mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2026-03-18 22:43:29 -05:00
parent d9f17670e1
commit af840f242b
49 changed files with 1079 additions and 1307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
modules/nixos/services/termix/default.nix
View File

@@ -4,66 +4,44 @@
namespace,
...
}:
with lib;
let
name = "termix";
cfg = config.${namespace}.services.${name};
termixConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "termix";
options = { };
moduleConfig = {
sops = {
secrets = {
"jallen-nas/termix/client-id" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/termix/client-secret" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
};
templates = {
"termix.env" = {
mode = "660";
owner = "nix-apps";
group = "jallen-nas";
restartUnits = [ "podman-termix.service" ];
content = ''
OIDC_CLIENT_ID=${config.sops.placeholder."jallen-nas/termix/client-id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."jallen-nas/termix/client-secret"}
'';
};
};
};
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "ghcr.io/lukegus/termix";
volumes = [
"${cfg.configDir}/termix:/app/data"
];
ports = [
"${toString cfg.port}:8080"
];
environment = {
OIDC_ISSUER_URL = "https://authentik.mjallen.dev/application/o/termix/";
OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
OIDC_FORCE_HTTPS = "true";
GUACD_HOST = "10.0.1.3";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
cfg = config.${namespace}.services.termix;
inherit (lib.${namespace}) mkSopsEnvFile mkContainerService;
in
{
imports = [
./guacd.nix
termixConfig
# Sops env-file for OIDC credentials
{
config = lib.mkIf cfg.enable (mkSopsEnvFile {
name = "termix.env";
restartUnit = "podman-termix.service";
secrets = {
"jallen-nas/termix/client-id" = { };
"jallen-nas/termix/client-secret" = { };
};
content = ''
OIDC_CLIENT_ID=${config.sops.placeholder."jallen-nas/termix/client-id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."jallen-nas/termix/client-secret"}
'';
});
}
(mkContainerService {
inherit config;
name = "termix";
image = "ghcr.io/lukegus/termix";
internalPort = 8080;
volumes = [ "${cfg.configDir}/termix:/app/data" ];
environmentFiles = [ config.sops.templates."termix.env".path ];
environment = {
OIDC_ISSUER_URL = "https://authentik.mjallen.dev/application/o/termix/";
OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
OIDC_FORCE_HTTPS = "true";
GUACD_HOST = "10.0.1.3";
};
})
];
}

35
modules/nixos/services/termix/guacd.nix
View File

@@ -4,32 +4,13 @@
namespace,
...
}:
with lib;
let
name = "guacd";
cfg = config.${namespace}.services.${name};
guacdConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "guacd";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "guacamole/guacd";
ports = [
"${toString cfg.port}:4822"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
in
{
imports = [ guacdConfig ];
imports = [
(lib.${namespace}.mkContainerService {
inherit config;
name = "guacd";
image = "guacamole/guacd";
internalPort = 4822;
})
];
}