diff --git a/modules/nixos/services/manyfold/default.nix b/modules/nixos/services/manyfold/default.nix index 8be8157..f96c7dc 100755 --- a/modules/nixos/services/manyfold/default.nix +++ b/modules/nixos/services/manyfold/default.nix @@ -6,34 +6,40 @@ }: with lib; let - cfg = config.${namespace}.services.manyfold; -in -{ - imports = [ ./options.nix ]; + name = "manyfold"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.httpPort}:3214" ]; - extraOptions = [ - "--cap-drop=ALL" - "--cap-add=CHOWN" - "--cap-add=DAC_OVERRIDE" - "--cap-add=SETUID" - "--cap-add=SETGID" - "--security-opt=no-new-privileges:true" - ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.dataPath}:/libraries" - ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; + manyfoldConfig = lib.${namespace}.mkModule { + inherit config name; + description = "manyfold"; + options = { }; + moduleConfig = { + virtualisation.oci-containers.containers."${name}" = { + autoStart = true; + image = "ghcr.io/manyfold3d/manyfold-solo"; + ports = [ "${toString cfg.port}:3214" ]; + extraOptions = [ + "--cap-drop=ALL" + "--cap-add=CHOWN" + "--cap-add=DAC_OVERRIDE" + "--cap-add=SETUID" + "--cap-add=SETGID" + "--security-opt=no-new-privileges:true" + ]; + volumes = [ + "${cfg.configDir}/manyfold:/config" + "${cfg.dataDir}/3d_printer:/libraries" + ]; + environment = { + PUID = cfg.puid; + PGID = cfg.pgid; + TZ = cfg.timeZone; + }; + environmentFiles = [ config.sops.secrets."jallen-nas/manyfold/secretkeybase".path ]; }; - environmentFiles = [ config.sops.secrets."jallen-nas/manyfold/secretkeybase".path ]; }; }; +in +{ + imports = [ manyfoldConfig ]; } diff --git a/modules/nixos/services/manyfold/options.nix b/modules/nixos/services/manyfold/options.nix deleted file mode 100755 index 1492ed2..0000000 --- a/modules/nixos/services/manyfold/options.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.manyfold = { - enable = mkEnableOption "manyfold docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - httpPort = mkOption { - type = types.str; - default = "3214"; - }; - - name = mkOption { - type = types.str; - default = "manyfold"; - }; - - image = mkOption { - type = types.str; - default = "ghcr.io/manyfold3d/manyfold-solo"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/main/nix-app-data/manyfold"; - }; - - dataPath = mkOption { - type = types.str; - default = "/media/nas/main/3d_printer"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 8d307da..7b8d77f 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -5,148 +5,118 @@ ... }: let - inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; - cfg = config.${namespace}.services.matrix; + name = "matrix"; + cfg = config.${namespace}.services.${name}; - matrixConfig = { - services.matrix-synapse = { - enable = true; - dataDir = cfg.dataDir; - configureRedisLocally = true; - enableRegistrationScript = true; - settings = { - server_name = "mjallen.dev"; - public_baseurl = "https://matrix.mjallen.dev"; - serve_server_wellknown = true; + matrixConfig = lib.${namespace}.mkModule { + inherit config name; + description = "config"; + options = { }; + moduleConfig = { + services.matrix-synapse = { + enable = true; + dataDir = "${cfg.configDir}/matrix-synapse"; + configureRedisLocally = true; + enableRegistrationScript = true; + settings = { + server_name = "mjallen.dev"; + public_baseurl = "https://matrix.mjallen.dev"; + serve_server_wellknown = true; - listeners = [ - { - port = cfg.port; - tls = false; - x_forwarded = true; - bind_addresses = [ - "::1" - "0.0.0.0" - ]; - resources = [ - { - names = [ - "client" - "federation" - ]; - compress = false; - } - ]; - } - ]; + listeners = [ + { + port = cfg.port; + tls = false; + x_forwarded = true; + bind_addresses = [ + "::1" + cfg.listenAddress + ]; + resources = [ + { + names = [ + "client" + "federation" + ]; + compress = false; + } + ]; + } + ]; - oidc_providers = [ - { - idp_id = "authentik"; - idp_name = "authentik"; - discover = true; - issuer = "https://authentik.mjallen.dev/application/o/matrix/"; - client_id = "KiChwyQn2kMtXU6LU0x3dlCb0jO6VB6e9xsN9NPs"; # TO BE FILLED - client_secret = "6XRfNCUayZqnyaMv0QSEeFz98x2y8BkXnDyylmvAbg71YkQVtpEybP6jmPzncpJsx4k5evtziicgu8p9dOa2oADHL6Ao13643VMTsI4BSel1sbIICA2TH755BpB9J39A"; # TO BE FILLED - scopes = [ - "openid" - "profile" - "email" - ]; - user_mapping_provider = { - config = { - localpart_template = "{{ user.preferred_username }}"; - display_name_template = "{{ user.preferred_username|capitalize }}"; # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize. + oidc_providers = [ + { + idp_id = "authentik"; + idp_name = "authentik"; + discover = true; + issuer = "https://authentik.mjallen.dev/application/o/matrix/"; + client_id = "KiChwyQn2kMtXU6LU0x3dlCb0jO6VB6e9xsN9NPs"; # TO BE FILLED + client_secret = "6XRfNCUayZqnyaMv0QSEeFz98x2y8BkXnDyylmvAbg71YkQVtpEybP6jmPzncpJsx4k5evtziicgu8p9dOa2oADHL6Ao13643VMTsI4BSel1sbIICA2TH755BpB9J39A"; # TO BE FILLED + scopes = [ + "openid" + "profile" + "email" + ]; + user_mapping_provider = { + config = { + localpart_template = "{{ user.preferred_username }}"; + display_name_template = "{{ user.preferred_username|capitalize }}"; # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize. + }; }; + allow_existing_users = true; + } + ]; + + # Database configuration + database = { + name = "psycopg2"; + allow_unsafe_locale = true; + args = { + user = "synapse"; + database = "synapse"; + host = "localhost"; + cp_min = 5; + cp_max = 10; }; - allow_existing_users = true; - } - ]; - - # Database configuration - database = { - name = "psycopg2"; - allow_unsafe_locale = true; - args = { - user = "synapse"; - database = "synapse"; - host = "localhost"; - cp_min = 5; - cp_max = 10; }; + + # Registration settings + enable_registration = false; # Set to true initially to create admin user + enable_registration_without_verification = false; + # registration_shared_secret = "BogieDudie1"; + + # Media settings + max_upload_size = "50M"; + media_store_path = "${cfg.dataDir}/media"; + + # Logging + # log_config = "/var/lib/matrix-synapse/log_config.yaml"; + trusted_key_servers = [ + { + server_name = "matrix.org"; + } + ]; }; + }; - # Registration settings - enable_registration = false; # Set to true initially to create admin user - enable_registration_without_verification = false; - # registration_shared_secret = "BogieDudie1"; + users.users.matrix-synapse = { + isSystemUser = true; + group = "matrix-synapse"; + }; + users.groups.matrix-synapse = { }; - # Media settings - max_upload_size = "50M"; - media_store_path = "${cfg.dataDir}/media"; - - # Logging - # log_config = "/var/lib/matrix-synapse/log_config.yaml"; - trusted_key_servers = [ + services.postgresql = { + ensureDatabases = [ "synapse" ]; + ensureUsers = [ { - server_name = "matrix.org"; + name = "synapse"; + ensureDBOwnership = true; } ]; }; }; - - users.users.matrix-synapse = { - isSystemUser = true; - group = "matrix-synapse"; - }; - users.groups.matrix-synapse = { }; - - services.postgresql = { - enable = lib.mkDefault true; - #authentication = lib.mkOverride 10 '' - # # TYPE DATABASE USER ADDRESS METHOD - # local all all peer - # host all all 127.0.0.1/32 trust - # host all all ::1/128 trust - #''; - ensureDatabases = [ "synapse" ]; - ensureUsers = [ - { - name = "synapse"; - ensureDBOwnership = true; - } - ]; - }; }; - - # Create reverse proxy configuration using mkReverseProxy - reverseProxyConfig = lib.${namespace}.mkReverseProxy { - name = "matrix"; - subdomain = cfg.reverseProxy.subdomain; - url = "http://${cfg.localAddress}:${toString cfg.port}"; - middlewares = cfg.reverseProxy.middlewares; - }; - - fullConfig = { - ${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable { - reverseProxies = [ reverseProxyConfig ]; - }; - } - // matrixConfig; in -with lib; { - options.${namespace}.services.matrix = { - enable = mkEnableOption "matrix service"; - - port = mkOpt types.int 8008 "Port for matrix to be hosted on"; - - localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; - - dataDir = mkOpt types.str "" "Path to the data dir"; - - reverseProxy = mkReverseProxyOpt; - }; - - config = lib.mkIf cfg.enable fullConfig; + imports = [ matrixConfig ]; } diff --git a/modules/nixos/services/matrix/default.nix.conduit b/modules/nixos/services/matrix/default.nix.conduit deleted file mode 100644 index 7d37f11..0000000 --- a/modules/nixos/services/matrix/default.nix.conduit +++ /dev/null @@ -1,82 +0,0 @@ -{ config, lib, namespace, ... }: -let - inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; - cfg = config.${namespace}.services.matrix; - - matrixConfig = { - services = { - matrix-conduit = { - enable = true; - settings = { - global = { - server_name = "mjallen.dev"; - address = "0.0.0.0"; - port = cfg.port; - allow_registration = false; - well_known = { - client = "https://matrix.mjallen.dev"; - server = "matrix.mjallen.dev:443"; - }; - }; - }; - }; - }; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ cfg.port 8448 ]; - allowedUDPPorts = [ cfg.port 8448 ]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - services.resolved.enable = true; - }; - - bindMounts = { - "/var/lib" = { - hostPath = cfg.dataDir; - isReadOnly = false; - }; - }; - - # Create reverse proxy configuration using mkReverseProxy - reverseProxyConfig = lib.${namespace}.mkReverseProxy { - name = "matrix"; - subdomain = cfg.reverseProxy.subdomain; - url = "http://${cfg.localAddress}:${toString cfg.port}"; - middlewares = cfg.reverseProxy.middlewares; - }; - - matrixContainer = (lib.${namespace}.mkContainer { - name = "matrix-conduit"; - localAddress = cfg.localAddress; - port = cfg.port; - bindMounts = bindMounts; - config = matrixConfig; - }) { inherit lib; }; - - fullConfig = { - ${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable { - reverseProxies = [ reverseProxyConfig ]; - }; - } // matrixContainer; -in -with lib; -{ - options.${namespace}.services.matrix = { - enable = mkEnableOption "matrix service"; - - port = mkOpt types.int 8008 "Port for matrix to be hosted on"; - - localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; - - dataDir = mkOpt types.str "" "Path to the data dir"; - - reverseProxy = mkReverseProxyOpt; - }; - - config = lib.mkIf cfg.enable fullConfig; -} \ No newline at end of file diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix index 3e6d379..b678845 100644 --- a/modules/nixos/services/minecraft/default.nix +++ b/modules/nixos/services/minecraft/default.nix @@ -1,23 +1,36 @@ -{ config, ... }: -{ - services.minecraft-server = { - enable = false; - eula = true; - declarative = true; - openFirewall = true; - dataDir = "/media/nas/main/ssd_app_data/minecraft"; - serverProperties = { - enforce-whitelist = true; - white-list = true; - "enable-rcon" = true; - "rcon.password" = config.sops.secrets."jallen-nas/admin_password".path; +{ config, lib, namespace, ... }: +let + name = "minecraft"; + cfg = config.${namespace}.services.${name}; + + mincraftConfig = lib.${namespace}.mkModule { + inherit config name; + description = "minecraft server"; + options = { }; + moduleConfig = { + services.minecraft-server = { + enable = true; + eula = true; + declarative = true; + openFirewall = cfg.openFirewall; + dataDir = "/media/nas/main/ssd_app_data/minecraft"; # todo + serverProperties = { + enforce-whitelist = true; + white-list = true; + "enable-rcon" = true; + "rcon.password" = config.sops.secrets."jallen-nas/admin_password".path; + }; + whitelist = { + mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189"; + AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda"; + Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3"; + SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427"; + }; + jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"; + }; }; - whitelist = { - mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189"; - AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda"; - Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3"; - SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427"; - }; - jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"; }; +in +{ + imports = [ mincraftConfig ]; } diff --git a/modules/nixos/services/mongodb/default.nix b/modules/nixos/services/mongodb/default.nix index 79a85f6..370df54 100755 --- a/modules/nixos/services/mongodb/default.nix +++ b/modules/nixos/services/mongodb/default.nix @@ -6,26 +6,32 @@ }: with lib; let - cfg = config.${namespace}.services.mongodb; -in -{ - imports = [ ./options.nix ]; + name = "mongodb"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:27017" ]; - volumes = [ "${cfg.configPath}:/data/db" ]; - extraOptions = [ "--network-alias=mongo" ]; - # environmentFiles = cfg.environmentFiles; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - # MONGO_INITDB_ROOT_USERNAME = "";#cfg.databaseUser; - # MONGO_INITDB_ROOT_PASSWORD = "";#cfg.databasePassword; # get from env file + mongodbConfig = lib.${namespace}.mkModule { + inherit config name; + description = "mongodb"; + options = { }; + moduleConfig = { + virtualisation.oci-containers.containers."${cfg.name}" = { + autoStart = true; + image = "mongo"; + ports = [ "${cfg.port}:27017" ]; + volumes = [ "${cfg.configPath}/mongodb:/data/db" ]; + extraOptions = [ "--network-alias=mongo" ]; + # environmentFiles = cfg.environmentFiles; + environment = { + PUID = cfg.puid; + PGID = cfg.pgid; + TZ = cfg.timeZone; + # MONGO_INITDB_ROOT_USERNAME = "";#cfg.databaseUser; + # MONGO_INITDB_ROOT_PASSWORD = "";#cfg.databasePassword; # get from env file + }; }; }; }; +in +{ + imports = [ mongodbConfig ]; } diff --git a/modules/nixos/services/mongodb/options.nix b/modules/nixos/services/mongodb/options.nix deleted file mode 100755 index 0cb1878..0000000 --- a/modules/nixos/services/mongodb/options.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.mongodb = { - enable = mkEnableOption "mongodb docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "27017"; - }; - - name = mkOption { - type = types.str; - default = "mongo"; - }; - - image = mkOption { - type = types.str; - default = "mongo"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/main/mongodb"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - - environmentFiles = mkOption { - type = with types; listOf path; - default = [ ]; - }; - }; -} diff --git a/modules/nixos/services/netbootxyz/default.nix b/modules/nixos/services/netbootxyz/default.nix index 76d297b..19b5fa3 100644 --- a/modules/nixos/services/netbootxyz/default.nix +++ b/modules/nixos/services/netbootxyz/default.nix @@ -6,40 +6,49 @@ }: with lib; let - cfg = config.${namespace}.services.netbootxyz; -in -{ - imports = [ ./options.nix ]; + inherit (lib.${namespace}) mkOpt; + name = "netbootxyz"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - # Open firewall for netbootxyz if enabled - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ - cfg.webPort - cfg.assetPort - cfg.tftpPort - ]; - allowedUDPPorts = [ - cfg.webPort - cfg.assetPort - cfg.tftpPort - ]; + netbootxyzConfig = lib.${namespace}.mkModule { + inherit config name; + description = "netbootxyz"; + options = { + assetPort = mkOpt types.port 4001 "NGINX server for hosting assets."; + + tftpPort = mkOpt types.port 69 "HTTPS port for netbootxyz"; }; + moduleConfig = { + # Open firewall for netbootxyz if enabled + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ + cfg.assetPort + cfg.tftpPort + ]; + allowedUDPPorts = [ + cfg.assetPort + cfg.tftpPort + ]; + }; - virtualisation.oci-containers = { - containers.netbootxyz = { - autoStart = true; - image = "ghcr.io/netbootxyz/netbootxyz:latest"; - ports = [ - "${toString cfg.webPort}:3000" - "${toString cfg.assetPort}:80" - "${toString cfg.tftpPort}:69" - ]; - volumes = [ - "${cfg.dataDir}:/config" - "${cfg.assetDir}:/assets" - ]; + virtualisation.oci-containers = { + containers.netbootxyz = { + autoStart = true; + image = "ghcr.io/netbootxyz/netbootxyz:latest"; + ports = [ + "${toString cfg.port}:3000" + "${toString cfg.assetPort}:80" + "${toString cfg.tftpPort}:69" + ]; + volumes = [ + "${cfg.configDir}/netbootxyz:/config" + "${cfg.dataDir}/isos:/assets" + ]; + }; }; }; }; +in +{ + imports = [ netbootxyzConfig ]; } diff --git a/modules/nixos/services/netbootxyz/options.nix b/modules/nixos/services/netbootxyz/options.nix deleted file mode 100644 index c648eb4..0000000 --- a/modules/nixos/services/netbootxyz/options.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.netbootxyz = { - enable = mkEnableOption "netbootxyz network boot service"; - - webPort = mkOption { - type = types.port; - default = 4000; - description = "HTTP port for netbootxyz"; - }; - - assetPort = mkOption { - type = types.port; - default = 4001; - description = "NGINX server for hosting assets."; - }; - - tftpPort = mkOption { - type = types.port; - default = 69; - description = "HTTPS port for netbootxyz"; - }; - - openFirewall = mkOption { - type = types.bool; - default = true; - description = "Whether to open firewall for netbootxyz"; - }; - - dataDir = mkOption { - type = types.str; - default = "/media/nas/main/nix-app-data/netbootxyz"; - description = "Data directory for netbootxyz"; - }; - - assetDir = mkOption { - type = types.str; - default = "/media/nas/main/isos"; - description = "Asset directory for netbootxyz"; - }; - }; -} diff --git a/modules/nixos/services/nextcloud/container.nix b/modules/nixos/services/nextcloud/container.nix deleted file mode 100755 index a884f04..0000000 --- a/modules/nixos/services/nextcloud/container.nix +++ /dev/null @@ -1,293 +0,0 @@ -{ - config, - lib, - pkgs, - namespace, - ... -}: -with lib; -let - cfg = config.${namespace}.services.nextcloud; - - adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; - secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path; - jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; - nextcloudUserId = config.users.users.nix-apps.uid; - nextcloudGroupId = config.users.groups.jallen-nas.gid; - hostAddress = "10.0.1.3"; - localAddress = "10.0.2.18"; - nextcloudPortExtHttp = 9988; - nextcloudPortExtHttps = 9943; - onlyofficePortExt = 9943; - - nextcloudPhotos = pkgs.${namespace}.nextcloud-app-photos; - nextcloudPdfViewer = pkgs.${namespace}.nextcloud-app-pdfviewer; - nextcloudAssist = pkgs.${namespace}.nextcloud-app-assistant; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - containers.nextcloud = { - autoStart = false; - privateNetwork = true; - hostAddress = hostAddress; - localAddress = localAddress; - specialArgs = { - inherit namespace; - }; - - bindMounts = { - secrets = { - hostPath = "/run/secrets/jallen-nas/nextcloud"; - isReadOnly = true; - mountPoint = "/run/secrets/jallen-nas/nextcloud"; - }; - - secrets2 = { - hostPath = "/run/secrets/jallen-nas/onlyoffice-key"; - isReadOnly = true; - mountPoint = "/run/secrets/jallen-nas/onlyoffice-key"; - }; - - data = { - hostPath = "/media/nas/main/nextcloud"; - isReadOnly = false; - mountPoint = "/data"; - }; - - "/var/lib/nextcloud" = { - hostPath = "/media/nas/main/nix-app-data/nextcloud"; - isReadOnly = false; - mountPoint = "/var/lib/nextcloud"; - }; - - "/var/lib/onlyoffice" = { - hostPath = "/media/nas/main/nix-app-data/onlyoffice"; - isReadOnly = false; - mountPoint = "/var/lib/onlyoffice"; - }; - }; - - config = - { - pkgs, - lib, - ... - }: - { - nixpkgs.config.allowUnfree = true; - networking.extraHosts = '' - ${hostAddress} host.containers protonmail-bridge - ''; - - # services.nginx.virtualHosts."cloud.mjallen.dev".listen = [ - # { - # addr = "0.0.0.0"; - # port = 8080; - # } - # ]; - - services = { - nextcloud = { - enable = false; - package = pkgs.nextcloud32; - # datadir = "/data"; - database.createLocally = true; - hostName = "cloud.mjallen.dev"; - appstoreEnable = false; - caching.redis = true; - configureRedis = true; - enableImagemagick = true; - https = true; - secretFile = secretsFile; - - extraApps = { - inherit (pkgs.nextcloud31Packages.apps) - app_api - bookmarks - mail - calendar - contacts - integration_openai - integration_paperless - maps - oidc_login - onlyoffice - previewgenerator - recognize - richdocuments - user_oidc - ; - - inherit - nextcloudPhotos - nextcloudPdfViewer - nextcloudAssist - ; - }; - - config = { - adminuser = "mjallen"; - adminpassFile = adminpass; - dbhost = "localhost"; - dbtype = "sqlite"; - dbname = "nextcloud"; - dbuser = "nextcloud"; - }; - settings = { - loglevel = 3; - allow_local_remote_servers = true; - upgrade.disable-web = false; - datadirectory = "/data"; - trusted_domains = [ - "${hostAddress}:${toString nextcloudPortExtHttp}" - "${hostAddress}:${toString nextcloudPortExtHttps}" - "${localAddress}:80" - "${localAddress}:8080" - "${localAddress}:443" - "cloud.mjallen.dev" - ]; - opcache.interned_strings_buffer = 16; - trusted_proxies = [ hostAddress ]; - maintenance_window_start = 6; - default_phone_region = "US"; - enable_previews = true; - enabledPreviewProviders = [ - "OC\\Preview\\PNG" - "OC\\Preview\\JPEG" - "OC\\Preview\\GIF" - "OC\\Preview\\BMP" - "OC\\Preview\\XBitmap" - "OC\\Preview\\MP3" - "OC\\Preview\\TXT" - "OC\\Preview\\MarkDown" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\Krita" - "OC\\Preview\\HEIC" - "OC\\Preview\\Movie" - "OC\\Preview\\MSOffice2003" - "OC\\Preview\\MSOffice2007" - "OC\\Preview\\MSOfficeDoc" - ]; - installed = true; - user_oidc = { - auto_provision = false; - soft_auto_provision = false; - allow_multiple_user_backends = false; # auto redirect to authentik for login - }; - - social_login_auto_redirect = true; - }; - }; - }; - - services.onlyoffice = { - enable = true; - port = onlyofficePortExt; - hostname = "office.mjallen.dev"; - jwtSecretFile = jwtSecretFile; - }; - - # System packages - environment.systemPackages = with pkgs; [ - ffmpeg - # libtensorflow-bin - nextcloud32 - nodejs - onlyoffice-documentserver - sqlite - ]; - - # Create required users and groups - users.users.nextcloud = { - isSystemUser = true; - uid = lib.mkForce nextcloudUserId; - group = "nextcloud"; - }; - - users.users.onlyoffice = { - group = lib.mkForce "nextcloud"; - }; - - users.groups = { - nextcloud = { - gid = lib.mkForce nextcloudGroupId; - }; - downloads = { }; - }; - - # Create and set permissions for required directories - system.activationScripts.nextcloud-dirs = '' - mkdir -p /data - - chown -R nextcloud:nextcloud /data - - chown -R nextcloud:nextcloud /run/secrets/jallen-nas/nextcloud - chown -R nextcloud:nextcloud /run/secrets/jallen-nas/onlyoffice-key - - chmod -R 775 /data - - chmod -R 750 /run/secrets/jallen-nas/nextcloud - chmod -R 750 /run/secrets/jallen-nas/onlyoffice-key - ''; - - hardware = { - graphics = { - enable = true; - # setLdLibraryPath = true; - }; - }; - - programs = { - nix-ld.enable = true; - }; - - system.stateVersion = "23.11"; - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ - 8080 - 80 - 443 - onlyofficePortExt - ]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - services.resolved.enable = true; - - }; - }; - - networking = { - nat = { - forwardPorts = [ - { - destination = "${localAddress}:443"; - sourcePort = nextcloudPortExtHttps; - } - # { - # destination = "${localAddress}:80"; - # sourcePort = nextcloudPortExtHttp; - # } - { - destination = "${localAddress}:8080"; - sourcePort = nextcloudPortExtHttp; - } - { - destination = "${localAddress}:8000"; - sourcePort = 8000; - } - { - destination = "${localAddress}:${toString onlyofficePortExt}"; - sourcePort = onlyofficePortExt; - } - ]; - }; - }; - }; -} diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 75161f0..121281b 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -6,29 +6,35 @@ }: with lib; let - cfg = config.${namespace}.services.nextcloud; -in -{ - imports = [ ./options.nix ]; + name = "nextcloud"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ - "${cfg.port}:443" - ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.dataPath}:/data" - "/run/postgresql:/run/postgresql" - ]; - environmentFiles = [ ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; + nextcloudConfig = lib.${namespace}.mkModule { + inherit config name; + description = "nextcloud"; + options = { }; + moduleConfig = { + virtualisation.oci-containers.containers."${name}" = { + autoStart = true; + image = "lscr.io/linuxserver/nextcloud"; + ports = [ + "${toString cfg.port}:443" + ]; + volumes = [ + "${cfg.configDir}/nextcloud:/config" + "${cfg.dataDir}/nextcloud:/data" + "/run/postgresql:/run/postgresql" + ]; + environmentFiles = [ ]; + environment = { + PUID = cfg.puid; + PGID = cfg.pgid; + TZ = cfg.timeZone; + }; }; }; }; +in +{ + imports = [ nextcloudConfig ]; } diff --git a/modules/nixos/services/nextcloud/default.nix.bak b/modules/nixos/services/nextcloud/default.nix.bak deleted file mode 100644 index c16c900..0000000 --- a/modules/nixos/services/nextcloud/default.nix.bak +++ /dev/null @@ -1,167 +0,0 @@ -{ - config, - lib, - pkgs, - namespace, - ... -}: -with lib; -let - cfg = config.${namespace}.services.nextcloud; - - adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; - secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path; - jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; - nextcloudUserId = config.users.users.nix-apps.uid; - nextcloudGroupId = config.users.groups.jallen-nas.gid; - hostAddress = "10.0.1.3"; - nextcloudPortExtHttp = 9988; - nextcloudPortExtHttps = 9943; - onlyofficePortExt = 9943; - - nextcloudPhotos = pkgs.${namespace}.nextcloud-app-photos; - nextcloudPdfViewer = pkgs.${namespace}.nextcloud-app-pdfviewer; - nextcloudAssist = pkgs.${namespace}.nextcloud-app-assistant; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - services.nginx.virtualHosts."cloud.mjallen.dev".listen = [ { addr = "0.0.0.0"; port = nextcloudPortExtHttp; } ]; - - # Create required users and groups - users.users.nextcloud = { - isSystemUser = lib.mkForce true; - isNormalUser = lib.mkForce false; - group = "nextcloud"; - }; - - users.groups = { - nextcloud = { }; - downloads = { }; - }; - - services = { - - ocis = { - enable = false; - configDir = "/media/nas/main/nix-app-data/ocis"; - address = "0.0.0.0"; - port = 9988; - environment = { - OCIS_URL = "https://localhost:9200"; - }; - }; - - opencloud = { - enable = false; - url = "https://10.0.1.3:9988"; - address = "0.0.0.0"; - port = nextcloudPortExtHttp; - stateDir = "/media/nas/main/nix-app-data/opencloud"; - }; - - onlyoffice = { - enable = false; - port = onlyofficePortExt; - hostname = "office.mjallen.dev"; - jwtSecretFile = jwtSecretFile; - }; - - nextcloud = { - enable = true; - package = pkgs.nextcloud32; - home = "/media/nas/main/nix-app-data/nextcloud"; - database.createLocally = true; - hostName = "cloud.mjallen.dev"; - appstoreEnable = false; - caching.redis = true; - configureRedis = true; - enableImagemagick = true; - https = true; - secretFile = secretsFile; - - extraApps = { - inherit (pkgs.nextcloud32Packages.apps) - # app_api - # bookmarks - mail - calendar - contacts - integration_openai - integration_paperless - # maps - # oidc_login - onlyoffice - previewgenerator - # recognize - # richdocuments - user_oidc - ; - - # inherit - # nextcloudPhotos - # nextcloudPdfViewer - # nextcloudAssist - # ; - }; - - config = { - adminuser = "mjallen"; - adminpassFile = adminpass; - dbhost = "localhost"; - dbtype = "pgsql"; - dbname = "nextcloud"; - dbuser = "nextcloud"; - }; - settings = { - log_type = "syslog"; - syslog_tag = "nextcloud"; - logfile = ""; - loglevel = 3; - allow_local_remote_servers = true; - upgrade.disable-web = false; - datadirectory = "/media/nas/main/nextcloud"; - trusted_domains = [ - "${hostAddress}:${toString nextcloudPortExtHttp}" - "${hostAddress}:${toString nextcloudPortExtHttps}" - # "${localAddress}:80" - # "${localAddress}:8080" - # "${localAddress}:443" - "cloud.mjallen.dev" - ]; - opcache.interned_strings_buffer = 16; - trusted_proxies = [ hostAddress ]; - maintenance_window_start = 6; - default_phone_region = "US"; - enable_previews = true; - enabledPreviewProviders = [ - "OC\\Preview\\PNG" - "OC\\Preview\\JPEG" - "OC\\Preview\\GIF" - "OC\\Preview\\BMP" - "OC\\Preview\\XBitmap" - "OC\\Preview\\MP3" - "OC\\Preview\\TXT" - "OC\\Preview\\MarkDown" - "OC\\Preview\\OpenDocument" - "OC\\Preview\\Krita" - "OC\\Preview\\HEIC" - "OC\\Preview\\Movie" - "OC\\Preview\\MSOffice2003" - "OC\\Preview\\MSOffice2007" - "OC\\Preview\\MSOfficeDoc" - ]; - installed = false; - user_oidc = { - auto_provision = false; - soft_auto_provision = false; - allow_multiple_user_backends = false; # auto redirect to authentik for login - }; - - social_login_auto_redirect = true; - }; - }; - }; - }; -} diff --git a/modules/nixos/services/nextcloud/options.nix b/modules/nixos/services/nextcloud/options.nix deleted file mode 100644 index c619e17..0000000 --- a/modules/nixos/services/nextcloud/options.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ lib, namespace, ... }: -with lib; -let - inherit (lib.${namespace}) mkOpt mkBoolOpt; -in -{ - options.${namespace}.services.nextcloud = { - enable = mkEnableOption "enable nextcloud"; - - autoStart = mkBoolOpt true "autostart container"; - - port = mkOpt types.str "9988" "https port"; - - name = mkOpt types.str "nextcloud" "container name"; - - image = mkOpt types.str "lscr.io/linuxserver/nextcloud" ""; - - configPath = mkOpt types.str "/media/nas/main/nix-app-data/nextcloud/config" ""; - - dataPath = mkOpt types.str "/media/nas/main/nextcloud" ""; - - puid = mkOpt types.str "911" "puid"; - - pgid = mkOpt types.str "1000" "pgid"; - - timeZone = mkOpt types.str "America/Chicago" "container tz"; - }; -} diff --git a/modules/nixos/services/ntfy/default.nix b/modules/nixos/services/ntfy/default.nix index e3df875..c49cb36 100644 --- a/modules/nixos/services/ntfy/default.nix +++ b/modules/nixos/services/ntfy/default.nix @@ -6,77 +6,56 @@ }: let inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; - cfg = config.${namespace}.services.ntfy; + name = "ntfy"; + cfg = config.${namespace}.services.${name}; - ntfyConfig = { - services = { - ntfy-sh = { - enable = true; - # environmentFile = "/run/.env"; - settings = { - base-url = "https://${cfg.reverseProxy.subdomain}.mjallen.dev"; - enable-login = true; - listen-http = ":${toString cfg.port}"; - cache-file = "${cfg.dataDir}/cache.db"; - attachment-cache-dir = "/${cfg.dataDir}/attachments"; - behind-proxy = true; - auth-default-access = "deny-all"; - auth-file = "${cfg.dataDir}/user.db"; - auth-users = [ - "mjallen:$2a$10$g4TqI8UiKKVaKTmrwnXIw.wtajiLBM6oc3UCfJ//lPZFilJnBirn.:admin" - ]; + ntfyConfig = lib.${namespace}.mkModule { + inherit config name; + description = "ntfy"; + options = { }; + moduleConfig = { + services = { + ntfy-sh = { + enable = true; + # environmentFile = "/run/.env"; + settings = { + base-url = "https://${cfg.reverseProxy.subdomain}.mjallen.dev"; + enable-login = true; + listen-http = ":${toString cfg.port}"; + cache-file = "${cfg.dataDir}/ntfy/cache.db"; + attachment-cache-dir = "${cfg.dataDir}/ntfy/attachments"; + behind-proxy = true; + auth-default-access = "deny-all"; + auth-file = "${cfg.dataDir}/ntfy/user.db"; + auth-users = [ + "mjallen:$2a$10$g4TqI8UiKKVaKTmrwnXIw.wtajiLBM6oc3UCfJ//lPZFilJnBirn.:admin" + ]; + }; }; }; - }; - systemd.services = { - ntfy-sh = { - serviceConfig = { - WorkingDirectory = lib.mkForce cfg.dataDir; - StateDirectory = lib.mkForce cfg.dataDir; - StateDirectoryMode = lib.mkForce 700; - DynamicUser = lib.mkForce false; - ProtectSystem = lib.mkForce null; + systemd.services = { + ntfy-sh = { + serviceConfig = { + WorkingDirectory = lib.mkForce cfg.dataDir; + StateDirectory = lib.mkForce cfg.dataDir; + StateDirectoryMode = lib.mkForce 700; + DynamicUser = lib.mkForce false; + ProtectSystem = lib.mkForce null; + }; }; }; - }; - users.users.ntfy-sh = { - isSystemUser = true; - group = "ntfy-sh"; - home = cfg.dataDir; + users.users.ntfy-sh = { + isSystemUser = true; + group = "ntfy-sh"; + home = cfg.dataDir; + }; + users.groups.ntfy-sh = { }; }; - users.groups.ntfy-sh = { }; }; - - # Create reverse proxy configuration using mkReverseProxy - reverseProxyConfig = lib.${namespace}.mkReverseProxy { - name = "ntfy"; - subdomain = cfg.reverseProxy.subdomain; - url = "http://10.0.1.3:${toString cfg.port}"; - middlewares = cfg.reverseProxy.middlewares; - }; - - fullConfig = { - "${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable { - reverseProxies = [ reverseProxyConfig ]; - }; - } - // ntfyConfig; in with lib; { - options.${namespace}.services.ntfy = { - enable = mkEnableOption "ntfy service"; - - port = mkOpt types.int 8008 "Port for ntfy to be hosted on"; - - localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; - - dataDir = mkOpt types.str "" "Path to the data dir"; - - reverseProxy = mkReverseProxyOpt; - }; - - config = lib.mkIf cfg.enable fullConfig; + imports = [ ntfyConfig ]; } diff --git a/modules/nixos/services/ntfy/default.nix.container b/modules/nixos/services/ntfy/default.nix.container deleted file mode 100644 index 67b69fd..0000000 --- a/modules/nixos/services/ntfy/default.nix.container +++ /dev/null @@ -1,94 +0,0 @@ -{ - config, - lib, - namespace, - ... -}: -let - inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; - cfg = config.${namespace}.services.ntfy; - - ntfyEnvFile = config.sops.secrets."jallen-nas/ntfy/auth-users".path; - - ntfyConfig = { - services = { - ntfy-sh = { - enable = true; - # environmentFile = "/run/.env"; - settings = { - base-url = "https://${cfg.reverseProxy.subdomain}.mjallen.dev"; - enable-login = true; - listen-http = ":${toString cfg.port}"; - cache-file = "/var/lib/ntfy-sh/cache.db"; - attachment-cache-dir = "/var/lib/ntfy-sh/attachments"; - behind-proxy = true; - auth-default-access = "deny-all"; - auth-file = "/var/lib/ntfy-sh/user.db"; - auth-users = [ - "mjallen:$2a$10$g4TqI8UiKKVaKTmrwnXIw.wtajiLBM6oc3UCfJ//lPZFilJnBirn.:admin" - ]; - }; - }; - }; - # Create and set permissions for required directories - system.activationScripts.ntfy-dirs = '' - mkdir -p /var/lib/ntfy-sh - - chown -R ntfy-sh:ntfy-sh /var/lib/ntfy-sh - - chmod -R 775 /var/lib/ntfy-sh - ''; - }; - - bindMounts = { - "/var/lib/ntfy-sh" = { - hostPath = cfg.dataDir; - isReadOnly = false; - }; - "/run/.env" = { - hostPath = ntfyEnvFile; - isReadOnly = true; - }; - }; - - # Create reverse proxy configuration using mkReverseProxy - reverseProxyConfig = lib.${namespace}.mkReverseProxy { - name = "ntfy"; - subdomain = cfg.reverseProxy.subdomain; - url = "http://${cfg.localAddress}:${toString cfg.port}"; - middlewares = cfg.reverseProxy.middlewares; - }; - - ntfyContainer = - (lib.${namespace}.mkContainer { - name = "ntfy"; - localAddress = cfg.localAddress; - ports = [ cfg.port ]; - bindMounts = bindMounts; - config = ntfyConfig; - }) - { inherit lib; }; - - fullConfig = { - ${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable { - reverseProxies = [ reverseProxyConfig ]; - }; - } - // ntfyContainer; -in -with lib; -{ - options.${namespace}.services.ntfy = { - enable = mkEnableOption "ntfy service"; - - port = mkOpt types.int 8008 "Port for ntfy to be hosted on"; - - localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; - - dataDir = mkOpt types.str "" "Path to the data dir"; - - reverseProxy = mkReverseProxyOpt; - }; - - config = lib.mkIf cfg.enable fullConfig; -} diff --git a/systems/x86_64-linux/jallen-nas/apps.nix b/systems/x86_64-linux/jallen-nas/apps.nix index 368fdae..04f6b55 100755 --- a/systems/x86_64-linux/jallen-nas/apps.nix +++ b/systems/x86_64-linux/jallen-nas/apps.nix @@ -102,38 +102,28 @@ in enable = true; port = 6754; }; - manyfold = enabled; + manyfold = { + enable = true; + port = 3214; + }; matrix = { enable = true; port = 8448; - localAddress = "10.0.1.3"; - dataDir = "/media/nas/main/nix-app-data/matrix-synapse"; - reverseProxy = { - enable = true; - subdomain = "matrix"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - }; + reverseProxy.enable = true; }; + minecraft = disabled; + mongodb = disabled; netbootxyz = { enable = true; }; - nextcloud = enabled; + nextcloud = { + enable = true; + port = 9988; + }; ntfy = { enable = true; port = 2586; - localAddress = "10.0.1.3"; - dataDir = "/media/nas/main/nix-app-data/ntfy"; - reverseProxy = { - enable = true; - subdomain = "ntfy"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - }; + reverseProxy.enable = true; }; ocis = disabled; onlyoffice = disabled;