mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2026-03-18 22:43:29 -05:00
parent d9f17670e1
commit af840f242b
49 changed files with 1079 additions and 1307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
modules/nixos/services/authentik/default.nix
View File

@@ -4,7 +4,6 @@
namespace,
...
}:
with lib;
# NOTE: AUTHENTIK_TOKEN for the RAC outpost is stored in sops.
# Add jallen-nas/authentik-rac/token to secrets/nas-secrets.yaml and ensure
# jallen-nas/sops.nix declares the "authentik-rac.env" template before deploying.
@@ -15,37 +14,31 @@ let
authentikConfig = lib.${namespace}.mkModule {
inherit config name;
description = "authentik Service";
description = "authentik identity provider";
options = { };
moduleConfig = {
services = {
authentik = {
enable = true;
environmentFile = cfg.environmentFile;
settings = {
port = cfg.port;
};
};
services.authentik = {
enable = true;
environmentFile = cfg.environmentFile;
settings.port = cfg.port;
};
};
};
# RAC outpost: uses podman but has a legacy container name "authenticRac"
# (different from the option name "authentikRac"), so we use mkModule directly.
authentikRacConfig = lib.${namespace}.mkModule {
inherit config;
name = "authentikRac";
serviceName = "podman-authenticRac";
description = "authentik_rac Service";
description = "authentik RAC outpost";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers."authenticRac" = {
autoStart = true;
image = "ghcr.io/goauthentik/rac";
ports = [ "${toString cfgRac.port}:4822" ];
volumes = [
"${cfg.configDir}/authentik-rac:/media"
];
# AUTHENTIK_TOKEN is injected via the sops template "authentik-rac.env"
# defined in systems/x86_64-linux/jallen-nas/sops.nix
volumes = [ "${cfg.configDir}/authentik-rac:/media" ];
environmentFiles = [ config.sops.templates."authentik-rac.env".path ];
environment = {
AUTHENTIK_HOST = "https://${name}.mjallen.dev";

53
modules/nixos/services/booklore/default.nix
View File

@@ -4,40 +4,27 @@
namespace,
...
}:
with lib;
let
name = "booklore";
cfg = config.${namespace}.services.${name};
bookloreConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "booklore";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "booklore/booklore";
volumes = [
"${cfg.configDir}/booklore:/app/data"
"${cfg.configDir}/bookdrop:/bookdrop"
"${cfg.dataDir}/books:/books"
];
ports = [
"${toString cfg.port}:6060"
];
environment = {
DATABASE_URL = "jdbc:mariadb://10.0.1.3:3306/booklore";
DATABASE_USERNAME = "booklore";
DATABASE_PASSWORD = "Lucifer008!";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
cfg = config.${namespace}.services.booklore;
in
{
imports = [ bookloreConfig ];
imports = [
(lib.${namespace}.mkContainerService {
inherit config;
name = "booklore";
image = "booklore/booklore";
internalPort = 6060;
volumes = [
"${cfg.configDir}/booklore:/app/data"
"${cfg.configDir}/bookdrop:/bookdrop"
"${cfg.dataDir}/books:/books"
];
environment = {
DATABASE_URL = "jdbc:mariadb://10.0.1.3:3306/booklore";
DATABASE_USERNAME = "booklore";
# TODO: move DATABASE_PASSWORD to a sops secret
DATABASE_PASSWORD = "Lucifer008!";
};
})
];
}

52
modules/nixos/services/dispatcharr/default.nix
View File

@@ -4,41 +4,25 @@
namespace,
...
}:
with lib;
let
name = "dispatcharr";
cfg = config.${namespace}.services.${name};
dispatcharrConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "dispatcharr podman container";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "ghcr.io/dispatcharr/dispatcharr";
extraOptions = [ "--device=/dev/dri" ];
volumes = [
"${cfg.configDir}/dispatcharr:/data"
"${cfg.dataDir}/movies:/movies"
"${cfg.dataDir}/tv:/tv"
];
ports = [
"${toString cfg.port}:9191"
];
environment = {
# DISPATCHARR_LOG_LEVEL = "DEBUG";
DISPATCHARR_ENV = "aio";
# DJANGO_SECRET_KEY = "123456";
# PUID = cfg.puid;
# PGID = cfg.pgid;
# TZ = cfg.timeZone;
};
};
};
};
cfg = config.${namespace}.services.dispatcharr;
in
{
imports = [ dispatcharrConfig ];
imports = [
(lib.${namespace}.mkContainerService {
inherit config;
name = "dispatcharr";
image = "ghcr.io/dispatcharr/dispatcharr";
internalPort = 9191;
extraOptions = [ "--device=/dev/dri" ];
volumes = [
"${cfg.configDir}/dispatcharr:/data"
"${cfg.dataDir}/movies:/movies"
"${cfg.dataDir}/tv:/tv"
];
environment = {
DISPATCHARR_ENV = "aio";
};
})
];
}

36
modules/nixos/services/free-games-claimer/default.nix
View File

@@ -4,32 +4,18 @@
namespace,
...
}:
with lib;
let
name = "free-games-claimer";
cfg = config.${namespace}.services.${name};
fgcConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "free-games-claimer";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers."${name}" = {
autoStart = true;
image = "ghcr.io/vogler/free-games-claimer";
ports = [ "${toString cfg.port}:6080" ];
volumes = [ "${cfg.configDir}/free-games-claimer:/fgc/data" ];
environmentFiles = [ config.sops.templates."fgc.env".path ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
cfg = config.${namespace}.services."free-games-claimer";
in
{
imports = [ fgcConfig ];
imports = [
(lib.${namespace}.mkContainerService {
inherit config;
name = "free-games-claimer";
image = "ghcr.io/vogler/free-games-claimer";
internalPort = 6080;
volumes = [ "${cfg.configDir}/free-games-claimer:/fgc/data" ];
environmentFiles = [ config.sops.templates."fgc.env".path ];
})
];
}

43
modules/nixos/services/glance/default.nix
View File

@@ -19,27 +19,6 @@ let
};
};
moduleConfig = {
sops = {
secrets = {
"jallen-nas/glance/arr-username" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/glance/arr-password" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
};
templates = {
"glance.env" = {
mode = "660";
restartUnits = [ "glance.service" ];
content = ''
ARR_USER=${config.sops.placeholder."jallen-nas/glance/arr-username"}
ARR_PASS=${config.sops.placeholder."jallen-nas/glance/arr-password"}
'';
};
};
};
services.glance = {
enable = true;
openFirewall = true;
@@ -301,5 +280,25 @@ let
};
in
{
imports = [ glanceConfig ];
imports = [
glanceConfig
# Sops env-file for arr credentials (gated behind glance.enable)
{
config = lib.mkIf cfg.enable (
lib.${namespace}.mkSopsEnvFile {
name = "glance.env";
restartUnit = "glance.service";
secrets = {
"jallen-nas/glance/arr-username" = { };
"jallen-nas/glance/arr-password" = { };
};
content = ''
ARR_USER=${config.sops.placeholder."jallen-nas/glance/arr-username"}
ARR_PASS=${config.sops.placeholder."jallen-nas/glance/arr-password"}
'';
}
);
}
];
}

45
modules/nixos/services/lubelogger/default.nix
View File

@@ -1,40 +1,23 @@
{
config,
lib,
config,
namespace,
...
}:
with lib;
let
name = "lubelogger";
cfg = config.${namespace}.services.${name};
lubeloggerConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "lubelogger";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.lubelogger = {
autoStart = true;
image = "ghcr.io/hargata/lubelogger";
ports = [ "${toString cfg.port}:8080" ];
volumes = [
"${cfg.configDir}/lubelogger:/App/data"
"${cfg.configDir}/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
];
# environmentFiles = [
# "${cfg.configDir}/lubelogger/lubelogger.env"
# ];
environment = {
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
};
};
};
};
cfg = config.${namespace}.services.lubelogger;
in
{
imports = [ lubeloggerConfig ];
imports = [
(lib.${namespace}.mkContainerService {
inherit config;
name = "lubelogger";
image = "ghcr.io/hargata/lubelogger";
internalPort = 8080;
volumes = [
"${cfg.configDir}/lubelogger:/App/data"
"${cfg.configDir}/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
];
})
];
}

58
modules/nixos/services/manyfold/default.nix
View File

@@ -4,43 +4,29 @@
namespace,
...
}:
with lib;
let
name = "manyfold";
cfg = config.${namespace}.services.${name};
manyfoldConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "manyfold";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers."${name}" = {
autoStart = true;
image = "ghcr.io/manyfold3d/manyfold-solo";
ports = [ "${toString cfg.port}:3214" ];
extraOptions = [
"--cap-drop=ALL"
"--cap-add=CHOWN"
"--cap-add=DAC_OVERRIDE"
"--cap-add=SETUID"
"--cap-add=SETGID"
"--security-opt=no-new-privileges:true"
];
volumes = [
"${cfg.configDir}/manyfold:/config"
"${cfg.dataDir}/documents/3d-models:/libraries"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
environmentFiles = [ config.sops.secrets."jallen-nas/manyfold/secretkeybase".path ];
};
};
};
cfg = config.${namespace}.services.manyfold;
in
{
imports = [ manyfoldConfig ];
imports = [
(lib.${namespace}.mkContainerService {
inherit config;
name = "manyfold";
image = "ghcr.io/manyfold3d/manyfold-solo";
internalPort = 3214;
extraOptions = [
"--cap-drop=ALL"
"--cap-add=CHOWN"
"--cap-add=DAC_OVERRIDE"
"--cap-add=SETUID"
"--cap-add=SETGID"
"--security-opt=no-new-privileges:true"
];
volumes = [
"${cfg.configDir}/manyfold:/config"
"${cfg.dataDir}/documents/3d-models:/libraries"
];
environmentFiles = [ config.sops.secrets."jallen-nas/manyfold/secretkeybase".path ];
})
];
}

75
modules/nixos/services/netbootxyz/default.nix
View File

@@ -1,54 +1,39 @@
{
config,
lib,
config,
namespace,
...
}:
with lib;
let
inherit (lib.${namespace}) mkOpt;
name = "netbootxyz";
cfg = config.${namespace}.services.${name};
netbootxyzConfig = lib.${namespace}.mkModule {
inherit config name;
description = "netbootxyz";
options = {
assetPort = mkOpt types.port 4001 "NGINX server for hosting assets.";
tftpPort = mkOpt types.port 69 "HTTPS port for netbootxyz";
};
moduleConfig = {
# Open firewall for netbootxyz if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [
cfg.assetPort
cfg.tftpPort
];
allowedUDPPorts = [
cfg.assetPort
cfg.tftpPort
];
};
virtualisation.oci-containers = {
containers.netbootxyz = {
autoStart = true;
image = "ghcr.io/netbootxyz/netbootxyz:latest";
ports = [
"${toString cfg.port}:3000"
"${toString cfg.assetPort}:80"
"${toString cfg.tftpPort}:69"
];
volumes = [
"${cfg.configDir}/netbootxyz:/config"
"${cfg.dataDir}/isos:/assets"
];
};
};
};
};
inherit (lib.${namespace}) mkOpt mkContainerService;
cfg = config.${namespace}.services.netbootxyz;
in
{
imports = [ netbootxyzConfig ];
imports = [
(mkContainerService {
inherit config;
name = "netbootxyz";
image = "ghcr.io/netbootxyz/netbootxyz:latest";
internalPort = 3000;
options = {
assetPort = mkOpt lib.types.port 4001 "NGINX port for hosting assets";
tftpPort = mkOpt lib.types.port 69 "TFTP port";
};
volumes = [
"${cfg.configDir}/netbootxyz:/config"
"${cfg.dataDir}/isos:/assets"
];
extraConfig = {
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.assetPort cfg.tftpPort ];
allowedUDPPorts = [ cfg.assetPort cfg.tftpPort ];
};
virtualisation.oci-containers.containers.netbootxyz.ports = lib.mkForce [
"${toString cfg.port}:3000"
"${toString cfg.assetPort}:80"
"${toString cfg.tftpPort}:69"
];
};
})
];
}

46
modules/nixos/services/orca/default.nix
View File

@@ -4,37 +4,27 @@
namespace,
...
}:
with lib;
let
inherit (lib.${namespace}) mkOpt;
name = "orca-slicer";
cfg = config.${namespace}.services.${name};
orcaConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "orca slicer web ui";
options = {
httpsPort = mkOpt types.int 443 "HTTPS port";
};
moduleConfig = {
virtualisation.oci-containers.containers."${name}" = {
autoStart = true;
image = "linuxserver/orcaslicer";
ports = [
inherit (lib.${namespace}) mkOpt mkContainerService;
cfg = config.${namespace}.services."orca-slicer";
in
{
imports = [
(mkContainerService {
inherit config;
name = "orca-slicer";
image = "linuxserver/orcaslicer";
internalPort = 3000;
options = {
httpsPort = mkOpt lib.types.int 443 "HTTPS port";
};
extraConfig = {
virtualisation.oci-containers.containers."orca-slicer".ports = lib.mkForce [
"${toString cfg.port}:3000"
"${toString cfg.httpsPort}:3001"
];
volumes = [ "${cfg.configDir}/orca-slicer:/config" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
in
{
imports = [ orcaConfig ];
volumes = [ "${cfg.configDir}/orca-slicer:/config" ];
})
];
}

172
modules/nixos/services/sparky-fitness/default.nix
View File

@@ -4,118 +4,74 @@
namespace,
...
}:
with lib;
let
name = "sparky-fitness-server";
cfg = config.${namespace}.services.${name};
sparky-fitness-server = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "sparky-fitness-server";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "codewithcj/sparkyfitness_server";
ports = [ "${toString cfg.port}:3010" ];
volumes = [
"${cfg.configDir}/sparky-fitness/server/backup:/app/SparkyFitnessServer/backup"
"${cfg.configDir}/sparky-fitness/server/uploads:/app/SparkyFitnessServer/uploads"
];
# environmentFiles = [
# "${cfg.configDir}/lubelogger/lubelogger.env"
# ];
environment = {
SPARKY_FITNESS_LOG_LEVEL = "0";
ALLOW_PRIVATE_NETWORK_CORS = "false";
SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS = "";
SPARKY_FITNESS_DB_USER = "sparkyfitness";
SPARKY_FITNESS_DB_HOST = "10.0.1.3"; # Use the service name 'sparkyfitness-db' for inter-container communication
SPARKY_FITNESS_DB_NAME = "sparkyfitness";
SPARKY_FITNESS_DB_PASSWORD = "sparkyfitness";
SPARKY_FITNESS_APP_DB_USER = "sparkyfitness";
SPARKY_FITNESS_APP_DB_PASSWORD = "sparkyfitness";
SPARKY_FITNESS_DB_PORT = "${toString dbCfg.port}";
SPARKY_FITNESS_API_ENCRYPTION_KEY = "088ab2c6487ca1048c1fe74a4d8bd906e88db56953406769426b615d6df2407b";
# Uncomment the line below and comment the line above to use a file-based secret
# SPARKY_FITNESS_API_ENCRYPTION_KEY_FILE: /run/secrets/sparkyfitness_api_key
BETTER_AUTH_SECRET = "a0304bda5a9efd0d92595c8d46526e33d58f436408f6b70ea37c2b84308d9abe";
# Uncomment the line below and comment the line above to use a file-based secret
# BETTER_AUTH_SECRET_FILE: /run/secrets/sparkyfitness_better_auth_secret
SPARKY_FITNESS_FRONTEND_URL = "http://10.0.1.3:${toString frontendCfg.port}";
SPARKY_FITNESS_DISABLE_SIGNUP = "false";
SPARKY_FITNESS_ADMIN_EMAIL = "jalle008@proton.me"; #User with this email can access the admin panel
# SPARKY_FITNESS_EMAIL_HOST = "${SPARKY_FITNESS_EMAIL_HOST}";
# SPARKY_FITNESS_EMAIL_PORT = "${SPARKY_FITNESS_EMAIL_PORT}";
# SPARKY_FITNESS_EMAIL_SECURE = "${SPARKY_FITNESS_EMAIL_SECURE}";
# SPARKY_FITNESS_EMAIL_USER = "${SPARKY_FITNESS_EMAIL_USER}";
# SPARKY_FITNESS_EMAIL_PASS = "${SPARKY_FITNESS_EMAIL_PASS}";
# SPARKY_FITNESS_EMAIL_FROM = "${SPARKY_FITNESS_EMAIL_FROM}";
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
};
};
};
};
fontendName = "sparky-fitness";
frontendCfg = config.${namespace}.services.${fontendName};
sparky-fitness-frontend = lib.${namespace}.mkModule {
inherit config;
name = fontendName;
serviceName = "podman-${fontendName}";
description = "sparky-fitness";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${fontendName} = {
autoStart = true;
image = "codewithcj/sparkyfitness";
ports = [ "${toString frontendCfg.port}:80" ];
environment = {
SPARKY_FITNESS_FRONTEND_URL = "http://10.0.1.3:${toString frontendCfg.port}";
SPARKY_FITNESS_SERVER_HOST = "10.0.1.3";
SPARKY_FITNESS_SERVER_PORT = "${toString cfg.port}";
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
};
};
};
};
inherit (lib.${namespace}) mkContainerService;
serverName = "sparky-fitness-server";
frontendName = "sparky-fitness";
dbName = "sparky-fitness-db";
serverCfg = config.${namespace}.services.${serverName};
frontendCfg = config.${namespace}.services.${frontendName};
dbCfg = config.${namespace}.services.${dbName};
sparky-fitness-db = lib.${namespace}.mkModule {
inherit config;
name = dbName;
serviceName = "podman-${dbName}";
description = "sparky-fitness-db";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${dbName} = {
autoStart = true;
image = "postgres:15-alpine";
ports = [ "${toString dbCfg.port}:5432" ];
volumes = [
"${dbCfg.configDir}/sparky-fitness/db:/var/lib/postgresql/data"
];
environment = {
POSTGRES_DB = "sparkyfitness-db";
POSTGRES_USER = "sparkyfitness";
POSTGRES_PASSWORD = "sparkyfitness";
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
};
};
};
};
in
{
imports = [ sparky-fitness-server sparky-fitness-frontend sparky-fitness-db ];
imports = [
(mkContainerService {
inherit config;
name = serverName;
image = "codewithcj/sparkyfitness_server";
internalPort = 3010;
volumes = [
"${serverCfg.configDir}/sparky-fitness/server/backup:/app/SparkyFitnessServer/backup"
"${serverCfg.configDir}/sparky-fitness/server/uploads:/app/SparkyFitnessServer/uploads"
];
environment = {
SPARKY_FITNESS_LOG_LEVEL = "0";
ALLOW_PRIVATE_NETWORK_CORS = "false";
SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS = "";
SPARKY_FITNESS_DB_USER = "sparkyfitness";
SPARKY_FITNESS_DB_HOST = "10.0.1.3";
SPARKY_FITNESS_DB_NAME = "sparkyfitness";
# TODO: move DB password and secrets to sops
SPARKY_FITNESS_DB_PASSWORD = "sparkyfitness";
SPARKY_FITNESS_APP_DB_USER = "sparkyfitness";
SPARKY_FITNESS_APP_DB_PASSWORD = "sparkyfitness";
SPARKY_FITNESS_DB_PORT = "${toString dbCfg.port}";
SPARKY_FITNESS_API_ENCRYPTION_KEY = "088ab2c6487ca1048c1fe74a4d8bd906e88db56953406769426b615d6df2407b";
BETTER_AUTH_SECRET = "a0304bda5a9efd0d92595c8d46526e33d58f436408f6b70ea37c2b84308d9abe";
SPARKY_FITNESS_FRONTEND_URL = "http://10.0.1.3:${toString frontendCfg.port}";
SPARKY_FITNESS_DISABLE_SIGNUP = "false";
SPARKY_FITNESS_ADMIN_EMAIL = "jalle008@proton.me";
};
})
(mkContainerService {
inherit config;
name = frontendName;
image = "codewithcj/sparkyfitness";
internalPort = 80;
environment = {
SPARKY_FITNESS_FRONTEND_URL = "http://10.0.1.3:${toString frontendCfg.port}";
SPARKY_FITNESS_SERVER_HOST = "10.0.1.3";
SPARKY_FITNESS_SERVER_PORT = "${toString serverCfg.port}";
};
})
(mkContainerService {
inherit config;
name = dbName;
image = "postgres:15-alpine";
internalPort = 5432;
volumes = [
"${dbCfg.configDir}/sparky-fitness/db:/var/lib/postgresql/data"
];
environment = {
POSTGRES_DB = "sparkyfitness-db";
POSTGRES_USER = "sparkyfitness";
# TODO: move POSTGRES_PASSWORD to sops
POSTGRES_PASSWORD = "sparkyfitness";
};
})
];
}

83
modules/nixos/services/tdarr/default.nix
View File

@@ -4,52 +4,45 @@
namespace,
...
}:
with lib;
let
inherit (lib.${namespace}) mkOpt;
name = "tdarr";
cfg = config.${namespace}.services.${name};
tdarrConfig = lib.${namespace}.mkModule {
inherit config name;
description = "tdarr";
options = {
serverPort = mkOpt types.str "8266" "node port";
};
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "ghcr.io/haveagitgat/tdarr";
extraOptions = [ "--device=nvidia.com/gpu=0" ];
volumes = [
"${cfg.configDir}/tdarr/config:/app/configs"
"${cfg.configDir}/tdarr/server:/app/server"
"${cfg.configDir}/tdarr/logs:/app/logs"
"${cfg.configDir}/tdarr/transcode:/temp"
"${cfg.dataDir}/movies:/data/movies"
"${cfg.dataDir}/tv:/data/tv"
];
ports = [
"${cfg.serverPort}:8266"
"${cfg.port}:8265"
];
environment = {
serverPort = "8266";
webUIPort = "8265";
internalNode = "true";
inContainer = "true";
ffmpegVersion = "6";
nodeName = "tdarr node";
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
inherit (lib.${namespace}) mkOpt mkContainerService;
cfg = config.${namespace}.services.tdarr;
in
{
imports = [ tdarrConfig ];
imports = [
(mkContainerService {
inherit config;
name = "tdarr";
image = "ghcr.io/haveagitgat/tdarr";
internalPort = 8265;
options = {
serverPort = mkOpt lib.types.str "8266" "Tdarr node server port";
};
extraOptions = [ "--device=nvidia.com/gpu=0" ];
volumes = [
"${cfg.configDir}/tdarr/config:/app/configs"
"${cfg.configDir}/tdarr/server:/app/server"
"${cfg.configDir}/tdarr/logs:/app/logs"
"${cfg.configDir}/tdarr/transcode:/temp"
"${cfg.dataDir}/movies:/data/movies"
"${cfg.dataDir}/tv:/data/tv"
];
environment = {
serverPort = "8266";
webUIPort = "8265";
internalNode = "true";
inContainer = "true";
ffmpegVersion = "6";
nodeName = "tdarr node";
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
};
extraConfig = {
virtualisation.oci-containers.containers.tdarr.ports = lib.mkForce [
"${cfg.serverPort}:8266"
"${toString cfg.port}:8265"
];
};
})
];
}

90
modules/nixos/services/termix/default.nix
View File

@@ -4,66 +4,44 @@
namespace,
...
}:
with lib;
let
name = "termix";
cfg = config.${namespace}.services.${name};
termixConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "termix";
options = { };
moduleConfig = {
sops = {
secrets = {
"jallen-nas/termix/client-id" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/termix/client-secret" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
};
templates = {
"termix.env" = {
mode = "660";
owner = "nix-apps";
group = "jallen-nas";
restartUnits = [ "podman-termix.service" ];
content = ''
OIDC_CLIENT_ID=${config.sops.placeholder."jallen-nas/termix/client-id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."jallen-nas/termix/client-secret"}
'';
};
};
};
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "ghcr.io/lukegus/termix";
volumes = [
"${cfg.configDir}/termix:/app/data"
];
ports = [
"${toString cfg.port}:8080"
];
environment = {
OIDC_ISSUER_URL = "https://authentik.mjallen.dev/application/o/termix/";
OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
OIDC_FORCE_HTTPS = "true";
GUACD_HOST = "10.0.1.3";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
cfg = config.${namespace}.services.termix;
inherit (lib.${namespace}) mkSopsEnvFile mkContainerService;
in
{
imports = [
./guacd.nix
termixConfig
# Sops env-file for OIDC credentials
{
config = lib.mkIf cfg.enable (mkSopsEnvFile {
name = "termix.env";
restartUnit = "podman-termix.service";
secrets = {
"jallen-nas/termix/client-id" = { };
"jallen-nas/termix/client-secret" = { };
};
content = ''
OIDC_CLIENT_ID=${config.sops.placeholder."jallen-nas/termix/client-id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."jallen-nas/termix/client-secret"}
'';
});
}
(mkContainerService {
inherit config;
name = "termix";
image = "ghcr.io/lukegus/termix";
internalPort = 8080;
volumes = [ "${cfg.configDir}/termix:/app/data" ];
environmentFiles = [ config.sops.templates."termix.env".path ];
environment = {
OIDC_ISSUER_URL = "https://authentik.mjallen.dev/application/o/termix/";
OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
OIDC_FORCE_HTTPS = "true";
GUACD_HOST = "10.0.1.3";
};
})
];
}

35
modules/nixos/services/termix/guacd.nix
View File

@@ -4,32 +4,13 @@
namespace,
...
}:
with lib;
let
name = "guacd";
cfg = config.${namespace}.services.${name};
guacdConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "guacd";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "guacamole/guacd";
ports = [
"${toString cfg.port}:4822"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
in
{
imports = [ guacdConfig ];
imports = [
(lib.${namespace}.mkContainerService {
inherit config;
name = "guacd";
image = "guacamole/guacd";
internalPort = 4822;
})
];
}

50
modules/nixos/services/tunarr/default.nix
View File

@@ -4,40 +4,24 @@
namespace,
...
}:
with lib;
let
name = "tunarr";
cfg = config.${namespace}.services.${name};
tunarrConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "tunarr";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "ghcr.io/chrisbenincasa/tunarr";
extraOptions = [ "--device=/dev/dri" ];
volumes = [
"${cfg.configDir}/tunarr:/config/tunarr"
"${cfg.configDir}/tunarr:/root/.local/share/tunarr"
"${cfg.dataDir}/movies:/libraries/movies"
"${cfg.dataDir}/tv:/libraries/tv"
"${cfg.configDir}/transcode:/transcode"
];
ports = [
"${toString cfg.port}:8000"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
cfg = config.${namespace}.services.tunarr;
in
{
imports = [ tunarrConfig ];
imports = [
(lib.${namespace}.mkContainerService {
inherit config;
name = "tunarr";
image = "ghcr.io/chrisbenincasa/tunarr";
internalPort = 8000;
extraOptions = [ "--device=/dev/dri" ];
volumes = [
"${cfg.configDir}/tunarr:/config/tunarr"
"${cfg.configDir}/tunarr:/root/.local/share/tunarr"
"${cfg.dataDir}/movies:/libraries/movies"
"${cfg.dataDir}/tv:/libraries/tv"
"${cfg.configDir}/transcode:/transcode"
];
})
];
}

50
modules/nixos/services/unmanic/default.nix
View File

@@ -4,41 +4,23 @@
namespace,
...
}:
with lib;
let
name = "unmanic";
cfg = config.${namespace}.services.${name};
unmanicConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "unmanic";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "josh5/unmanic";
devices = [
"/dev/dri:/dev/dri"
];
volumes = [
"${cfg.configDir}/unmanic:/config"
"${cfg.dataDir}/movies:/library/movies"
"${cfg.dataDir}/tv:/library/tv"
"${cfg.configDir}/unmanic/transcode:/tmp/unmanic"
];
ports = [
"${toString cfg.port}:8888"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
cfg = config.${namespace}.services.unmanic;
in
{
imports = [ unmanicConfig ];
imports = [
(lib.${namespace}.mkContainerService {
inherit config;
name = "unmanic";
image = "josh5/unmanic";
internalPort = 8888;
devices = [ "/dev/dri:/dev/dri" ];
volumes = [
"${cfg.configDir}/unmanic:/config"
"${cfg.dataDir}/movies:/library/movies"
"${cfg.dataDir}/tv:/library/tv"
"${cfg.configDir}/unmanic/transcode:/tmp/unmanic"
];
})
];
}

77
modules/nixos/services/your-spotify/default.nix
View File

@@ -4,43 +4,54 @@
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.your_spotify;
inherit (lib.${namespace}) mkOpt mkModule;
name = "your-spotify";
cfg = config.${namespace}.services.${name};
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers."${cfg.name}-server" = {
autoStart = true;
image = cfg.imageServer;
volumes = [ "${cfg.configPath}:/root/.your-spotify" ];
ports = [ "${cfg.portServer}:8080" ];
dependsOn = [ "mongo" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
API_ENDPOINT = "https://your-spotify-server.mjallen.dev";
CLIENT_ENDPOINT = "https://your-spotify.mjallen.dev";
SPOTIFY_PUBLIC = "e270589d72a6494680a17d325af8670d";
SPOTIFY_SECRET = "423cb7b69fe8486e89eccd01e0c22924";
MONGO_ENDPOINT = "mongodb://10.0.1.3:27017";
imports = [
(mkModule {
inherit config name;
description = "Your Spotify self-hosted Spotify stats";
options = {
serverPort = mkOpt lib.types.int 7777 "Port for the API server container";
webPort = mkOpt lib.types.int 7778 "Port for the web client container";
imageServer = mkOpt lib.types.str "yooooomi/your_spotify_server" "Server OCI image";
imageWeb = mkOpt lib.types.str "yooooomi/your_spotify_client" "Web client OCI image";
};
};
moduleConfig = {
virtualisation.oci-containers.containers."${name}-server" = {
autoStart = true;
image = cfg.imageServer;
volumes = [ "${cfg.configDir}:/root/.your-spotify" ];
ports = [ "${toString cfg.serverPort}:8080" ];
dependsOn = [ "mongo" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
API_ENDPOINT = "https://your-spotify-server.mjallen.dev";
CLIENT_ENDPOINT = "https://your-spotify.mjallen.dev";
# TODO: move Spotify API keys to sops secrets
SPOTIFY_PUBLIC = "e270589d72a6494680a17d325af8670d";
SPOTIFY_SECRET = "423cb7b69fe8486e89eccd01e0c22924";
MONGO_ENDPOINT = "mongodb://10.0.1.3:27017";
};
};
virtualisation.oci-containers.containers."${cfg.name}-web" = {
autoStart = true;
image = cfg.imageWeb;
ports = [ "${cfg.portWeb}:3000" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
API_ENDPOINT = "https://your-spotify-server.mjallen.dev";
virtualisation.oci-containers.containers."${name}-web" = {
autoStart = true;
image = cfg.imageWeb;
ports = [ "${toString cfg.webPort}:3000" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
API_ENDPOINT = "https://your-spotify-server.mjallen.dev";
};
};
};
};
};
})
];
}

57
modules/nixos/services/your-spotify/options.nix
View File

@@ -1,57 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.your_spotify = {
enable = mkEnableOption "your_spotify docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
portServer = mkOption {
type = types.str;
default = "7777";
};
portWeb = mkOption {
type = types.str;
default = "7778";
};
name = mkOption {
type = types.str;
default = "your_spotify";
};
imageServer = mkOption {
type = types.str;
default = "yooooomi/your_spotify_server";
};
imageWeb = mkOption {
type = types.str;
default = "yooooomi/your_spotify_client";
};
configPath = mkOption {
type = types.str;
default = "/var/lib/your-spotify";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "100";
};
timeZone = mkOption {
type = types.str;
default = "UTC";
};
};
}