mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mkModule various + fixes

Browse Source
This commit is contained in:
mjallen18
2025-12-18 16:47:12 -06:00
parent 63bd725d64
commit e0b1e72431
10 changed files with 185 additions and 297 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/nixos/services/code-server/default.nix
View File

@@ -18,13 +18,17 @@ let
services.code-server = { services.code-server = {
enable = true; enable = true;
port = cfg.port; port = cfg.port;
user = "nix-apps"; user = "admin";
group = "jallen-nas"; group = "jallen-nas";
host = cfg.listenAddress; host = cfg.listenAddress;
auth = "none"; # "password" auth = "none"; # "password"
disableTelemetry = true; disableTelemetry = true;
disableUpdateCheck = true; disableUpdateCheck = true;
extraEnvironment = cfg.extraEnvironment; extraEnvironment = cfg.extraEnvironment;
extraGroups = [
"admin"
"wheel"
];
} }
// optionalAttrs (cfg.hashedPassword != null) { // optionalAttrs (cfg.hashedPassword != null) {
hashedPassword = cfg.hashedPassword; hashedPassword = cfg.hashedPassword;

2
modules/nixos/services/matrix/default.nix
View File

@@ -87,7 +87,7 @@ let
# Media settings # Media settings
max_upload_size = "50M"; max_upload_size = "50M";
media_store_path = "${cfg.dataDir}/media"; media_store_path = "${cfg.configDir}/matrix-synapse/media";
# Logging # Logging
# log_config = "/var/lib/matrix-synapse/log_config.yaml"; # log_config = "/var/lib/matrix-synapse/log_config.yaml";

4
modules/nixos/services/ntfy/default.nix
View File

@@ -22,11 +22,11 @@ let
base-url = "https://${cfg.reverseProxy.subdomain}.mjallen.dev"; base-url = "https://${cfg.reverseProxy.subdomain}.mjallen.dev";
enable-login = true; enable-login = true;
listen-http = ":${toString cfg.port}"; listen-http = ":${toString cfg.port}";
cache-file = "${cfg.dataDir}/ntfy/cache.db"; cache-file = "${cfg.configDir}/ntfy/cache.db";
attachment-cache-dir = "${cfg.dataDir}/ntfy/attachments"; attachment-cache-dir = "${cfg.dataDir}/ntfy/attachments";
behind-proxy = true; behind-proxy = true;
auth-default-access = "deny-all"; auth-default-access = "deny-all";
auth-file = "${cfg.dataDir}/ntfy/user.db"; auth-file = "${cfg.configDir}/ntfy/user.db";
auth-users = [ auth-users = [
"mjallen:$2a$10$g4TqI8UiKKVaKTmrwnXIw.wtajiLBM6oc3UCfJ//lPZFilJnBirn.:admin" "mjallen:$2a$10$g4TqI8UiKKVaKTmrwnXIw.wtajiLBM6oc3UCfJ//lPZFilJnBirn.:admin"
]; ];

186
modules/nixos/services/opencloud/default.nix
View File

@@ -6,127 +6,97 @@
}: }:
with lib; with lib;
let let
inherit (lib.${namespace}) mkOpt mkReverseProxyOpt; name = "opencloud";
cfg = config.${namespace}.services.opencloud; cfg = config.${namespace}.services.${name};
opencloudConfig = { opencloudConfig = lib.${namespace}.mkModule {
sops.templates = { inherit config name;
"opencloud.env" = { description = "opencloud";
content = '' options = { };
OC_JWT_SECRET=${config.sops.placeholder."jallen-nas/onlyoffice-key"} moduleConfig = {
OC_TRANSFER_SECRET=${config.sops.placeholder."jallen-nas/onlyoffice-key"} sops.templates = {
OC_MACHINE_AUTH_API_KEY=${config.sops.placeholder."jallen-nas/onlyoffice-key"} "opencloud.env" = {
''; content = ''
OC_JWT_SECRET=${config.sops.placeholder."jallen-nas/onlyoffice-key"}
OC_TRANSFER_SECRET=${config.sops.placeholder."jallen-nas/onlyoffice-key"}
OC_MACHINE_AUTH_API_KEY=${config.sops.placeholder."jallen-nas/onlyoffice-key"}
'';
};
}; };
}; virtualisation.oci-containers.containers.opencloud = {
virtualisation.oci-containers.containers.opencloud = { autoStart = true;
autoStart = true; image = "opencloudeu/opencloud-rolling";
image = "opencloudeu/opencloud-rolling"; ports = [
ports = [ "${toString cfg.port}:9200"
"${toString cfg.port}:9200" ];
]; volumes = [
volumes = [ "${cfg.dataDir}/opencloud:/var/lib/opencloud"
"${cfg.dataPath}:/var/lib/opencloud" "${cfg.configDir}/opencloud:/etc/opencloud"
"${cfg.configPath}:/etc/opencloud" ];
]; environmentFiles = [ config.sops.templates."opencloud.env".path ];
environmentFiles = [ config.sops.templates."opencloud.env".path ]; environment = {
environment = { OC_ADD_RUN_SERVICES = "collaboration,app-provider";
OC_ADD_RUN_SERVICES = "collaboration,app-provider"; OC_REVA_GATEWAY = "eu.opencloud.api.gateway";
OC_REVA_GATEWAY = "eu.opencloud.api.gateway"; APP_PROVIDER_WOPI_APP_NAME = "Collabora";
APP_PROVIDER_WOPI_APP_NAME = "Collabora"; APP_PROVIDER_ENABLE = "true";
APP_PROVIDER_ENABLE = "true"; APP_PROVIDER_SERVICE_NAME = "app-provider-collabora";
APP_PROVIDER_SERVICE_NAME = "app-provider-collabora"; COLLABORATION_APP_NAME = "Collabora";
COLLABORATION_APP_NAME = "Collabora"; COLLABORATION_APP_PRODUCT = "Collabora";
COLLABORATION_APP_PRODUCT = "Collabora"; COLLABORATION_WOPI_DISCOVERY_URL = "https://office.mjallen.dev/hosting/discovery";
COLLABORATION_WOPI_DISCOVERY_URL = "https://office.mjallen.dev/hosting/discovery"; COLLABORATION_WOPI_SRC = "https://office.mjallen.dev";
COLLABORATION_WOPI_SRC = "https://office.mjallen.dev"; OC_COLLABORATION_WOPI_URL = "https://office.mjallen.dev";
OC_COLLABORATION_WOPI_URL = "https://office.mjallen.dev"; COLLABORATION_APP_ADDR = "https://office.mjallen.dev";
COLLABORATION_APP_ADDR = "https://office.mjallen.dev"; COLLABORATION_APP_INSECURE = "false";
COLLABORATION_APP_INSECURE = "false"; COLLABORATION_APP_PROOF_DISABLE = "true";
COLLABORATION_APP_PROOF_DISABLE = "true"; COLLABORATION_WOPI_SHORTTOKENS = "false";
COLLABORATION_WOPI_SHORTTOKENS = "false"; # COLLABORATION_GRPC_ADDR = "${cfg.listenAddress}:9301";
# COLLABORATION_GRPC_ADDR = "0.0.0.0:9301"; # COLLABORATION_HTTP_ADDR = "${cfg.listenAddress}:9200";
# COLLABORATION_HTTP_ADDR = "0.0.0.0:9200"; MICRO_REGISTRY = "nats-js-kv";
MICRO_REGISTRY = "nats-js-kv"; MICRO_REGISTRY_ADDRESS = "127.0.0.1:9233";
MICRO_REGISTRY_ADDRESS = "127.0.0.1:9233"; OC_SYSTEM_USER_ID = cfg.puid;
OC_SYSTEM_USER_ID = cfg.puid;
OC_LOG_LEVEL = "info"; OC_LOG_LEVEL = "info";
APP_PROVIDER_PROVIDERS = "collabora"; APP_PROVIDER_PROVIDERS = "collabora";
APP_PROVIDER_COLLABORA_NAME = "Collabora"; APP_PROVIDER_COLLABORA_NAME = "Collabora";
APP_PROVIDER_COLLABORA_PRODUCT = "Collabora Online"; APP_PROVIDER_COLLABORA_PRODUCT = "Collabora Online";
APP_PROVIDER_COLLABORA_ADDR = "https://office.mjallen.dev"; APP_PROVIDER_COLLABORA_ADDR = "https://office.mjallen.dev";
APP_PROVIDER_COLLABORA_ICON = "https://office.mjallen.dev/favicon.ico"; APP_PROVIDER_COLLABORA_ICON = "https://office.mjallen.dev/favicon.ico";
APP_PROVIDER_COLLABORA_MIME_TYPES = '' APP_PROVIDER_COLLABORA_MIME_TYPES = ''
application/vnd.openxmlformats-officedocument.wordprocessingml.document application/vnd.openxmlformats-officedocument.wordprocessingml.document
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
application/vnd.openxmlformats-officedocument.presentationml.presentation application/vnd.openxmlformats-officedocument.presentationml.presentation
application/msword application/msword
application/vnd.ms-excel application/vnd.ms-excel
application/vnd.ms-powerpoint application/vnd.ms-powerpoint
text/plain text/plain
''; '';
NATS_NATS_HOST = "0.0.0.0"; NATS_NATS_HOST = cfg.listenAddress;
GATEWAY_GRPC_ADDR = "0.0.0.0:9142"; GATEWAY_GRPC_ADDR = "${cfg.listenAddress}:9142";
OC_DB_TYPE = "postgres"; OC_DB_TYPE = "postgres";
OC_DB_HOST = "10.0.1.3"; OC_DB_HOST = "10.0.1.3";
OC_DB_PORT = "5432"; OC_DB_PORT = "5432";
OC_DB_USER = "opencloud"; OC_DB_USER = "opencloud";
OC_DB_NAME = "opencloud"; OC_DB_NAME = "opencloud";
OC_INSECURE = "true"; OC_INSECURE = "true";
PROXY_TLS = "false"; PROXY_TLS = "false";
PROXY_HTTP_ADDR = "0.0.0.0:9200"; PROXY_HTTP_ADDR = "${cfg.listenAddress}:9200";
OC_URL = "https://cloud.mjallen.dev"; OC_URL = "https://cloud.mjallen.dev";
OC_PUBLIC_URL = "https://cloud.mjallen.dev"; OC_PUBLIC_URL = "https://cloud.mjallen.dev";
PUID = cfg.puid; PUID = cfg.puid;
PGID = cfg.pgid; PGID = cfg.pgid;
TZ = cfg.timeZone; TZ = cfg.timeZone;
};
}; };
}; };
}; };
# Create reverse proxy configuration using mkReverseProxy
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
name = "cloud";
subdomain = cfg.reverseProxy.subdomain;
url = "http://${cfg.localAddress}:${toString cfg.port}";
middlewares = cfg.reverseProxy.middlewares;
};
fullConfig = {
"${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable {
reverseProxies = [ reverseProxyConfig ];
};
}
// opencloudConfig;
in in
{ {
options.${namespace}.services.opencloud = { imports = [ opencloudConfig ];
enable = mkEnableOption "opencloud service";
port = mkOpt types.int 9200 "Port for opencloud to be hosted on";
localAddress = mkOpt types.str "127.0.0.1" "local address of the service";
dataPath = mkOpt types.str "/media/nas/main/opencloud" "Path to the data dir";
configPath = mkOpt types.str "/media/nas/main/nix-app-data/opencloud" "Path to the data dir";
puid = mkOpt types.str "911" "puid";
pgid = mkOpt types.str "1000" "pgid";
timeZone = mkOpt types.str "America/Chicago" "container tz";
reverseProxy = mkReverseProxyOpt;
};
config = mkIf cfg.enable fullConfig;
} }

43
modules/nixos/services/orca/default.nix
View File

@@ -6,25 +6,34 @@
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.orca-slicer; inherit (lib.${namespace}) mkOpt;
in name = "orca-slicer";
{ cfg = config.${namespace}.services.${name};
imports = [ ./options.nix ];
config = mkIf cfg.enable { orcaConfig = lib.${namespace}.mkModule {
virtualisation.oci-containers.containers."${cfg.name}" = { inherit config name;
autoStart = cfg.autoStart; description = "orca slicer web ui";
image = cfg.image; options = {
ports = [ httpsPort = mkOpt types.int 443 "HTTPS port";
"${cfg.httpPort}:3000" };
"${cfg.httpsPort}:3001" moduleConfig = {
]; virtualisation.oci-containers.containers."${name}" = {
volumes = [ "${cfg.configPath}:/config" ]; autoStart = true;
environment = { image = "linuxserver/orcaslicer";
PUID = cfg.puid; ports = [
PGID = cfg.pgid; "${toString cfg.port}:3000"
TZ = cfg.timeZone; "${toString cfg.httpsPort}:3001"
];
volumes = [ "${cfg.configDir}/orca-slicer:/config" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
}; };
}; };
}; };
in
{
imports = [ orcaConfig ];
} }

57
modules/nixos/services/orca/options.nix
View File

@@ -1,57 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.orca-slicer = {
enable = mkEnableOption "orca slicer docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
httpPort = mkOption {
type = types.str;
default = "3000";
};
httpsPort = mkOption {
type = types.str;
default = "3001";
};
name = mkOption {
type = types.str;
default = "orca-slicer";
};
image = mkOption {
type = types.str;
default = "linuxserver/orcaslicer";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/main/ssd_app_data/orca-slicer";
};
dataPath = mkOption {
type = types.str;
default = "/media/nas/main/3d_printer";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

142
modules/nixos/services/paperless/default.nix
View File

@@ -1,110 +1,62 @@
{ {
config, config,
lib, lib,
pkgs,
namespace, namespace,
... ...
}: }:
with lib; with lib;
let let
cfg = config.${namespace}.services.paperless; name = "paperless";
cfg = config.${namespace}.services.${name};
paperlessPort = 28981; paperlessConfig = lib.${namespace}.mkModule {
paperlessUserId = config.users.users.nix-apps.uid; inherit config name;
paperlessGroupId = config.users.groups.jallen-nas.gid; description = "paperless";
paperlessPkg = pkgs.paperless-ngx; options = { };
in moduleConfig = {
{ # Enable paperless service
imports = [ ./options.nix ]; services.paperless = {
enable = true;
package = pkgs.paperless-ngx;
port = cfg.port;
# user = "nix-apps";
address = cfg.listenAddress;
dataDir = "${cfg.configDir}/paperless";
passwordFile = "${cfg.configDir}/paperless/paperless-password";
# environmentFile = paperlessEnv;
domain = "paperless.mjallen.dev";
database.createLocally = true;
};
};
};
config = mkIf cfg.enable { aiCfg = config.${namespace}.services."paperless-ai";
containers.paperless = { paperlessAiConfig = lib.${namespace}.mkModule {
autoStart = true; inherit config;
privateNetwork = true; name = "paperless-ai";
hostAddress = "10.0.1.3"; description = "paperless-ai";
localAddress = "10.0.1.20"; options = { };
hostAddress6 = "fc00::1"; moduleConfig = {
localAddress6 = "fc00::20"; virtualisation.oci-containers.containers."paperless-ai" = {
autoStart = true;
config = image = "clusterzx/paperless-ai";
{ ports = [
lib, "${toString aiCfg.port}:3000"
... ];
}: volumes = [ "${aiCfg.configDir}/paperless-ai:/app/data" ];
{ environment = {
# Enable paperless service PUID = aiCfg.puid;
services.paperless = { PGID = aiCfg.pgid;
enable = false; TZ = aiCfg.timeZone;
package = paperlessPkg;
port = paperlessPort;
user = "paperless";
address = "0.0.0.0";
# passwordFile = "/var/lib/paperless/paperless-password";
environmentFile = paperlessEnv;
};
# Create required users and groups
users.groups = {
documents = {
gid = lib.mkForce paperlessGroupId;
};
};
users.users.paperless = {
isSystemUser = true;
uid = lib.mkForce paperlessUserId;
group = lib.mkForce "documents";
};
# Create and set permissions for required directories
system.activationScripts.paperless-dirs = ''
mkdir -p /var/lib/paperless
chown -R paperless:documents /var/lib/paperless
chmod -R 775 /var/lib/paperless
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ paperlessPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"/var/lib/paperless" = {
hostPath = "/media/nas/main/nix-app-data/paperless";
isReadOnly = false;
};
secrets = {
hostPath = "/run/secrets/jallen-nas/paperless";
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/paperless";
};
secret-env = {
hostPath = "/run/secrets/rendered/paperless.env";
isReadOnly = true;
mountPoint = "/run/secrets/rendered/paperless.env";
}; };
}; };
}; };
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.20:28981";
sourcePort = paperlessPort;
}
];
};
}; };
in
{
imports = [
paperlessConfig
paperlessAiConfig
];
} }

7
modules/nixos/services/paperless/options.nix
View File

@@ -1,7 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.paperless = {
enable = mkEnableOption "enable paperless";
};
}

2
modules/nixos/services/traefik/default.nix
View File

@@ -72,7 +72,7 @@ let
# onlyofficeUrl = "http://${config.containers.nextcloud.localAddress}:${toString config.containers.nextcloud.config.services.onlyoffice.port}"; # onlyofficeUrl = "http://${config.containers.nextcloud.localAddress}:${toString config.containers.nextcloud.config.services.onlyoffice.port}";
onlyofficeUrl = "http://10.0.1.3:9980"; onlyofficeUrl = "http://10.0.1.3:9980";
openWebUIUrl = "http://${serverIp}:8888"; openWebUIUrl = "http://${serverIp}:8888";
paperlessUrl = "http://${config.containers.paperless.localAddress}:${toString config.containers.paperless.config.services.paperless.port}"; paperlessUrl = "http://${serverIp}:${toString config.services.paperless.port}";
# Plugins # Plugins
traefikPlugins = { traefikPlugins = {

31
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -56,7 +56,10 @@ in
PROXY_DOMAIN = "code.mjallen.dev"; PROXY_DOMAIN = "code.mjallen.dev";
}; };
}; };
collabora = enabled; collabora = {
enable = true;
port = 9980;
};
crowdsec = { crowdsec = {
enable = true; enable = true;
port = 8181; port = 8181;
@@ -92,7 +95,10 @@ in
enable = true; enable = true;
port = 2283; port = 2283;
}; };
jellyfin = enabled; jellyfin = {
enable = true;
port = 8096;
};
jellyseerr = { jellyseerr = {
enable = true; enable = true;
port = 5055; port = 5055;
@@ -114,7 +120,8 @@ in
minecraft = disabled; minecraft = disabled;
mongodb = disabled; mongodb = disabled;
netbootxyz = { netbootxyz = {
enable = true; enable = false;
port = 3000;
}; };
nextcloud = { nextcloud = {
enable = true; enable = true;
@@ -126,7 +133,10 @@ in
reverseProxy.enable = true; reverseProxy.enable = true;
}; };
ocis = disabled; ocis = disabled;
onlyoffice = disabled; onlyoffice = {
enable = false;
port = 9200;
};
opencloud = { opencloud = {
enable = true; enable = true;
port = 9200; port = 9200;
@@ -134,10 +144,17 @@ in
}; };
orca-slicer = { orca-slicer = {
enable = true; enable = true;
httpPort = "3100"; port = 3100;
httpsPort = "3101"; httpsPort = 3101;
};
paperless = {
enable = true;
port = 28981;
};
paperless-ai = {
enable = true;
port = 28982;
}; };
paperless = enabled;
protonmail-bridge = { protonmail-bridge = {
enable = true; enable = true;
smtpPort = 1025; smtpPort = 1025;