cleanup

2026-03-18 22:43:29 -05:00
parent d9f17670e1
commit af840f242b
49 changed files with 1079 additions and 1307 deletions
--- a/modules/nixos/services/termix/default.nix
+++ b/modules/nixos/services/termix/default.nix
@@ -4,66 +4,44 @@
  namespace,
  ...
 }:
-with lib;
 let
-  name = "termix";
-  cfg = config.${namespace}.services.${name};
-
-  termixConfig = lib.${namespace}.mkModule {
-    inherit config name;
-    serviceName = "podman-${name}";
-    description = "termix";
-    options = { };
-    moduleConfig = {
-      sops = {
-        secrets = {
-          "jallen-nas/termix/client-id" = {
-            sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
-          };
-          "jallen-nas/termix/client-secret" = {
-            sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
-          };
-        };
-        templates = {
-          "termix.env" = {
-            mode = "660";
-            owner = "nix-apps";
-            group = "jallen-nas";
-            restartUnits = [ "podman-termix.service" ];
-            content = ''
-            OIDC_CLIENT_ID=${config.sops.placeholder."jallen-nas/termix/client-id"}
-            OIDC_CLIENT_SECRET=${config.sops.placeholder."jallen-nas/termix/client-secret"}
-            '';
-          };
-        };
-      };
-
-      virtualisation.oci-containers.containers.${name} = {
-        autoStart = true;
-        image = "ghcr.io/lukegus/termix";
-        volumes = [
-          "${cfg.configDir}/termix:/app/data"
-        ];
-        ports = [
-          "${toString cfg.port}:8080"
-        ];
-        environment = {
-          OIDC_ISSUER_URL = "https://authentik.mjallen.dev/application/o/termix/";
-          OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
-          OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
-          OIDC_FORCE_HTTPS = "true";
-          GUACD_HOST = "10.0.1.3";
-          PUID = cfg.puid;
-          PGID = cfg.pgid;
-          TZ = cfg.timeZone;
-        };
-      };
-    };
-  };
+  cfg = config.${namespace}.services.termix;
+  inherit (lib.${namespace}) mkSopsEnvFile mkContainerService;
 in
 {
  imports = [
    ./guacd.nix
-    termixConfig
+
+    # Sops env-file for OIDC credentials
+    {
+      config = lib.mkIf cfg.enable (mkSopsEnvFile {
+        name = "termix.env";
+        restartUnit = "podman-termix.service";
+        secrets = {
+          "jallen-nas/termix/client-id" = { };
+          "jallen-nas/termix/client-secret" = { };
+        };
+        content = ''
+          OIDC_CLIENT_ID=${config.sops.placeholder."jallen-nas/termix/client-id"}
+          OIDC_CLIENT_SECRET=${config.sops.placeholder."jallen-nas/termix/client-secret"}
+        '';
+      });
+    }
+
+    (mkContainerService {
+      inherit config;
+      name = "termix";
+      image = "ghcr.io/lukegus/termix";
+      internalPort = 8080;
+      volumes = [ "${cfg.configDir}/termix:/app/data" ];
+      environmentFiles = [ config.sops.templates."termix.env".path ];
+      environment = {
+        OIDC_ISSUER_URL = "https://authentik.mjallen.dev/application/o/termix/";
+        OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
+        OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
+        OIDC_FORCE_HTTPS = "true";
+        GUACD_HOST = "10.0.1.3";
+      };
+    })
  ];
 }