diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 169b6b9..a31ae3f 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -6,8 +6,20 @@ }: let cfg = config.aux.system.services.forgejo; + cli-cfg = config.services.forgejo; - socket = "/run/services/forgejo/web.socket"; + forgejo-cli = pkgs.writeScriptBin "forgejo-cli" '' + #!${pkgs.runtimeShell} + cd ${cli-cfg.stateDir} + sudo=exec + if [[ "$USER" != forgejo ]]; then + sudo='exec /run/wrappers/bin/sudo -u ${cli-cfg.user} -g ${cli-cfg.group} --preserve-env=GITEA_WORK_DIR --preserve-env=GITEA_CUSTOM' + fi + # Note that these variable names will change + export GITEA_WORK_DIR=${cli-cfg.stateDir} + export GITEA_CUSTOM=${cli-cfg.customDir} + $sudo ${lib.getExe cli-cfg.package} "$@" + ''; in { options = { @@ -37,7 +49,10 @@ in }; config = lib.mkIf cfg.enable { - environment.systemPackages = [ pkgs.podman-tui ]; + environment.systemPackages = [ + forgejo-cli + pkgs.podman-tui + ]; services = { forgejo = { enable = true; @@ -45,8 +60,7 @@ in server = { DOMAIN = pkgs.util.getDomainFromURL cfg.url; ROOT_URL = cfg.url; - PROTOCOL = "http+unix"; - HTTP_ADDR = socket; + HTTP_PORT = 3000; }; indexer.REPO_INDEXER_ENABLED = true; # Enable code indexing }; @@ -57,7 +71,7 @@ in useACMEHost = pkgs.util.getDomainFromURL cfg.url; forceSSL = true; locations."/" = { - proxyPass = "http://unix:${socket}:"; + proxyPass = "http://127.0.0.1:3000"; proxyWebsockets = true; extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts }; diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix index a7e38fb..cabda67 100644 --- a/modules/services/jellyfin.nix +++ b/modules/services/jellyfin.nix @@ -7,8 +7,6 @@ let cfg = config.aux.system.services.jellyfin; - socket = "/run/services/jellyfin/web.socket"; - jellyfin-audio-save = pkgs.jellyfin.overrideAttrs ( finalAttrs: prevAttrs: { patches = [ ./jellyfin/jellyfin-audio-save-position.patch ]; } ); @@ -35,18 +33,11 @@ in aux.system.users.media.enable = true; services = { - jellyfin = { - enable = true; - dataDir = cfg.home; - group = "media"; - package = jellyfin-audio-save; - }; - nginx.virtualHosts."${cfg.url}" = { useACMEHost = pkgs.util.getDomainFromURL cfg.url; forceSSL = true; locations."/" = { - proxyPass = "http://unix:${socket}:"; + proxyPass = "http://127.0.0.1:8096"; proxyWebsockets = true; extraConfig = '' # Taken from https://jellyfin.org/docs/general/networking/nginx/ @@ -69,7 +60,7 @@ in ''; }; locations."/socket" = { - proxyPass = "http://unix:${socket}:"; + proxyPass = "http://127.0.0.1:8096"; proxyWebsockets = true; extraConfig = '' # Proxy Jellyfin Websockets traffic @@ -84,6 +75,13 @@ in ''; }; }; + + jellyfin = { + enable = true; + dataDir = cfg.home; + group = "media"; + package = jellyfin-audio-save; + }; }; # Install packages for plugins @@ -93,15 +91,7 @@ in ]; systemd.services = { - jellyfin = { - # Use Unix sockets in place of ports - environment = { - JELLYFIN_kestrel__socketPermissions = "0777"; - JELLYFIN_kestrel__socketPath = socket; - JELLYFIN_kestrel__socket = "true"; - }; - unitConfig.RequiresMountsFor = cfg.home; - }; + jellyfin.unitConfig.RequiresMountsFor = cfg.home; nginx.wants = [ config.systemd.services.jellyfin.name ]; }; }; diff --git a/modules/services/netdata.nix b/modules/services/netdata.nix index 9e5b833..03e88a3 100644 --- a/modules/services/netdata.nix +++ b/modules/services/netdata.nix @@ -6,8 +6,6 @@ }: let cfg = config.aux.system.services.netdata; - - socket = "/run/services/netdata/web.socket"; in { options = { @@ -51,6 +49,26 @@ in config = lib.mkMerge [ (lib.mkIf (cfg.enable && cfg.type == "parent") { services = { + nginx.virtualHosts."${cfg.url}" = { + useACMEHost = pkgs.util.getDomainFromURL cfg.url; + forceSSL = true; + basicAuth = { + "${cfg.auth.user}" = cfg.auth.password; + }; + locations."/" = { + proxyPass = "http://127.0.0.1:19999"; + extraConfig = '' + # Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_request_headers on; + proxy_set_header Connection "keep-alive"; + proxy_store off; + ''; + }; + }; + netdata = { enable = true; package = pkgs.unstable.netdataCloud; @@ -69,30 +87,6 @@ in health enabled by default = auto allow streaming from = * ''; - "socket.conf" = pkgs.writeText "socket.conf" '' - [web] - bind to = unix:${socket} - ''; - }; - }; - - nginx.virtualHosts."${cfg.url}" = { - useACMEHost = pkgs.util.getDomainFromURL cfg.url; - forceSSL = true; - basicAuth = { - "${cfg.auth.user}" = cfg.auth.password; - }; - locations."/" = { - proxyPass = "http://unix:${socket}:"; - extraConfig = '' - # Taken from https://learn.netdata.cloud/docs/netdata-agent/configuration/running-the-netdata-agent-behind-a-reverse-proxy/nginx - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - proxy_store off; - ''; }; }; };