mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mkModule gitea

Browse Source
This commit is contained in:
mjallen18
2025-12-15 20:07:48 -06:00
parent e74ea5f13b
commit 50345adeb5
9 changed files with 73 additions and 338 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/nixos/services/crowdsec/default.nix
View File

@@ -113,10 +113,10 @@ let
listen_uri = "${cfg.listenAddress}:${toString cfg.port}"; listen_uri = "${cfg.listenAddress}:${toString cfg.port}";
}; };
client = { client = {
credentials_path = lib.mkForce "/media/nas/main/nix-app-data/crowdsec/client.yaml"; credentials_path = lib.mkForce "${cfg.configDir}/crowdsec/client.yaml";
}; };
}; };
capi.credentialsFile = lib.mkDefault "/media/nas/main/nix-app-data/crowdsec/capi.yaml"; capi.credentialsFile = lib.mkDefault "${cfg.configDir}/crowdsec/capi.yaml";
}; };
}; };
}; };

37
modules/nixos/services/crowdsec/options.nix
View File

@@ -1,37 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.crowdsec = {
enable = mkEnableOption "crowdsec service";
port = mkOption {
type = types.port;
default = 8080;
description = "Port for crowdsec API";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open firewall for crowdsec";
};
apiAddress = mkOption {
type = types.str;
default = "127.0.0.1";
description = "API address for crowdsec";
};
apiKey = mkOption {
type = types.str;
default = "";
description = "API key for crowdsec bouncer";
};
dataDir = mkOption {
type = types.str;
default = "";
description = "Data directory for crowdsec";
};
};
}

76
modules/nixos/services/ersatztv/default.nix
View File

@@ -6,56 +6,36 @@
}: }:
with lib; with lib;
let let
inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; name = "ersatztv";
cfg = config.${namespace}.services.ersatztv; cfg = config.${namespace}.services.${name};
in
{
options.${namespace}.services.ersatztv = {
enable = mkEnableOption "ersatztv service";
name = mkOpt types.str "ersatztv" "container name"; ersatztvConfig = lib.${namespace}.mkModule {
inherit config name;
image = mkOpt types.str "ghcr.io/ersatztv/ersatztv" "container image"; description = "ersatztv";
options = { };
port = mkOpt types.int 8409 "Port for ersatztv to be hosted on"; moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
configPath = mkOpt types.str "" "Path to the data dir"; autoStart = true;
image = "ghcr.io/ersatztv/ersatztv";
moviesPath = mkOpt types.str "" "Path to the data dir"; extraOptions = [ "--device=/dev/dri" ];
volumes = [
tvPath = mkOpt types.str "" "Path to the data dir"; "${cfg.configDir}/ersatztv:/config"
"${cfg.dataDir}/movies:/libraries/movies"
transcodePath = mkOpt types.str "" "Path to the data dir"; "${cfg.dataDir}/movies:/libraries/tv"
"${cfg.configDir}/transcode:/transcode"
puid = mkOpt types.str "911" "uid"; ];
ports = [
pgid = mkOpt types.str "1000" "gid"; "${toString cfg.port}:8409"
];
timeZone = mkOpt types.str "America/Chicago" "Timezone"; environment = {
PUID = cfg.puid;
reverseProxy = mkReverseProxyOpt; PGID = cfg.pgid;
}; TZ = cfg.timeZone;
};
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.${cfg.name} = {
autoStart = true;
image = cfg.image;
extraOptions = [ "--device=/dev/dri" ];
volumes = [
"${cfg.configPath}:/config"
"${cfg.moviesPath}:/libraries/movies"
"${cfg.tvPath}:/libraries/tv"
"${cfg.transcodePath}:/transcode"
];
ports = [
"${toString cfg.port}:8409"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
}; };
}; };
}; };
in
{
imports = [ ersatztvConfig ];
} }

36
modules/nixos/services/free-games-claimer/default.nix
View File

@@ -6,23 +6,29 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.free-games-claimer; name = "free-games-claimer";
in cfg = config.${namespace}.services.${name};
{
imports = [ ./options.nix ];
config = mkIf cfg.enable { fgcConfig = lib.${namespace}.mkModule {
virtualisation.oci-containers.containers."${cfg.name}" = { inherit config name;
autoStart = cfg.autoStart; description = "free-games-claimer";
image = cfg.image; options = { };
ports = [ "${cfg.httpPort}:6080" ]; moduleConfig = {
volumes = [ "${cfg.dataPath}:/fgc/data" ]; virtualisation.oci-containers.containers."${name}" = {
environmentFiles = [ config.sops.templates."fgc.env".path ]; autoStart = true;
environment = { image = "ghcr.io/vogler/free-games-claimer";
PUID = cfg.puid; ports = [ "${toString cfg.port}:6080" ];
PGID = cfg.pgid; volumes = [ "${cfg.configDir}/free-games-claimer:/fgc/data" ];
TZ = cfg.timeZone; environmentFiles = [ config.sops.templates."fgc.env".path ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
}; };
}; };
}; };
in
{
imports = [ fgcConfig ];
} }

47
modules/nixos/services/free-games-claimer/options.nix
View File

@@ -1,47 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.free-games-claimer = {
enable = mkEnableOption "free-games-claimer docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
httpPort = mkOption {
type = types.str;
default = "6080";
};
name = mkOption {
type = types.str;
default = "free-games-claimer";
};
image = mkOption {
type = types.str;
default = "ghcr.io/vogler/free-games-claimer";
};
dataPath = mkOption {
type = types.str;
default = "/media/nas/main/nix-app-data/free-games-claimer";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

41
modules/nixos/services/gitea/default.nix
View File

@@ -6,32 +6,20 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.gitea; name = "gitea";
cfg = config.${namespace}.services.${name};
rootUrl = "https://gitea.${namespace}.dev/"; rootUrl = "https://gitea.${namespace}.dev/";
mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path; mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path; metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path;
# Create reverse proxy configuration using mkReverseProxy giteaConfig = lib.${namespace}.mkModule {
reverseProxyConfig = lib.${namespace}.mkReverseProxy { inherit config name;
name = "gitea"; description = "Gitea";
subdomain = cfg.reverseProxy.subdomain; options = { };
url = "http://${cfg.localAddress}:${toString cfg.httpPort}"; moduleConfig = {
middlewares = cfg.reverseProxy.middlewares;
};
traefik = {
"${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable {
reverseProxies = [ reverseProxyConfig ];
};
};
in
{
imports = [ ./options.nix ];
config =
mkIf cfg.enable {
services.gitea = { services.gitea = {
enable = true; enable = true;
stateDir = cfg.dataDir; stateDir = "${cfg.configDir}/gitea";
user = "nix-apps"; user = "nix-apps";
group = "jallen-nas"; group = "jallen-nas";
mailerPasswordFile = mailerPasswordFile; mailerPasswordFile = mailerPasswordFile;
@@ -39,12 +27,12 @@ in
settings = { settings = {
server = { server = {
DOMAIN = "jallen-nas"; DOMAIN = "jallen-nas";
HTTP_ADDR = "0.0.0.0"; HTTP_ADDR = cfg.listenAddress;
HTTP_PORT = cfg.httpPort; HTTP_PORT = cfg.port;
PROTOCOL = "http"; PROTOCOL = "http";
ROOT_URL = rootUrl; ROOT_URL = rootUrl;
START_SSH_SERVER = true; START_SSH_SERVER = true;
SSH_PORT = cfg.sshPort; SSH_PORT = 2222;
}; };
service = { service = {
REGISTER_EMAIL_CONFIRM = false; REGISTER_EMAIL_CONFIRM = false;
@@ -58,6 +46,9 @@ in
}; };
}; };
}; };
} };
// traefik; };
in
{
imports = [ giteaConfig ];
} }

116
modules/nixos/services/gitea/default.nix.container
View File

@@ -1,116 +0,0 @@
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.gitea;
rootUrl = "https://gitea.mjallen.dev/";
dataDir = "/var/lib/gitea";
secretsDir = "/run/secrets/jallen-nas/gitea";
mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path;
giteaUid = config.users.users.nix-apps.uid;
giteaGid = config.users.groups.jallen-nas.gid;
serviceConfig = {
services.gitea = {
enable = true;
stateDir = dataDir;
mailerPasswordFile = mailerPasswordFile;
metricsTokenFile = metricsTokenFile;
settings = {
server = {
DOMAIN = "jallen-nas";
HTTP_ADDR = "0.0.0.0";
HTTP_PORT = cfg.httpPort;
PROTOCOL = "http";
ROOT_URL = rootUrl;
START_SSH_SERVER = true;
SSH_PORT = cfg.sshPort;
};
service = {
REGISTER_EMAIL_CONFIRM = false;
ENABLE_CAPTCHA = false;
DISABLE_REGISTRATION = true;
ENABLE_OPENID_SIGNIN = false;
ENABLE_LDAP_SIGNIN = false;
ENABLE_SSH_SIGNIN = true;
ENABLE_BUILTIN_SSH_SERVER = true;
ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
};
};
};
users = {
users.gitea = {
isSystemUser = true;
isNormalUser = false;
uid = lib.mkForce giteaUid;
group = "gitea";
extraGroups = [ "keys" ];
};
groups = {
gitea = {
gid = lib.mkForce giteaGid;
};
};
};
# Create and set permissions for required directories
system.activationScripts.gitea-dirs = ''
mkdir -p /var/lib/gitea
chown -R gitea:gitea /var/lib/gitea
chmod -R 775 /var/lib/gitea
mkdir -p /run/secrets/jallen-nas
chown -R gitea:gitea /run/secrets/jallen-nas
chmod -R 775 /run/secrets/jallen-nas
'';
};
bindMounts = {
"${dataDir}" = {
hostPath = cfg.dataDir;
isReadOnly = false;
};
secrets = {
hostPath = secretsDir;
isReadOnly = true;
mountPoint = secretsDir;
};
};
# Create reverse proxy configuration using mkReverseProxy
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
name = "gitea";
subdomain = cfg.reverseProxy.subdomain;
url = "http://${cfg.localAddress}:${toString cfg.httpPort}";
middlewares = cfg.reverseProxy.middlewares;
};
containerConfig =
(lib.${namespace}.mkContainer {
name = "gitea";
localAddress = cfg.localAddress;
ports = [
cfg.httpPort
cfg.sshPort
];
bindMounts = bindMounts;
config = serviceConfig;
})
{ inherit lib; };
giteaConfig = {
"${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable {
reverseProxies = [ reverseProxyConfig ];
};
}
// containerConfig;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable giteaConfig;
}

29
modules/nixos/services/gitea/options.nix
View File

@@ -1,29 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.gitea = {
enable = mkEnableOption "gitea service";
httpPort = mkOption {
type = types.int;
default = 80;
};
sshPort = mkOption {
type = types.int;
default = 22;
};
localAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
dataDir = mkOption {
type = types.str;
default = "";
};
reverseProxy = lib.${namespace}.mkReverseProxyOpt;
};
}

25
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -60,32 +60,19 @@ in
crowdsec = { crowdsec = {
enable = true; enable = true;
port = 8181; port = 8181;
apiAddress = "0.0.0.0";
apiKey = config.sops.secrets."jallen-nas/crowdsec-capi".path; apiKey = config.sops.secrets."jallen-nas/crowdsec-capi".path;
dataDir = "/media/nas/main/nix-app-data/crowdsec";
}; };
ersatztv = { ersatztv = {
enable = true; enable = true;
configPath = "/media/nas/main/nix-app-data/ersatztv"; port = 8409;
moviesPath = "/media/nas/main/movies"; };
tvPath = "/media/nas/main/tv"; free-games-claimer = {
transcodePath = "/media/nas/main/nix-app-data/transcode"; enable = true;
port = 6080;
}; };
free-games-claimer.enable = true;
gitea = { gitea = {
enable = true; enable = true;
httpPort = 3000; port = 3000;
sshPort = 2222;
localAddress = "10.0.4.18";
dataDir = "/media/nas/main/nix-app-data/gitea";
reverseProxy = {
enable = true;
subdomain = "gitea";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
};
}; };
glance = { glance = {
enable = true; enable = true;