termix

modules/nixos/services/caddy/default.nix

@@ -109,6 +109,11 @@ let
               handle @office {
                 reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.collabora.port}
               }
+
+              @termix host termix.mjallen.dev
+              handle @termix {
+                reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.termix.port}
+              }
             '';
           };
         };

modules/nixos/services/termix/default.nix

@@ -0,0 +1,69 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+with lib;
+let
+  name = "termix";
+  cfg = config.${namespace}.services.${name};
+
+  termixConfig = lib.${namespace}.mkModule {
+    inherit config name;
+    serviceName = "podman-${name}";
+    description = "termix";
+    options = { };
+    moduleConfig = {
+      sops = {
+        secrets = {
+          "jallen-nas/termix/client-id" = {
+            sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
+          };
+          "jallen-nas/termix/client-secret" = {
+            sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
+          };
+        };
+        templates = {
+          "termix.env" = {
+            mode = "660";
+            owner = "nix-apps";
+            group = "jallen-nas";
+            restartUnits = [ "podman-termix.service" ];
+            content = ''
+            OIDC_CLIENT_ID=${config.sops.placeholder."jallen-nas/termix/client-id"}
+            OIDC_CLIENT_SECRET=${config.sops.placeholder."jallen-nas/termix/client-secret"}
+            '';
+          };
+        };
+      };
+
+      virtualisation.oci-containers.containers.${name} = {
+        autoStart = true;
+        image = "ghcr.io/lukegus/termix";
+        volumes = [
+          "${cfg.configDir}/termix:/app/data"
+        ];
+        ports = [
+          "${toString cfg.port}:8080"
+        ];
+        environment = {
+          OIDC_ISSUER_URL = "https://authentik.mjallen.dev/application/o/termix/";
+          OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
+          OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
+          OIDC_FORCE_HTTPS = "true";
+          GUACD_HOST = "10.0.1.3";
+          PUID = cfg.puid;
+          PGID = cfg.pgid;
+          TZ = cfg.timeZone;
+        };
+      };
+    };
+  };
+in
+{
+  imports = [
+    ./guacd.nix
+    termixConfig
+  ];
+}

modules/nixos/services/termix/guacd.nix

@@ -0,0 +1,35 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+with lib;
+let
+  name = "guacd";
+  cfg = config.${namespace}.services.${name};
+
+  guacdConfig = lib.${namespace}.mkModule {
+    inherit config name;
+    serviceName = "podman-${name}";
+    description = "guacd";
+    options = { };
+    moduleConfig = {
+      virtualisation.oci-containers.containers.${name} = {
+        autoStart = true;
+        image = "guacamole/guacd";
+        ports = [
+          "${toString cfg.port}:4822"
+        ];
+        environment = {
+          PUID = cfg.puid;
+          PGID = cfg.pgid;
+          TZ = cfg.timeZone;
+        };
+      };
+    };
+  };
+in
+{
+  imports = [ guacdConfig ];
+}

systems/x86_64-linux/jallen-nas/apps.nix

@@ -96,6 +96,10 @@ in
         port = 3000;
         reverseProxy = enabled;
       };
+      guacd = {
+        enable = true;
+        port = 4822;
+      };
       glance = {
         enable = true;
         port = 5555;
@@ -213,6 +217,10 @@ in
         port = 8265;
         serverPort = 8266;
       };
+      termix = {
+        enable = true;
+        port = 7777;
+      };
       traefik = disabled;
       unmanic = {
         enable = true;