mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

kavita

Browse Source
This commit is contained in:
mjallen18
2026-03-29 22:24:04 -05:00
parent 0967e27fca
commit 62736ed77c
9 changed files with 78 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
WORKAROUNDS.md
View File

@@ -348,7 +348,7 @@ These are not workarounds but known incomplete configurations:
| `systems/x86_64-linux/jallen-nas/apps.nix` | 47 | Authentik environment secrets file not wired up | | `systems/x86_64-linux/jallen-nas/apps.nix` | 47 | Authentik environment secrets file not wired up |
| `modules/nixos/services/sparky-fitness/default.nix` | — | ~~DB passwords not yet moved to SOPS~~ — resolved; secrets now via `mkSopsEnvFile`; run `sops secrets/nas-secrets.yaml` to add real values for `jallen-nas/sparky-fitness/{db-password,api-encryption-key,auth-secret}` | | `modules/nixos/services/sparky-fitness/default.nix` | — | ~~DB passwords not yet moved to SOPS~~ — resolved; secrets now via `mkSopsEnvFile`; run `sops secrets/nas-secrets.yaml` to add real values for `jallen-nas/sparky-fitness/{db-password,api-encryption-key,auth-secret}` |
| `modules/nixos/services/your-spotify/default.nix` | 36 | Spotify API keys not yet moved to SOPS | | `modules/nixos/services/your-spotify/default.nix` | 36 | Spotify API keys not yet moved to SOPS |
| `modules/nixos/services/booklore/default.nix` | 25 | Database password not yet a SOPS secret | | `modules/nixos/services/booklore/default.nix` | 28 | Database password not yet a SOPS secret |
| `packages/raspberrypi/udev-rules/default.nix` | 33 | `15-i2c-modprobe.rules` disabled; `i2cprobe` script not ported | | `packages/raspberrypi/udev-rules/default.nix` | 33 | `15-i2c-modprobe.rules` disabled; `i2cprobe` script not ported |
| `modules/nixos/homeassistant/services/homeassistant/default.nix` | 214 | `roborock` integration marked broken | | `modules/nixos/homeassistant/services/homeassistant/default.nix` | 214 | `roborock` integration marked broken |

2
modules/nixos/services/ai/default.nix
View File

@@ -51,7 +51,7 @@ let
port = 8127; port = 8127;
host = "0.0.0.0"; host = "0.0.0.0";
openFirewall = cfg.openFirewall; openFirewall = cfg.openFirewall;
model = "${cfg.configDir}/llama-cpp/models/${cfg.llama-cpp.model}.gguf"; model = null;
package = pkgs.llama-cpp-rocm; package = pkgs.llama-cpp-rocm;
extraFlags = [ extraFlags = [
"--fit" "--fit"

16
modules/nixos/services/booklore/default.nix → modules/nixos/services/grimmory/default.nix
View File

@@ -5,24 +5,26 @@
... ...
}: }:
let let
cfg = config.${namespace}.services.booklore; cfg = config.${namespace}.services.grimmory;
in in
{ {
imports = [ imports = [
(lib.${namespace}.mkContainerService { (lib.${namespace}.mkContainerService {
inherit config; inherit config;
name = "booklore"; name = "grimmory";
image = "booklore/booklore"; image = "ghcr.io/grimmory-tools/grimmory";
internalPort = 6060; internalPort = 6060;
volumes = [ volumes = [
"${cfg.configDir}/booklore:/app/data" "${cfg.configDir}/grimmory:/app/data"
"${cfg.configDir}/bookdrop:/bookdrop" "${cfg.configDir}/bookdrop:/bookdrop"
"${cfg.dataDir}/books:/books" "${cfg.dataDir}/books:/books"
]; ];
environment = { environment = {
DATABASE_URL = "jdbc:mariadb://10.0.1.3:3306/booklore"; USER_ID = "1000";
DATABASE_USERNAME = "booklore"; GROUP_ID = "1000";
# TODO: move DATABASE_PASSWORD to a sops secret TZ = "UTC";
DATABASE_URL = "jdbc:mariadb://10.0.1.3:3306/grimmory";
DATABASE_USERNAME = "grimmory";
DATABASE_PASSWORD = "Lucifer008!"; DATABASE_PASSWORD = "Lucifer008!";
}; };
}) })

41
modules/nixos/services/kavita/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
config,
lib,
namespace,
...
}:
with lib;
let
name = "kavita";
cfg = config.${namespace}.services.${name};
rootUrl = "https://kavita.${namespace}.dev/";
kavitaConfig = lib.${namespace}.mkModule {
inherit config name;
description = "kavita";
options = { };
moduleConfig = {
sops = {
secrets = {
"jallen-nas/kavita/token" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.kavita.name;
group = config.users.users.kavita.group;
restartUnits = [ "kavita.service" ];
};
};
};
services.kavita = {
enable = true;
dataDir = "${cfg.configDir}/kavita";
tokenKeyFile = config.sops.secrets."jallen-nas/kavita/token".path;
settings = {
Port = cfg.port;
};
};
};
};
in
{
imports = [ kavitaConfig ];
}

2
modules/nixos/services/lemonade/default.nix
View File

@@ -34,7 +34,7 @@ let
# Override mkModule's default port of 80 with lemonade's actual default. # Override mkModule's default port of 80 with lemonade's actual default.
port = mkOpt lib.types.int 8000 "Port lemonade-router listens on"; port = mkOpt lib.types.int 8000 "Port lemonade-router listens on";
host = mkOpt lib.types.str "127.0.0.1" "Address lemonade-router binds to"; host = mkOpt lib.types.str "0.0.0.0" "Address lemonade-router binds to";
logLevel = mkOpt (lib.types.enum [ logLevel = mkOpt (lib.types.enum [
"critical" "critical"

8
secrets/nas-secrets.yaml
View File

@@ -96,6 +96,8 @@ jallen-nas:
auth-secret: ENC[AES256_GCM,data:aJIjDzyJy3nWUNpKHEGyYdTfO93pfNcLKTTz6lKl8IO49JHuzFefaCNCzbwSKVMda8snohE2DE9Ul94paIcSwQ==,iv:rMZVu1SACErvtrhlLecP1bQ/2wnvZ1UnlYHMqFbB8I4=,tag:IxEw+MvDqAmK492uiIIRaw==,type:str] auth-secret: ENC[AES256_GCM,data:aJIjDzyJy3nWUNpKHEGyYdTfO93pfNcLKTTz6lKl8IO49JHuzFefaCNCzbwSKVMda8snohE2DE9Ul94paIcSwQ==,iv:rMZVu1SACErvtrhlLecP1bQ/2wnvZ1UnlYHMqFbB8I4=,tag:IxEw+MvDqAmK492uiIIRaw==,type:str]
grafana: grafana:
secret-key: ENC[AES256_GCM,data:dPHXEAKGrbbM36uH3W4yzm3GmJI=,iv:yHMAMJ8w+uoH/IvLSbxyQm6dEml0MWvwfRIIVHmc6LE=,tag:AyDLS20gUH4gupRGrtGReQ==,type:str] secret-key: ENC[AES256_GCM,data:dPHXEAKGrbbM36uH3W4yzm3GmJI=,iv:yHMAMJ8w+uoH/IvLSbxyQm6dEml0MWvwfRIIVHmc6LE=,tag:AyDLS20gUH4gupRGrtGReQ==,type:str]
kavita:
token: ENC[AES256_GCM,data:XurnehEZ/jCn+lxtTyty3WkDb17nQ7X3dIIys8O1l17gNzBMyqCLuzQaKLvqAV13PIaGBRTSnlNe7hDs5XYsI2nyL/l0ptPPXgKGEujEtTL8ei0rxTAYnA==,iv:Guinyj+EQNSUE+z+yu3HTF+leoxk7LWXBX/HGcLEki4=,tag:hfkgnjFAwUEVXtDT5HFJTg==,type:str]
sops: sops:
shamir_threshold: 1 shamir_threshold: 1
age: age:
@@ -243,8 +245,8 @@ sops:
L0gwQm5takNjMkVGNzVlSStJYlUwWDAKP8QA3rRUHYbyyhPC/k0Eq2EIKfjyc7Co L0gwQm5takNjMkVGNzVlSStJYlUwWDAKP8QA3rRUHYbyyhPC/k0Eq2EIKfjyc7Co
7BkHH3msC6h9g42BB5iIYe6KQ+UGxMQBFvp+qSB27jaIfajN5MP0BA== 7BkHH3msC6h9g42BB5iIYe6KQ+UGxMQBFvp+qSB27jaIfajN5MP0BA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-24T19:34:00Z" lastmodified: "2026-03-30T01:56:41Z"
mac: ENC[AES256_GCM,data:vuAtq87oIAIbWw7d/PwNPfVIlWJx3C1sT5tlpgLvHTgCAp8ZtSSBhqTJNCV7za+kjrF/SrZ0Asc1Ui6W3spgU6QAu2TR7JtAseXDyN7c8hLbBzZdZ5RtrqYdr8bj+dohbC9ZTHBt1YH7iXb1rm3CmwkCkzSY6ux3afnWubK2TIg=,iv:UAnH3J0Lnyxk1XPk3Zlm/VpCSA7omv9czc50C9qrfsM=,tag:Xh+iUD9S2rSlpmUoa5uQ8A==,type:str] mac: ENC[AES256_GCM,data:U7xBMz0kJd2fF81rCRD0x4g573lEUnn2Q8e6V/0zgwzoaC39VyZ3RBAUVBS+5d4GSTjrU82sucSNYBZphOGODdgnmL7jSBwaKxg4co9fjuABFmn5WFKJgsw07F48/F2DraftSlRoq1YYkzOhiravgVyWU6aC7o5av+nFVhhfcrM=,iv:bnGpEY6mjPrmeJ+bQdZkXQPTzkBxmIy+5B8/dtJDLmM=,tag:OqvH+y5vjQryzyMUof4isA==,type:str]
pgp: pgp:
- created_at: "2026-02-06T15:34:30Z" - created_at: "2026-02-06T15:34:30Z"
enc: |- enc: |-
@@ -267,4 +269,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684 fp: CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.1 version: 3.12.2

25
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -46,10 +46,6 @@ in
port = 4823; port = 4823;
# environmentFile = "/run/secrets/jallen-nas/authentik-env"; # TODO # environmentFile = "/run/secrets/jallen-nas/authentik-env"; # TODO
}; };
booklore = {
enable = false;
port = 6066;
};
caddy = enabled; caddy = enabled;
cockpit = { cockpit = {
enable = true; enable = true;
@@ -122,6 +118,10 @@ in
port = 61208; port = 61208;
createUser = true; createUser = true;
}; };
grimmory = {
enable = false;
port = 6066;
};
headscale = { headscale = {
enable = false; enable = false;
port = 2112; port = 2112;
@@ -132,12 +132,6 @@ in
port = 2283; port = 2283;
reverseProxy = enabled; reverseProxy = enabled;
}; };
lemonade = {
enable = true;
port = 8001;
modelsDir = "/media/nas/main/ai/lemonade/models";
reverseProxy = disabled;
};
jellyfin = { jellyfin = {
enable = true; enable = true;
port = 8096; port = 8096;
@@ -149,6 +143,17 @@ in
createUser = true; createUser = true;
reverseProxy = enabled; reverseProxy = enabled;
}; };
kavita = {
enable = true;
port = 5000;
reverseProxy = disabled;
};
lemonade = {
enable = true;
port = 8001;
modelsDir = "/media/nas/main/ai/lemonade/models";
reverseProxy = disabled;
};
lubelogger = { lubelogger = {
enable = true; enable = true;
port = 6754; port = 6754;

5
systems/x86_64-linux/jallen-nas/nas-defaults.nix
View File

@@ -38,7 +38,6 @@ in
"attic" "attic"
"authentik" "authentik"
"authentikRac" "authentikRac"
"booklore"
"caddy" "caddy"
"calibre" "calibre"
"calibre-web" "calibre-web"
@@ -53,11 +52,13 @@ in
"glances" "glances"
"grafana" "grafana"
"guacd" "guacd"
"grimmory"
"headscale" "headscale"
"immich" "immich"
"jellyfin" "jellyfin"
"lemonade"
"jellyseerr" "jellyseerr"
"kavita"
"lemonade"
"lubelogger" "lubelogger"
"manyfold" "manyfold"
"matrix" "matrix"

4
systems/x86_64-linux/jallen-nas/services.nix
View File

@@ -144,12 +144,12 @@ in
}; };
initialDatabases = [ initialDatabases = [
{ {
name = "booklore"; name = "grimmory";
} }
]; ];
ensureUsers = [ ensureUsers = [
{ {
name = "booklore"; name = "grimmory";
ensurePermissions = { ensurePermissions = {
"database.*" = "ALL PRIVILEGES"; "database.*" = "ALL PRIVILEGES";
"*.*" = "SELECT, LOCK TABLES"; "*.*" = "SELECT, LOCK TABLES";