mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

termix

Browse Source
This commit is contained in:
mjallen18
2026-03-16 14:06:20 -05:00
parent de8ec35cbb
commit e6c9e21c62
5 changed files with 374 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/nixos/services/caddy/default.nix
View File

@@ -109,6 +109,11 @@ let
handle @office { handle @office {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.collabora.port} reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.collabora.port}
} }
@termix host termix.mjallen.dev
handle @termix {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.termix.port}
}
''; '';
}; };
}; };

69
modules/nixos/services/termix/default.nix Normal file
View File

@@ -0,0 +1,69 @@
{
lib,
config,
namespace,
...
}:
with lib;
let
name = "termix";
cfg = config.${namespace}.services.${name};
termixConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "termix";
options = { };
moduleConfig = {
sops = {
secrets = {
"jallen-nas/termix/client-id" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/termix/client-secret" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
};
templates = {
"termix.env" = {
mode = "660";
owner = "nix-apps";
group = "jallen-nas";
restartUnits = [ "podman-termix.service" ];
content = ''
OIDC_CLIENT_ID=${config.sops.placeholder."jallen-nas/termix/client-id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."jallen-nas/termix/client-secret"}
'';
};
};
};
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "ghcr.io/lukegus/termix";
volumes = [
"${cfg.configDir}/termix:/app/data"
];
ports = [
"${toString cfg.port}:8080"
];
environment = {
OIDC_ISSUER_URL = "https://authentik.mjallen.dev/application/o/termix/";
OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
OIDC_FORCE_HTTPS = "true";
GUACD_HOST = "10.0.1.3";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
in
{
imports = [
./guacd.nix
termixConfig
];
}

35
modules/nixos/services/termix/guacd.nix Normal file
View File

@@ -0,0 +1,35 @@
{
lib,
config,
namespace,
...
}:
with lib;
let
name = "guacd";
cfg = config.${namespace}.services.${name};
guacdConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "podman-${name}";
description = "guacd";
options = { };
moduleConfig = {
virtualisation.oci-containers.containers.${name} = {
autoStart = true;
image = "guacamole/guacd";
ports = [
"${toString cfg.port}:4822"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
};
in
{
imports = [ guacdConfig ];
}

9
secrets/nas-secrets.yaml
View File

@@ -83,6 +83,9 @@ jallen-nas:
nas-pub: ENC[AES256_GCM,data:lZF4LJPDb2EmtDrKsOIrNENBCoEDAYzL8tF5mORGxCKEJXhXB5tnsn0DpzNSaxo+aTlW4AhrH6DdgdlhgAyMqlZRnTLcqc7yUT1zFWEerWvpm0IJJRvyjL4LK6HFuSczQNSwbCylPByvmLm1Tw++wp9RUmZpCxesSH1lgKA=,iv:CAVBEC/byHTpdkgoHzHMFgzCZLoBog2H826/L3Vq4Y0=,tag:s9wp5CjlyYHEKzy3m8+FJA==,type:str] nas-pub: ENC[AES256_GCM,data:lZF4LJPDb2EmtDrKsOIrNENBCoEDAYzL8tF5mORGxCKEJXhXB5tnsn0DpzNSaxo+aTlW4AhrH6DdgdlhgAyMqlZRnTLcqc7yUT1zFWEerWvpm0IJJRvyjL4LK6HFuSczQNSwbCylPByvmLm1Tw++wp9RUmZpCxesSH1lgKA=,iv:CAVBEC/byHTpdkgoHzHMFgzCZLoBog2H826/L3Vq4Y0=,tag:s9wp5CjlyYHEKzy3m8+FJA==,type:str]
nas-key: ENC[AES256_GCM,data:QGW6jaXZKwFByIoWa0lJXUkIlHZaZEr58hkd+QpUkUUr8g2TEJkb0bAaNNEhhDS8YmQ7HejtgG+YFneji9C9BDPhIFIlM/GPiGzHggHMx3UfJU3ai78UL6sFlito21MhLKox758FIUNnVIa/8zGfLCymy0/eoe+rodX9J/h6cQ==,iv:HBXKoWLTo4usF6L4B1yA9EzM+qZTYfsHOus8nXwQO6w=,tag:BLfLrZKgD/gADwVngMZoqw==,type:str] nas-key: ENC[AES256_GCM,data:QGW6jaXZKwFByIoWa0lJXUkIlHZaZEr58hkd+QpUkUUr8g2TEJkb0bAaNNEhhDS8YmQ7HejtgG+YFneji9C9BDPhIFIlM/GPiGzHggHMx3UfJU3ai78UL6sFlito21MhLKox758FIUNnVIa/8zGfLCymy0/eoe+rodX9J/h6cQ==,iv:HBXKoWLTo4usF6L4B1yA9EzM+qZTYfsHOus8nXwQO6w=,tag:BLfLrZKgD/gADwVngMZoqw==,type:str]
nas-cert: ENC[AES256_GCM,data:m/eLQPEGWfc8ajF6rHJyyZzuj0UqfnkD/+quDVsY9h55nTFVlky7GbQ2raohs31D8mH7O6AMFsgmkg1vnow7TAuCj06OGhnFHo+oqeqUFIYImfr8cGA+geJJ3dgthSStEzi+gxIKralmWGPVAzcW9DhJm4Y1Ot4mCJ3DRdAALXKjQkO8W7wVfDDSHKKFwwn/Sq4/fdoCanJlxFpLDTuKS4E/CrXC0ojYZJ7ePdx0B/idR4Xm5qxyaE1rysQ45zd9N1HVJlgXi2hHXUCzCxJ5jjx2dht52tkBa+OGWQTQiyXh1gXDhwW2xUkadaKYZ+vPo/VMgZxu44F95/AmuiLGmDumW9hhqlQ7teK897n+R/1HasrUA8Sjshs9Ok9JN/XiZvvO/TJVnEsxdnm5d6xTJ1XI8tHu1A==,iv:dWJIdRj1zWT4Xx0LIZfRENDZWVvDf2XrEizr9+sUr4Q=,tag:uIoLAcpZg1rVP7NYgEgi2A==,type:str] nas-cert: ENC[AES256_GCM,data:m/eLQPEGWfc8ajF6rHJyyZzuj0UqfnkD/+quDVsY9h55nTFVlky7GbQ2raohs31D8mH7O6AMFsgmkg1vnow7TAuCj06OGhnFHo+oqeqUFIYImfr8cGA+geJJ3dgthSStEzi+gxIKralmWGPVAzcW9DhJm4Y1Ot4mCJ3DRdAALXKjQkO8W7wVfDDSHKKFwwn/Sq4/fdoCanJlxFpLDTuKS4E/CrXC0ojYZJ7ePdx0B/idR4Xm5qxyaE1rysQ45zd9N1HVJlgXi2hHXUCzCxJ5jjx2dht52tkBa+OGWQTQiyXh1gXDhwW2xUkadaKYZ+vPo/VMgZxu44F95/AmuiLGmDumW9hhqlQ7teK897n+R/1HasrUA8Sjshs9Ok9JN/XiZvvO/TJVnEsxdnm5d6xTJ1XI8tHu1A==,iv:dWJIdRj1zWT4Xx0LIZfRENDZWVvDf2XrEizr9+sUr4Q=,tag:uIoLAcpZg1rVP7NYgEgi2A==,type:str]
termix:
client-id: ENC[AES256_GCM,data:BKIni/vc+MhzotU28V75kul9+CxSbmO0a1Pw/ySihejXE87hoYW3bQ==,iv:6GObrAqxxOs/Nz58scc/Mt2kIPte55RUK7EYsJ9zbOY=,tag:J5mg17NRm1KD5DrSSV9OOw==,type:str]
client-secret: ENC[AES256_GCM,data:mkM+2Ou3kbCiPrw4EN9O5rr6+VkZ0qw3HsY5as2YjlyNnH+7K6WEqVIc2BjahaYMf3Uddj0ObRpqK+eFlO4vKLhx3Oe7cyIfOqLDETSPXoNvT4vCasSnboRLNGOYvHorAKum6BYGD8Kw+LFVkl6YeTmaeA7wvt+5jsOlpu8jajw=,iv:Yq3G+xAP2KjRvQ/grVJRZqfFN/W+tEdEYahhufsczkY=,tag:nSa0cgtu6Mt3IcIzVd3Qkg==,type:str]
sops: sops:
shamir_threshold: 1 shamir_threshold: 1
age: age:
@@ -230,8 +233,8 @@ sops:
L0gwQm5takNjMkVGNzVlSStJYlUwWDAKP8QA3rRUHYbyyhPC/k0Eq2EIKfjyc7Co L0gwQm5takNjMkVGNzVlSStJYlUwWDAKP8QA3rRUHYbyyhPC/k0Eq2EIKfjyc7Co
7BkHH3msC6h9g42BB5iIYe6KQ+UGxMQBFvp+qSB27jaIfajN5MP0BA== 7BkHH3msC6h9g42BB5iIYe6KQ+UGxMQBFvp+qSB27jaIfajN5MP0BA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-14T01:45:47Z" lastmodified: "2026-03-16T16:01:51Z"
mac: ENC[AES256_GCM,data:16hCppIAbjg6OWhF2kdIUSb67yffIHtQ32PY/R3tvZjGnU3FyX/ew1NRaF8XtMhFWJ3McE5riu7ctWP6ET1/k9anDDMHAreTibmxbPeur1Cc5p8HM0d9A+mofdR/bqSQZxlaWnkqd+odbo0wv5tR4WO+Cs8Yp6hqS3UkpgqM55w=,iv:0s4vlNYwLeUDx7hySofPp7UgbvJG51FLUpcUvmcJrPg=,tag:kfC/jrhKt3dht+oZqa9Wgg==,type:str] mac: ENC[AES256_GCM,data:m1Fb2vGqgpA20v0SsoqfEDmWxF7TLYcv2KROD1E1LZ+Oewx4UN71pj78rbId25vqedx4qL8fpS4FiwK0KrLfruHxSAnR21+PIdgCVxw5mVqvyDxJTZ7GCli8cGHDs4bL0ZlkY1mGZNPF5QWkzUef98XLX4jEkIozJttnNDL/HzM=,iv:E1zPp/rP+wc01Al8sHpzk5iA7POw1Tf9wiZEmVWpNI0=,tag:JYRMKmPWh+ZxQ26qFZmCoA==,type:str]
pgp: pgp:
- created_at: "2026-02-06T15:34:30Z" - created_at: "2026-02-06T15:34:30Z"
enc: |- enc: |-
@@ -254,4 +257,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684 fp: CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.12.1

8
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -96,6 +96,10 @@ in
port = 3000; port = 3000;
reverseProxy = enabled; reverseProxy = enabled;
}; };
guacd = {
enable = true;
port = 4822;
};
glance = { glance = {
enable = true; enable = true;
port = 5555; port = 5555;
@@ -213,6 +217,10 @@ in
port = 8265; port = 8265;
serverPort = 8266; serverPort = 8266;
}; };
termix = {
enable = true;
port = 7777;
};
traefik = disabled; traefik = disabled;
unmanic = { unmanic = {
enable = true; enable = true;