From 96ce0001c562f7c885303eeb19c344bb9d05d763 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Wed, 17 Dec 2025 12:52:42 -0600 Subject: [PATCH] mkModule various --- modules/nixos/services/glance/default.nix | 430 +++++++++--------- modules/nixos/services/glances/default.nix | 88 ++-- modules/nixos/services/glances/options.nix | 25 - modules/nixos/services/grafana/default.nix | 169 ++++--- modules/nixos/services/headscale/default.nix | 70 +-- modules/nixos/services/immich/default.nix | 47 +- modules/nixos/services/immich/options.nix | 7 - modules/nixos/services/jellyfin/default.nix | 30 +- modules/nixos/services/jellyfin/options.nix | 7 - modules/nixos/services/jellyseerr/default.nix | 60 ++- .../services/jellyseerr/default.nix.container | 83 ---- modules/nixos/services/jellyseerr/options.nix | 7 - modules/nixos/services/lubelogger/default.nix | 26 +- modules/nixos/services/lubelogger/options.nix | 19 - systems/x86_64-linux/jallen-nas/apps.nix | 25 +- systems/x86_64-linux/jallen-nas/default.nix | 5 +- 16 files changed, 462 insertions(+), 636 deletions(-) delete mode 100644 modules/nixos/services/glances/options.nix delete mode 100644 modules/nixos/services/immich/options.nix delete mode 100644 modules/nixos/services/jellyfin/options.nix delete mode 100755 modules/nixos/services/jellyseerr/default.nix.container delete mode 100644 modules/nixos/services/jellyseerr/options.nix delete mode 100644 modules/nixos/services/lubelogger/options.nix diff --git a/modules/nixos/services/glance/default.nix b/modules/nixos/services/glance/default.nix index c0e05da..1c12fae 100644 --- a/modules/nixos/services/glance/default.nix +++ b/modules/nixos/services/glance/default.nix @@ -5,227 +5,221 @@ ... }: let - inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; - cfg = config.${namespace}.services.glance; -in -with lib; -{ - options.${namespace}.services.glance = { - enable = mkEnableOption "glance service"; + name = "glance"; + cfg = config.${namespace}.services.${name}; - port = mkOpt types.int 80 "Port for glance to be hosted on"; - - localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; - - dataDir = mkOpt types.str "" "Path to the data dir"; - - reverseProxy = mkReverseProxyOpt; - }; - - config = lib.mkIf cfg.enable { - services.glance = { - enable = true; - openFirewall = true; - settings = { - server = { - host = "0.0.0.0"; - port = cfg.port; + glanceConfig = lib.${namespace}.mkModule { + inherit config name; + description = "glance"; + options = { }; + moduleConfig = { + services.glance = { + enable = true; + openFirewall = true; + settings = { + server = { + host = "0.0.0.0"; + port = cfg.port; + }; + pages = [ + { + name = "Startpage"; + width = "default"; + hide-desktop-navigation = true; + center-vertically = true; + columns = [ + { + size = "small"; + widgets = [ + { + type = "calendar"; + first-day-of-week = "sunday"; + } + { + type = "weather"; + units = "metric"; + hour-format = "12h"; + location = "Saint Paul, Minnesota, United States"; + } + { + type = "server-stats"; + servers = [ + { + type = "local"; + name = "Jallen-NAS"; + cpu-temp-sensor = "/sys/class/hwmon/hwmon2/temp2_input"; # TODO + mountpoints = { + "/home" = { + name = "Home"; + }; + "/media/nas/main" = { + name = "nas_pool"; + }; + }; + } + ]; + } + ]; + } + { + size = "full"; + widgets = [ + { + type = "search"; + autofocus = true; + search-engine = "duckduckgo"; + bangs = [ + { + title = "YouTube"; + shortcut = "!yt"; + url = "https://www.youtube.com/results?search_query={QUERY}"; + } + ]; + } + { + type = "monitor"; + cache = "1m"; + title = "Services"; + sites = [ + { + title = "Actual"; + url = "https://actual.mjallen.dev/"; + icon = "si:actualbudget"; + } + { + title = "Jellyfin"; + url = "https://jellyfin.mjallen.dev/"; + icon = "si:jellyfin"; + } + { + title = "Gitea"; + url = "https://gitea.mjallen.dev/"; + icon = "si:gitea"; + } + { + title = "Nextcloud"; + url = "https://cloud.mjallen.dev/"; + icon = "si:nextcloud"; + } + { + title = "Immich"; + url = "https://immich.mjallen.dev/"; + icon = "si:immich"; + } + { + title = "AdGuard Home"; + url = "http://10.0.1.2:3000/"; + icon = "si:adguard"; + allow-insecure = true; + } + { + title = "Home Assistant"; + url = "https://hass.mjallen.dev/"; + icon = "si:homeassistant"; + } + { + title = "Manyfold"; + url = "http://10.0.1.3:3214/collections"; + icon = "sh:Manyfold"; + allow-insecure = true; + } + { + title = "Sonarr"; + url = "http://10.0.1.3:8989/"; + icon = "si:sonarr"; + allow-insecure = true; + basic-auth = { + username = "mjallen"; + password = "BogieDudie1"; # todo + }; + } + { + title = "Radarr"; + url = "http://10.0.1.3:7878/"; + icon = "si:radarr"; + allow-insecure = true; + basic-auth = { + username = "mjallen"; + password = "BogieDudie1"; + }; + } + # { + # title = ""; + # url = ""; + # icon = "si:"; + # } + ]; + } + { + type = "bookmarks"; + groups = [ + { + title = "General"; + links = [ + { + title = "Gmail"; + url = "https://mail.google.com/mail/u/0/"; + } + { + title = "Proton Mail"; + url = "https://mail.proton.me/u/0/inbox"; + } + { + title = "MyNixOS"; + url = "https://www.mynixos.com/"; + } + { + title = "Github"; + url = "https://github.com/"; + } + ]; + } + { + title = "Entertainment"; + links = [ + { + title = "YouTube"; + url = "https://www.youtube.com/"; + } + { + title = "Prime Video"; + url = "https://www.primevideo.com/"; + } + { + title = "Disney+"; + url = "https://www.disneyplus.com/"; + } + ]; + } + { + title = "Social"; + links = [ + { + title = "Reddit"; + url = "https://www.reddit.com/"; + } + { + title = "Twitter"; + url = "https://twitter.com/"; + } + { + title = "Instagram"; + url = "https://www.instagram.com/"; + } + ]; + } + ]; + } + ]; + } + ]; + } + ]; }; - pages = [ - { - name = "Startpage"; - width = "default"; - hide-desktop-navigation = true; - center-vertically = true; - columns = [ - { - size = "small"; - widgets = [ - { - type = "calendar"; - first-day-of-week = "sunday"; - } - { - type = "weather"; - units = "metric"; - hour-format = "12h"; - location = "Saint Paul, Minnesota, United States"; - } - { - type = "server-stats"; - servers = [ - { - type = "local"; - name = "Jallen-NAS"; - cpu-temp-sensor = "/sys/class/hwmon/hwmon2/temp2_input"; - mountpoints = { - "/home" = { - name = "Home"; - }; - "/media/nas/main" = { - name = "nas_pool"; - }; - }; - } - ]; - } - ]; - } - { - size = "full"; - widgets = [ - { - type = "search"; - autofocus = true; - search-engine = "duckduckgo"; - bangs = [ - { - title = "YouTube"; - shortcut = "!yt"; - url = "https://www.youtube.com/results?search_query={QUERY}"; - } - ]; - } - { - type = "monitor"; - cache = "1m"; - title = "Services"; - sites = [ - { - title = "Actual"; - url = "https://actual.mjallen.dev/"; - icon = "si:actualbudget"; - } - { - title = "Jellyfin"; - url = "https://jellyfin.mjallen.dev/"; - icon = "si:jellyfin"; - } - { - title = "Gitea"; - url = "https://gitea.mjallen.dev/"; - icon = "si:gitea"; - } - { - title = "Nextcloud"; - url = "https://cloud.mjallen.dev/"; - icon = "si:nextcloud"; - } - { - title = "Immich"; - url = "https://immich.mjallen.dev/"; - icon = "si:immich"; - } - { - title = "AdGuard Home"; - url = "http://10.0.1.2:3000/"; - icon = "si:adguard"; - allow-insecure = true; - } - { - title = "Home Assistant"; - url = "https://hass.mjallen.dev/"; - icon = "si:homeassistant"; - } - { - title = "Manyfold"; - url = "http://10.0.1.3:3214/collections"; - icon = "sh:Manyfold"; - allow-insecure = true; - } - { - title = "Sonarr"; - url = "http://10.0.1.3:8989/"; - icon = "si:sonarr"; - allow-insecure = true; - basic-auth = { - username = "mjallen"; - password = "BogieDudie1"; - }; - } - { - title = "Radarr"; - url = "http://10.0.1.3:7878/"; - icon = "si:radarr"; - allow-insecure = true; - basic-auth = { - username = "mjallen"; - password = "BogieDudie1"; - }; - } - # { - # title = ""; - # url = ""; - # icon = "si:"; - # } - ]; - } - { - type = "bookmarks"; - groups = [ - { - title = "General"; - links = [ - { - title = "Gmail"; - url = "https://mail.google.com/mail/u/0/"; - } - { - title = "Proton Mail"; - url = "https://mail.proton.me/u/0/inbox"; - } - { - title = "MyNixOS"; - url = "https://www.mynixos.com/"; - } - { - title = "Github"; - url = "https://github.com/"; - } - ]; - } - { - title = "Entertainment"; - links = [ - { - title = "YouTube"; - url = "https://www.youtube.com/"; - } - { - title = "Prime Video"; - url = "https://www.primevideo.com/"; - } - { - title = "Disney+"; - url = "https://www.disneyplus.com/"; - } - ]; - } - { - title = "Social"; - links = [ - { - title = "Reddit"; - url = "https://www.reddit.com/"; - } - { - title = "Twitter"; - url = "https://twitter.com/"; - } - { - title = "Instagram"; - url = "https://www.instagram.com/"; - } - ]; - } - ]; - } - ]; - } - ]; - } - ]; }; }; }; +in +{ + imports = [ glanceConfig ]; } diff --git a/modules/nixos/services/glances/default.nix b/modules/nixos/services/glances/default.nix index 307e57e..0b4eb27 100644 --- a/modules/nixos/services/glances/default.nix +++ b/modules/nixos/services/glances/default.nix @@ -7,57 +7,57 @@ }: with lib; let - cfg = config.${namespace}.services.glances; -in -{ - imports = [ ./options.nix ]; + name = "glances"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - # Open firewall for glances if enabled - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.port ]; - allowedUDPPorts = [ cfg.port ]; - }; - - # Install glances package - environment.systemPackages = with pkgs; [ - glances - ]; - - # Configure systemd service for glances - systemd.services.glances-server = { - description = "Glances system monitoring web server"; - enable = true; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - path = with pkgs; [ - bash + glancesConfig = lib.${namespace}.mkModule { + inherit config name; + description = "Glances system monitoring web server"; + options = { }; + moduleConfig = { + # Install glances package + environment.systemPackages = with pkgs; [ glances ]; - script = '' - glances -w --bind ${cfg.bindAddress} --port ${toString cfg.port} - ''; + # Configure systemd service for glances + systemd.services.glances-server = { + description = "Glances system monitoring web server"; + enable = true; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; - serviceConfig = { - Type = "simple"; - User = "glances"; - Group = "glances"; - Restart = "always"; - RestartSec = "5"; - StandardOutput = "journal"; - StandardError = "journal"; + path = with pkgs; [ + bash + glances + ]; + + script = '' + glances -w --bind ${cfg.listenAddress} --port ${toString cfg.port} + ''; + + serviceConfig = { + Type = "simple"; + User = "glances"; + Group = "glances"; + Restart = "always"; + RestartSec = "5"; + StandardOutput = "journal"; + StandardError = "journal"; + }; }; - }; - # Create glances user and group - users.users.glances = { - isSystemUser = true; - group = "glances"; - description = "Glances monitoring user"; - }; + # Create glances user and group + users.users.glances = { + isSystemUser = true; + group = "glances"; + description = "Glances monitoring user"; + }; - users.groups.glances = { }; + users.groups.glances = { }; + }; }; +in +{ + imports = [ glancesConfig ]; } diff --git a/modules/nixos/services/glances/options.nix b/modules/nixos/services/glances/options.nix deleted file mode 100644 index 4517cc7..0000000 --- a/modules/nixos/services/glances/options.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.glances = { - enable = mkEnableOption "glances system monitoring service"; - - port = mkOption { - type = types.port; - default = 61208; - description = "Port for glances web interface"; - }; - - openFirewall = mkOption { - type = types.bool; - default = true; - description = "Whether to open firewall for glances"; - }; - - bindAddress = mkOption { - type = types.str; - default = "0.0.0.0"; - description = "Address to bind glances web server to"; - }; - }; -} diff --git a/modules/nixos/services/grafana/default.nix b/modules/nixos/services/grafana/default.nix index ea5a110..d6f1d20 100755 --- a/modules/nixos/services/grafana/default.nix +++ b/modules/nixos/services/grafana/default.nix @@ -6,98 +6,97 @@ }: with lib; let - # inherit (lib.${namespace}) mkModule mkOpt mkBoolOpt enableForSystem; - cfg = config.${namespace}.services.grafana; - upsUser = "nas-admin"; -in -{ - options.${namespace}.services.grafana = { - enable = mkEnableOption "enable grafana"; - }; + name = "grafana"; + cfg = config.${namespace}.services.${name}; - config = lib.mkIf cfg.enable { - services = { - prometheus = { - enable = true; - exporters = { - node = { - enable = true; - enabledCollectors = [ - "filesystem" - "diskstats" - "meminfo" - "cpu" - "systemd" # Ensures systemd collector is enabled - "processes" - ]; - extraFlags = [ - "--collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run)($|/)" - ]; - }; - libvirt = { - enable = false; - openFirewall = true; - }; - nut = { - enable = true; - openFirewall = true; - passwordPath = config.sops.secrets."jallen-nas/ups_password".path; - nutUser = upsUser; - }; - # restic = { - # enable = true; - # openFirewall = true; - # resticPort = 8008; - # }; - }; - scrapeConfigs = [ - { - job_name = "node"; - static_configs = [ - { - targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; - } - ]; - } - { - job_name = "traefik"; - static_configs = [ - { - targets = [ "localhost:8082" ]; - } - ]; - } - ]; - }; - - grafana = { - enable = true; - settings = { - server = { - http_port = 9999; - http_addr = "0.0.0.0"; - }; - }; - - dataDir = "/media/nas/main/nix-app-data/grafana"; - - provision = { + grafanaConfig = lib.${namespace}.mkModule { + inherit config name; + description = "grafana"; + options = { }; + moduleConfig = { + services = { + prometheus = { enable = true; - datasources.settings.datasources = [ + exporters = { + node = { + enable = true; + enabledCollectors = [ + "filesystem" + "diskstats" + "meminfo" + "cpu" + "systemd" # Ensures systemd collector is enabled + "processes" + ]; + extraFlags = [ + "--collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run)($|/)" + ]; + }; + libvirt = { + enable = false; + openFirewall = true; + }; + nut = { + enable = true; + openFirewall = true; + passwordPath = config.sops.secrets."jallen-nas/ups_password".path; + nutUser = upsUser; + }; + # restic = { + # enable = true; + # openFirewall = true; + # resticPort = 8008; + # }; + }; + scrapeConfigs = [ { - name = "Prometheus"; - type = "prometheus"; - access = "proxy"; - url = "http://localhost:${toString config.services.prometheus.port}"; + job_name = "node"; + static_configs = [ + { + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + } + ]; + } + { + job_name = "traefik"; + static_configs = [ + { + targets = [ "localhost:8082" ]; + } + ]; } ]; }; + + grafana = { + enable = true; + settings = { + server = { + http_port = cfg.port; + http_addr = "0.0.0.0"; + }; + }; + + dataDir = "/media/nas/main/nix-app-data/grafana"; + + provision = { + enable = true; + datasources.settings.datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + access = "proxy"; + url = "http://localhost:${toString config.services.prometheus.port}"; + } + ]; + }; + }; }; }; - # Open firewall ports for Grafana - networking.firewall = { - allowedTCPPorts = [ 9999 ]; - allowedUDPPorts = [ 9999 ]; - }; }; + + upsUser = "nas-admin"; +in +{ + imports = [ grafanaConfig ]; } diff --git a/modules/nixos/services/headscale/default.nix b/modules/nixos/services/headscale/default.nix index b8df9d4..8a27465 100644 --- a/modules/nixos/services/headscale/default.nix +++ b/modules/nixos/services/headscale/default.nix @@ -6,57 +6,35 @@ }: with lib; let - inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; - cfg = config.${namespace}.services.headscale; + name = "headscale"; + cfg = config.${namespace}.services.${name}; - headscaleConfig = { - services.headscale = { - enable = true; - address = "0.0.0.0"; - port = cfg.port; - settings = { - server_url = "https://headscale.mjallen.dev:443"; - database.sqlite.path = "${cfg.dataDir}/db.sqlite"; - dns = { - nameservers.global = [ - "1.1.1.1" - "8.8.8.8" - ]; - base_domain = "tailnet.mjallen.dev"; - magic_dns = true; + headscaleConfig = lib.${namespace}.mkModule { + inherit config name; + description = "headscale"; + options = { }; + moduleConfig = { + services.headscale = { + enable = true; + address = cfg.listenAddress; + port = cfg.port; + settings = { + server_url = "https://headscale.mjallen.dev:443"; + database.sqlite.path = "${cfg.configDir}/headscale/db.sqlite"; + dns = { + nameservers.global = [ + "1.1.1.1" + "8.8.8.8" + ]; + base_domain = "tailnet.mjallen.dev"; + magic_dns = true; + }; }; + # oidc }; - # oidc }; }; - - # Create reverse proxy configuration using mkReverseProxy - reverseProxyConfig = lib.${namespace}.mkReverseProxy { - name = "headscale"; - subdomain = cfg.reverseProxy.subdomain; - url = "http://${cfg.localAddress}:${toString cfg.port}"; - middlewares = cfg.reverseProxy.middlewares; - }; - - fullConfig = { - "${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable { - reverseProxies = [ reverseProxyConfig ]; - }; - } - // headscaleConfig; in { - options.${namespace}.services.headscale = { - enable = mkEnableOption "headscale service"; - - port = mkOpt types.int 8080 "Port for headscale to be hosted on"; - - localAddress = mkOpt types.str "127.0.0.1" "local address of the service"; - - dataDir = mkOpt types.str "" "Path to the data dir"; - - reverseProxy = mkReverseProxyOpt; - }; - - config = mkIf cfg.enable fullConfig; + imports = [ headscaleConfig ]; } diff --git a/modules/nixos/services/immich/default.nix b/modules/nixos/services/immich/default.nix index f76a8c1..982adaf 100755 --- a/modules/nixos/services/immich/default.nix +++ b/modules/nixos/services/immich/default.nix @@ -6,33 +6,36 @@ }: with lib; let - cfg = config.${namespace}.services.immich; - - immichPort = 2283; - dataDir = "/media/nas/main/photos"; + name = "immich"; + cfg = config.${namespace}.services.${name}; dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path; -in -{ - imports = [ ./options.nix ]; - config = mkIf cfg.enable { + immichConfig = lib.${namespace}.mkModule { + inherit config name; + description = "immich"; + options = { }; + moduleConfig = { # Enable immich service - services.immich = { - enable = true; - port = immichPort; - openFirewall = true; - secretsFile = dbPassword; - mediaLocation = dataDir; - - environment = { - IMMICH_HOST = lib.mkForce "0.0.0.0"; - IMMICH_TRUSTED_PROXIES = "10.0.1.3"; - TZ = "America/Chicago"; - }; - - machine-learning = { + services.immich = { enable = true; + port = cfg.port; + openFirewall = true; + secretsFile = dbPassword; + mediaLocation = "${cfg.dataDir}/photos"; + + environment = { + IMMICH_HOST = lib.mkForce cfg.listenAddress; + IMMICH_TRUSTED_PROXIES = "10.0.1.3"; + TZ = "America/Chicago"; + }; + + machine-learning = { + enable = true; + }; }; }; }; +in +{ + imports = [ immichConfig ]; } diff --git a/modules/nixos/services/immich/options.nix b/modules/nixos/services/immich/options.nix deleted file mode 100644 index e54acae..0000000 --- a/modules/nixos/services/immich/options.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.immich = { - enable = mkEnableOption "enable immich"; - }; -} diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index d5daf76..74ed670 100755 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -6,19 +6,25 @@ }: with lib; let - cfg = config.${namespace}.services.jellyfin; -in -{ - imports = [ ./options.nix ]; + name = "jellyfin"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - services.jellyfin = { - enable = true; - openFirewall = true; - user = "nix-apps"; - group = "jallen-nas"; - dataDir = "/media/nas/main/nix-app-data/jellyfin"; - # cacheDir = "/cache"; + jellyfinConfig = lib.${namespace}.mkModule { + inherit config name; + description = "jellyfin"; + options = { }; + moduleConfig = { + services.jellyfin = { + enable = true; + openFirewall = cfg.openFirewall; + user = "nix-apps"; + group = "jallen-nas"; + dataDir = "${cfg.configDir}/jellyfin"; + # cacheDir = "/cache"; + }; }; }; +in +{ + imports = [ jellyfinConfig ]; } diff --git a/modules/nixos/services/jellyfin/options.nix b/modules/nixos/services/jellyfin/options.nix deleted file mode 100644 index 1f4353a..0000000 --- a/modules/nixos/services/jellyfin/options.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.jellyfin = { - enable = mkEnableOption "enable jellyfin"; - }; -} diff --git a/modules/nixos/services/jellyseerr/default.nix b/modules/nixos/services/jellyseerr/default.nix index 828e66b..3541af1 100644 --- a/modules/nixos/services/jellyseerr/default.nix +++ b/modules/nixos/services/jellyseerr/default.nix @@ -6,44 +6,36 @@ }: with lib; let - inherit (lib.${namespace}) mkOpt; - cfg = config.${namespace}.services.jellyseerr; -in -{ - options.${namespace}.services.jellyseerr = { - enable = mkEnableOption "enable jellyseerr"; + name = "jellyseerr"; + cfg = config.${namespace}.services.${name}; - port = mkOpt types.int 5055 "jellyseerr port"; + jellyseerrConfig = lib.${namespace}.mkModule { + inherit config name; + description = "jellyseerr"; + options = { }; + moduleConfig = { + # Enable jellyseerr service + services.jellyseerr = { + enable = true; + port = cfg.port; + openFirewall = cfg.openFirewall; + configDir = "${cfg.configDir}/jellyseerr"; + }; - dataDir = mkOpt types.str "" "data dir"; - }; - - config = mkIf cfg.enable { - # Enable jellyseerr service - services.jellyseerr = { - enable = true; - port = cfg.port; - openFirewall = true; - configDir = cfg.dataDir; - }; - - systemd.services = { - jellyseerr = { - serviceConfig = { - WorkingDirectory = lib.mkForce cfg.dataDir; - StateDirectory = lib.mkForce cfg.dataDir; - StateDirectoryMode = lib.mkForce 700; - DynamicUser = lib.mkForce false; - ProtectSystem = lib.mkForce null; + systemd.services = { + jellyseerr = { + serviceConfig = { + WorkingDirectory = lib.mkForce "${cfg.configDir}/jellyseerr"; + StateDirectory = lib.mkForce "${cfg.configDir}/jellyseerr"; + StateDirectoryMode = lib.mkForce 700; + DynamicUser = lib.mkForce false; + ProtectSystem = lib.mkForce null; + }; }; }; }; - - users.users.jellyseerr = { - isSystemUser = true; - group = "jellyseerr"; - home = cfg.dataDir; - }; - users.groups.jellyseerr = { }; }; +in +{ + imports = [ jellyseerrConfig ]; } diff --git a/modules/nixos/services/jellyseerr/default.nix.container b/modules/nixos/services/jellyseerr/default.nix.container deleted file mode 100755 index 067ec06..0000000 --- a/modules/nixos/services/jellyseerr/default.nix.container +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - lib, - namespace, - ... -}: -with lib; -let - cfg = config.${namespace}.services.jellyseerr; - - jellyseerrPort = 5055; - dataDir = "/var/lib/private/jellyseerr"; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - containers.jellyseerr = { - autoStart = true; - privateNetwork = true; - hostAddress = "10.0.1.3"; - localAddress = "10.0.1.52"; - hostAddress6 = "fc00::1"; - localAddress6 = "fc00::4"; - - bindMounts = { - ${dataDir} = { - hostPath = "/media/nas/main/nix-app-data/jellyseerr"; - isReadOnly = false; - }; - }; - - config = - { - lib, - ... - }: - { - # Enable jellyseerr service - services.jellyseerr = { - enable = true; - port = jellyseerrPort; - # package = package; - openFirewall = true; - }; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ jellyseerrPort ]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - - # Create and set permissions for required directories - system.activationScripts.jellyseerr-dirs = '' - mkdir -p /var/lib/private/jellyseerr - - chown -R jellyseerr:jellyseerr /var/lib/private/jellyseerr - - chmod -R 775 /var/lib/private/jellyseerr - - ln -sf /var/lib/private/jellyseerr /var/lib/jellyfin - - ''; - - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; - }; - - networking.nat = { - forwardPorts = [ - { - destination = "10.0.1.52:5055"; - sourcePort = jellyseerrPort; - } - ]; - }; - }; -} diff --git a/modules/nixos/services/jellyseerr/options.nix b/modules/nixos/services/jellyseerr/options.nix deleted file mode 100644 index f5ebe74..0000000 --- a/modules/nixos/services/jellyseerr/options.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.jellyseerr = { - enable = mkEnableOption "enable jellyseerr"; - }; -} diff --git a/modules/nixos/services/lubelogger/default.nix b/modules/nixos/services/lubelogger/default.nix index 2e17e8a..9b12b8d 100644 --- a/modules/nixos/services/lubelogger/default.nix +++ b/modules/nixos/services/lubelogger/default.nix @@ -6,22 +6,24 @@ }: with lib; let - cfg = config.${namespace}.services.lubelogger; -in -{ - imports = [ ./options.nix ]; + name = "lubelogger"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { + lubeloggerConfig = lib.${namespace}.mkModule { + inherit config name; + description = "lubelogger"; + options = { }; + moduleConfig = { virtualisation.oci-containers.containers.lubelogger = { autoStart = true; image = "ghcr.io/hargata/lubelogger"; ports = [ "${toString cfg.port}:8080" ]; volumes = [ - "/media/nas/main/nix-app-data/lubelogger:/App/data" - "/media/nas/main/nix-app-data/lubelogger/keys:/root/.aspnet/DataProtection-Keys" + "${cfg.configDir}/lubelogger:/App/data" + "${cfg.configDir}/lubelogger/keys:/root/.aspnet/DataProtection-Keys" ]; environmentFiles = [ - "/media/nas/main/nix-app-data/lubelogger/lubelogger.env" + "${cfg.configDir}/lubelogger/lubelogger.env" ]; environment = { PUID = toString config.users.users.nix-apps.uid; @@ -29,11 +31,9 @@ in TZ = "America/Chicago"; }; }; - - # Open firewall for lubelogger if enabled - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.port ]; - allowedUDPPorts = [ cfg.port ]; }; }; +in +{ + imports = [ lubeloggerConfig ]; } diff --git a/modules/nixos/services/lubelogger/options.nix b/modules/nixos/services/lubelogger/options.nix deleted file mode 100644 index 9fff7c3..0000000 --- a/modules/nixos/services/lubelogger/options.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.lubelogger = { - enable = mkEnableOption "enable lubelogger"; - - port = mkOption { - type = types.port; - default = 6754; - description = "Port for lubelogger web interface"; - }; - - openFirewall = mkOption { - type = types.bool; - default = true; - description = "Whether to open firewall for lubelogger"; - }; - }; -} diff --git a/systems/x86_64-linux/jallen-nas/apps.nix b/systems/x86_64-linux/jallen-nas/apps.nix index da01a2a..368fdae 100755 --- a/systems/x86_64-linux/jallen-nas/apps.nix +++ b/systems/x86_64-linux/jallen-nas/apps.nix @@ -81,28 +81,27 @@ in glances = { enable = true; port = 61208; - bindAddress = "0.0.0.0"; + createUser = true; }; headscale = { enable = false; port = 2112; - dataDir = "/media/nas/main/nix-app-data/headscale"; - reverseProxy = { - enable = true; - subdomain = "headscale"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - }; + reverseProxy.enable = true; + }; + immich = { + enable = true; + port = 2283; }; - immich = enabled; jellyfin = enabled; jellyseerr = { enable = true; - dataDir = "/media/nas/main/nix-app-data/jellyseerr"; + port = 5055; + createUser = true; + }; + lubelogger = { + enable = true; + port = 6754; }; - lubelogger = enabled; manyfold = enabled; matrix = { enable = true; diff --git a/systems/x86_64-linux/jallen-nas/default.nix b/systems/x86_64-linux/jallen-nas/default.nix index d802a0a..40297ef 100755 --- a/systems/x86_64-linux/jallen-nas/default.nix +++ b/systems/x86_64-linux/jallen-nas/default.nix @@ -227,7 +227,10 @@ in # ################################################### services = { - grafana = enabled; + grafana = { + enable = true; + port = 9999; + }; }; # ###################################################