Modules: Tweak fever dream merging for autostart attribute
This commit is contained in:
parent
20212e406c
commit
84885450a2
|
@ -32,41 +32,37 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf cfg.enable {
|
||||
aux.system.users.media.enable = true;
|
||||
users.users.airsonic.extraGroups = [ "media" ];
|
||||
config = lib.mkIf cfg.enable {
|
||||
aux.system.users.media.enable = true;
|
||||
users.users.airsonic.extraGroups = [ "media" ];
|
||||
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = cfg.domain;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:4040";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = "proxy_ssl_server_name on;";
|
||||
};
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = cfg.domain;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:4040";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = "proxy_ssl_server_name on;";
|
||||
};
|
||||
|
||||
airsonic = {
|
||||
enable = true;
|
||||
war = "${
|
||||
(pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
|
||||
}/webapps/airsonic.war";
|
||||
port = 4040;
|
||||
jre = pkgs.jdk17;
|
||||
jvmOptions = [
|
||||
"-Dserver.use-forward-headers=true"
|
||||
"-Xmx4G" # Increase Java heap size to 4GB
|
||||
];
|
||||
} // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
|
||||
};
|
||||
|
||||
systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ];
|
||||
})
|
||||
(lib.mkIf (!cfg.autostart) {
|
||||
# Disable autostart if needed
|
||||
systemd.services.airsonic.wantedBy = lib.mkForce [ ];
|
||||
})
|
||||
];
|
||||
airsonic = {
|
||||
enable = true;
|
||||
war = "${
|
||||
(pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
|
||||
}/webapps/airsonic.war";
|
||||
port = 4040;
|
||||
jre = pkgs.jdk17;
|
||||
jvmOptions = [
|
||||
"-Dserver.use-forward-headers=true"
|
||||
"-Xmx4G" # Increase Java heap size to 4GB
|
||||
];
|
||||
} // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
|
||||
};
|
||||
|
||||
systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ];
|
||||
# Disable autostart if configured
|
||||
systemd.services.airsonic = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -28,39 +28,31 @@ rec {
|
|||
};
|
||||
};
|
||||
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf cfg.enable {
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.systemPackages = [ duplicacy-web ];
|
||||
config = lib.mkIf cfg.enable {
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.systemPackages = [ duplicacy-web ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 3875 ];
|
||||
networking.firewall.allowedTCPPorts = [ 3875 ];
|
||||
|
||||
# Install systemd service.
|
||||
systemd.services."duplicacy-web" = {
|
||||
enable = true;
|
||||
wants = [ "network-online.target" ];
|
||||
after = [
|
||||
"syslog.target"
|
||||
"network-online.target"
|
||||
];
|
||||
description = "Start the Duplicacy backup service and web UI";
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = ''${duplicacy-web}/duplicacy-web'';
|
||||
Restart = "on-failure";
|
||||
RestartSrc = 10;
|
||||
KillMode = "process";
|
||||
};
|
||||
environment = {
|
||||
HOME = cfg.environment;
|
||||
};
|
||||
# Install systemd service.
|
||||
systemd.services.duplicacy-web = {
|
||||
enable = true;
|
||||
wants = [ "network-online.target" ];
|
||||
after = [
|
||||
"syslog.target"
|
||||
"network-online.target"
|
||||
];
|
||||
description = "Start the Duplicacy backup service and web UI";
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart = ''${duplicacy-web}/duplicacy-web'';
|
||||
Restart = "on-failure";
|
||||
RestartSrc = 10;
|
||||
KillMode = "process";
|
||||
};
|
||||
})
|
||||
|
||||
(lib.mkIf (!cfg.autostart) {
|
||||
# Disable autostart if needed
|
||||
systemd.services.duplicacy-web.wantedBy = lib.mkForce [ ];
|
||||
})
|
||||
];
|
||||
|
||||
environment = {
|
||||
HOME = cfg.environment;
|
||||
};
|
||||
} // lib.optionalAttrs (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -55,81 +55,77 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [
|
||||
forgejo-cli
|
||||
pkgs.podman-tui
|
||||
];
|
||||
services = {
|
||||
forgejo = {
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [
|
||||
forgejo-cli
|
||||
pkgs.podman-tui
|
||||
];
|
||||
services = {
|
||||
forgejo = {
|
||||
enable = true;
|
||||
settings.server = {
|
||||
DOMAIN = cfg.domain;
|
||||
ROOT_URL = cfg.url;
|
||||
HTTP_PORT = 3000;
|
||||
};
|
||||
useWizard = true;
|
||||
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
|
||||
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = cfg.domain;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
|
||||
};
|
||||
};
|
||||
|
||||
# Enable runner for CI actions
|
||||
gitea-actions-runner = lib.mkIf cfg.actions.enable {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances.default = {
|
||||
enable = true;
|
||||
settings.server = {
|
||||
DOMAIN = cfg.domain;
|
||||
ROOT_URL = cfg.url;
|
||||
HTTP_PORT = 3000;
|
||||
};
|
||||
useWizard = true;
|
||||
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
|
||||
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = cfg.domain;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
|
||||
};
|
||||
};
|
||||
|
||||
# Enable runner for CI actions
|
||||
gitea-actions-runner = lib.mkIf cfg.actions.enable {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances.default = {
|
||||
enable = true;
|
||||
name = config.networking.hostName;
|
||||
url = cfg.url;
|
||||
token = cfg.actions.token;
|
||||
labels = [
|
||||
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
|
||||
"debian:docker://node:20-bullseye"
|
||||
"ubuntu-latest:docker://ubuntu:latest"
|
||||
];
|
||||
settings = {
|
||||
# For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
|
||||
# For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
|
||||
container.options = "-v /nix:/nix";
|
||||
container.validVolumes = [ "/nix" ];
|
||||
};
|
||||
name = config.networking.hostName;
|
||||
url = cfg.url;
|
||||
token = cfg.actions.token;
|
||||
labels = [
|
||||
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
|
||||
"debian:docker://node:20-bullseye"
|
||||
"ubuntu-latest:docker://ubuntu:latest"
|
||||
];
|
||||
settings = {
|
||||
# For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
|
||||
# For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
|
||||
container.options = "-v /nix:/nix";
|
||||
container.validVolumes = [ "/nix" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ];
|
||||
systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ];
|
||||
|
||||
# Enable Podman for running...uh, runners.
|
||||
virtualisation = lib.mkIf cfg.actions.enable {
|
||||
containers.enable = true;
|
||||
podman = {
|
||||
enable = true;
|
||||
# Enable Podman for running...uh, runners.
|
||||
virtualisation = lib.mkIf cfg.actions.enable {
|
||||
containers.enable = true;
|
||||
podman = {
|
||||
enable = true;
|
||||
|
||||
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
||||
dockerCompat = true;
|
||||
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
||||
dockerCompat = true;
|
||||
|
||||
# Required for containers under podman-compose to be able to talk to each other.
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
# Required for containers under podman-compose to be able to talk to each other.
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
|
||||
networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
|
||||
allowedTCPPorts = [ 53 ];
|
||||
allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
})
|
||||
(lib.mkIf (!cfg.autostart) {
|
||||
# Disable autostart if needed
|
||||
systemd.services.forgejo.wantedBy = lib.mkForce [ ];
|
||||
})
|
||||
];
|
||||
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
|
||||
networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
|
||||
allowedTCPPorts = [ 53 ];
|
||||
allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
# Disable autostart if configured
|
||||
systemd.services.forgejo = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
|
||||
};
|
||||
}
|
||||
|
|
|
@ -17,31 +17,28 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config = lib.mkMerge [
|
||||
(lib.mkIf cfg.enable {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
# Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
# Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts = cfg.virtualHosts;
|
||||
};
|
||||
virtualHosts = cfg.virtualHosts;
|
||||
};
|
||||
|
||||
# Open ports
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
};
|
||||
})
|
||||
(lib.mkIf (!cfg.autostart) {
|
||||
# Disable autostart if needed
|
||||
systemd.services.nginx.wantedBy = lib.mkForce [ ];
|
||||
})
|
||||
];
|
||||
# Open ports
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
};
|
||||
|
||||
# Disable autostart if configured
|
||||
systemd.services.nginx = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue