/nixos/services/crowdsec/default.nix index 676eb1b..605b030 100755 --- a/modules/nixos/services/crowdsec/default.nix +++ b/modules/nixos/services/crowdsec/default.nix @@ -113,10 +113,10 @@ let listen_uri = "${cfg.listenAddress}:${toString cfg.port}"; }; client = { - credentials_path = lib.mkForce "/media/nas/main/nix-app-data/crowdsec/client.yaml"; + credentials_path = lib.mkForce "${cfg.configDir}/crowdsec/client.yaml"; }; }; - capi.credentialsFile = lib.mkDefault "/media/nas/main/nix-app-data/crowdsec/capi.yaml"; + capi.credentialsFile = lib.mkDefault "${cfg.configDir}/crowdsec/capi.yaml"; }; }; }; diff --git a/modules/nixos/services/crowdsec/options.nix b/modules/nixos/services/crowdsec/options.nix deleted file mode 100644 index c82074d..0000000 --- a/modules/nixos/services/crowdsec/options.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.crowdsec = { - enable = mkEnableOption "crowdsec service"; - - port = mkOption { - type = types.port; - default = 8080; - description = "Port for crowdsec API"; - }; - - openFirewall = mkOption { - type = types.bool; - default = true; - description = "Whether to open firewall for crowdsec"; - }; - - apiAddress = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "API address for crowdsec"; - }; - - apiKey = mkOption { - type = types.str; - default = ""; - description = "API key for crowdsec bouncer"; - }; - - dataDir = mkOption { - type = types.str; - default = ""; - description = "Data directory for crowdsec"; - }; - }; -} diff --git a/modules/nixos/services/ersatztv/default.nix b/modules/nixos/services/ersatztv/default.nix index 8742006..ab3c0e9 100644 --- a/modules/nixos/services/ersatztv/default.nix +++ b/modules/nixos/services/ersatztv/default.nix @@ -6,56 +6,36 @@ }: with lib; let - inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; - cfg = config.${namespace}.services.ersatztv; -in -{ - options.${namespace}.services.ersatztv = { - enable = mkEnableOption "ersatztv service"; + name = "ersatztv"; + cfg = config.${namespace}.services.${name}; - name = mkOpt types.str "ersatztv" "container name"; - - image = mkOpt types.str "ghcr.io/ersatztv/ersatztv" "container image"; - - port = mkOpt types.int 8409 "Port for ersatztv to be hosted on"; - - configPath = mkOpt types.str "" "Path to the data dir"; - - moviesPath = mkOpt types.str "" "Path to the data dir"; - - tvPath = mkOpt types.str "" "Path to the data dir"; - - transcodePath = mkOpt types.str "" "Path to the data dir"; - - puid = mkOpt types.str "911" "uid"; - - pgid = mkOpt types.str "1000" "gid"; - - timeZone = mkOpt types.str "America/Chicago" "Timezone"; - - reverseProxy = mkReverseProxyOpt; - }; - - config = mkIf cfg.enable { - - virtualisation.oci-containers.containers.${cfg.name} = { - autoStart = true; - image = cfg.image; - extraOptions = [ "--device=/dev/dri" ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.moviesPath}:/libraries/movies" - "${cfg.tvPath}:/libraries/tv" - "${cfg.transcodePath}:/transcode" - ]; - ports = [ - "${toString cfg.port}:8409" - ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; + ersatztvConfig = lib.${namespace}.mkModule { + inherit config name; + description = "ersatztv"; + options = { }; + moduleConfig = { + virtualisation.oci-containers.containers.${name} = { + autoStart = true; + image = "ghcr.io/ersatztv/ersatztv"; + extraOptions = [ "--device=/dev/dri" ]; + volumes = [ + "${cfg.configDir}/ersatztv:/config" + "${cfg.dataDir}/movies:/libraries/movies" + "${cfg.dataDir}/movies:/libraries/tv" + "${cfg.configDir}/transcode:/transcode" + ]; + ports = [ + "${toString cfg.port}:8409" + ]; + environment = { + PUID = cfg.puid; + PGID = cfg.pgid; + TZ = cfg.timeZone; + }; }; }; }; +in +{ + imports = [ ersatztvConfig ]; } diff --git a/modules/nixos/services/free-games-claimer/default.nix b/modules/nixos/services/free-games-claimer/default.nix index 3cf2730..8ccdb9b 100755 --- a/modules/nixos/services/free-games-claimer/default.nix +++ b/modules/nixos/services/free-games-claimer/default.nix @@ -6,23 +6,29 @@ }: with lib; let - cfg = config.${namespace}.services.free-games-claimer; -in -{ - imports = [ ./options.nix ]; + name = "free-games-claimer"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.httpPort}:6080" ]; - volumes = [ "${cfg.dataPath}:/fgc/data" ]; - environmentFiles = [ config.sops.templates."fgc.env".path ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; + fgcConfig = lib.${namespace}.mkModule { + inherit config name; + description = "free-games-claimer"; + options = { }; + moduleConfig = { + virtualisation.oci-containers.containers."${name}" = { + autoStart = true; + image = "ghcr.io/vogler/free-games-claimer"; + ports = [ "${toString cfg.port}:6080" ]; + volumes = [ "${cfg.configDir}/free-games-claimer:/fgc/data" ]; + environmentFiles = [ config.sops.templates."fgc.env".path ]; + environment = { + PUID = cfg.puid; + PGID = cfg.pgid; + TZ = cfg.timeZone; + }; }; }; }; +in +{ + imports = [ fgcConfig ]; } diff --git a/modules/nixos/services/free-games-claimer/options.nix b/modules/nixos/services/free-games-claimer/options.nix deleted file mode 100755 index 953cd05..0000000 --- a/modules/nixos/services/free-games-claimer/options.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.free-games-claimer = { - enable = mkEnableOption "free-games-claimer docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - httpPort = mkOption { - type = types.str; - default = "6080"; - }; - - name = mkOption { - type = types.str; - default = "free-games-claimer"; - }; - - image = mkOption { - type = types.str; - default = "ghcr.io/vogler/free-games-claimer"; - }; - - dataPath = mkOption { - type = types.str; - default = "/media/nas/main/nix-app-data/free-games-claimer"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index e9ab455..a0d8243 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -6,32 +6,20 @@ }: with lib; let - cfg = config.${namespace}.services.gitea; + name = "gitea"; + cfg = config.${namespace}.services.${name}; rootUrl = "https://gitea.${namespace}.dev/"; mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path; metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path; - # Create reverse proxy configuration using mkReverseProxy - reverseProxyConfig = lib.${namespace}.mkReverseProxy { - name = "gitea"; - subdomain = cfg.reverseProxy.subdomain; - url = "http://${cfg.localAddress}:${toString cfg.httpPort}"; - middlewares = cfg.reverseProxy.middlewares; - }; - - traefik = { - "${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable { - reverseProxies = [ reverseProxyConfig ]; - }; - }; -in -{ - imports = [ ./options.nix ]; - config = - mkIf cfg.enable { + giteaConfig = lib.${namespace}.mkModule { + inherit config name; + description = "Gitea"; + options = { }; + moduleConfig = { services.gitea = { enable = true; - stateDir = cfg.dataDir; + stateDir = "${cfg.configDir}/gitea"; user = "nix-apps"; group = "jallen-nas"; mailerPasswordFile = mailerPasswordFile; @@ -39,12 +27,12 @@ in settings = { server = { DOMAIN = "jallen-nas"; - HTTP_ADDR = "0.0.0.0"; - HTTP_PORT = cfg.httpPort; + HTTP_ADDR = cfg.listenAddress; + HTTP_PORT = cfg.port; PROTOCOL = "http"; ROOT_URL = rootUrl; START_SSH_SERVER = true; - SSH_PORT = cfg.sshPort; + SSH_PORT = 2222; }; service = { REGISTER_EMAIL_CONFIRM = false; @@ -58,6 +46,9 @@ in }; }; }; - } - // traefik; + }; + }; +in +{ + imports = [ giteaConfig ]; } diff --git a/modules/nixos/services/gitea/default.nix.container b/modules/nixos/services/gitea/default.nix.container deleted file mode 100644 index 5f6514f..0000000 --- a/modules/nixos/services/gitea/default.nix.container +++ /dev/null @@ -1,116 +0,0 @@ -{ - config, - lib, - namespace, - ... -}: -with lib; -let - cfg = config.${namespace}.services.gitea; - rootUrl = "https://gitea.mjallen.dev/"; - dataDir = "/var/lib/gitea"; - secretsDir = "/run/secrets/jallen-nas/gitea"; - mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path; - metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path; - giteaUid = config.users.users.nix-apps.uid; - giteaGid = config.users.groups.jallen-nas.gid; - - serviceConfig = { - services.gitea = { - enable = true; - stateDir = dataDir; - mailerPasswordFile = mailerPasswordFile; - metricsTokenFile = metricsTokenFile; - settings = { - server = { - DOMAIN = "jallen-nas"; - HTTP_ADDR = "0.0.0.0"; - HTTP_PORT = cfg.httpPort; - PROTOCOL = "http"; - ROOT_URL = rootUrl; - START_SSH_SERVER = true; - SSH_PORT = cfg.sshPort; - }; - service = { - REGISTER_EMAIL_CONFIRM = false; - ENABLE_CAPTCHA = false; - DISABLE_REGISTRATION = true; - ENABLE_OPENID_SIGNIN = false; - ENABLE_LDAP_SIGNIN = false; - ENABLE_SSH_SIGNIN = true; - ENABLE_BUILTIN_SSH_SERVER = true; - ENABLE_REVERSE_PROXY_AUTHENTICATION = true; - }; - }; - }; - - users = { - users.gitea = { - isSystemUser = true; - isNormalUser = false; - uid = lib.mkForce giteaUid; - group = "gitea"; - extraGroups = [ "keys" ]; - }; - groups = { - gitea = { - gid = lib.mkForce giteaGid; - }; - }; - }; - - # Create and set permissions for required directories - system.activationScripts.gitea-dirs = '' - mkdir -p /var/lib/gitea - chown -R gitea:gitea /var/lib/gitea - chmod -R 775 /var/lib/gitea - mkdir -p /run/secrets/jallen-nas - chown -R gitea:gitea /run/secrets/jallen-nas - chmod -R 775 /run/secrets/jallen-nas - ''; - }; - - bindMounts = { - "${dataDir}" = { - hostPath = cfg.dataDir; - isReadOnly = false; - }; - secrets = { - hostPath = secretsDir; - isReadOnly = true; - mountPoint = secretsDir; - }; - }; - - # Create reverse proxy configuration using mkReverseProxy - reverseProxyConfig = lib.${namespace}.mkReverseProxy { - name = "gitea"; - subdomain = cfg.reverseProxy.subdomain; - url = "http://${cfg.localAddress}:${toString cfg.httpPort}"; - middlewares = cfg.reverseProxy.middlewares; - }; - - containerConfig = - (lib.${namespace}.mkContainer { - name = "gitea"; - localAddress = cfg.localAddress; - ports = [ - cfg.httpPort - cfg.sshPort - ]; - bindMounts = bindMounts; - config = serviceConfig; - }) - { inherit lib; }; - - giteaConfig = { - "${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable { - reverseProxies = [ reverseProxyConfig ]; - }; - } - // containerConfig; -in -{ - imports = [ ./options.nix ]; - config = mkIf cfg.enable giteaConfig; -} diff --git a/modules/nixos/services/gitea/options.nix b/modules/nixos/services/gitea/options.nix deleted file mode 100644 index 685af55..0000000 --- a/modules/nixos/services/gitea/options.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.gitea = { - enable = mkEnableOption "gitea service"; - - httpPort = mkOption { - type = types.int; - default = 80; - }; - - sshPort = mkOption { - type = types.int; - default = 22; - }; - - localAddress = mkOption { - type = types.str; - default = "127.0.0.1"; - }; - - dataDir = mkOption { - type = types.str; - default = ""; - }; - - reverseProxy = lib.${namespace}.mkReverseProxyOpt; - }; -} diff --git a/systems/x86_64-linux/jallen-nas/apps.nix b/systems/x86_64-linux/jallen-nas/apps.nix index 14f0729..da01a2a 100755 --- a/systems/x86_64-linux/jallen-nas/apps.nix +++ b/systems/x86_64-linux/jallen-nas/apps.nix @@ -60,32 +60,19 @@ in crowdsec = { enable = true; port = 8181; - apiAddress = "0.0.0.0"; apiKey = config.sops.secrets."jallen-nas/crowdsec-capi".path; - dataDir = "/media/nas/main/nix-app-data/crowdsec"; }; ersatztv = { enable = true; - configPath = "/media/nas/main/nix-app-data/ersatztv"; - moviesPath = "/media/nas/main/movies"; - tvPath = "/media/nas/main/tv"; - transcodePath = "/media/nas/main/nix-app-data/transcode"; + port = 8409; + }; + free-games-claimer = { + enable = true; + port = 6080; }; - free-games-claimer.enable = true; gitea = { enable = true; - httpPort = 3000; - sshPort = 2222; - localAddress = "10.0.4.18"; - dataDir = "/media/nas/main/nix-app-data/gitea"; - reverseProxy = { - enable = true; - subdomain = "gitea"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - }; + port = 3000; }; glance = { enable = true;