aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Modules: Tweak fever dream merging for autostart attribute

Browse source
This commit is contained in:
Aires 2024-07-02 16:19:15 -04:00
parent 20212e406c
commit 84885450a2
4 changed files with 137 additions and 156 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
modules/services/airsonic.nix
View file

@ -32,41 +32,37 @@ in
}; };
}; };
config = lib.mkMerge [ config = lib.mkIf cfg.enable {
(lib.mkIf cfg.enable { aux.system.users.media.enable = true;
aux.system.users.media.enable = true; users.users.airsonic.extraGroups = [ "media" ];
users.users.airsonic.extraGroups = [ "media" ];
services = { services = {
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain; useACMEHost = cfg.domain;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:4040"; proxyPass = "http://127.0.0.1:4040";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; extraConfig = "proxy_ssl_server_name on;";
};
}; };
airsonic = {
enable = true;
war = "${
(pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
}/webapps/airsonic.war";
port = 4040;
jre = pkgs.jdk17;
jvmOptions = [
"-Dserver.use-forward-headers=true"
"-Xmx4G" # Increase Java heap size to 4GB
];
} // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
}; };
systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ]; airsonic = {
}) enable = true;
(lib.mkIf (!cfg.autostart) { war = "${
# Disable autostart if needed (pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
systemd.services.airsonic.wantedBy = lib.mkForce [ ]; }/webapps/airsonic.war";
}) port = 4040;
]; jre = pkgs.jdk17;
jvmOptions = [
"-Dserver.use-forward-headers=true"
"-Xmx4G" # Increase Java heap size to 4GB
];
} // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
};
systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ];
# Disable autostart if configured
systemd.services.airsonic = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
};
} }

56
modules/services/duplicacy-web.nix
View file

@ -28,39 +28,31 @@ rec {
}; };
}; };
config = lib.mkMerge [ config = lib.mkIf cfg.enable {
(lib.mkIf cfg.enable { nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfree = true; environment.systemPackages = [ duplicacy-web ];
environment.systemPackages = [ duplicacy-web ];
networking.firewall.allowedTCPPorts = [ 3875 ]; networking.firewall.allowedTCPPorts = [ 3875 ];
# Install systemd service. # Install systemd service.
systemd.services."duplicacy-web" = { systemd.services.duplicacy-web = {
enable = true; enable = true;
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ after = [
"syslog.target" "syslog.target"
"network-online.target" "network-online.target"
]; ];
description = "Start the Duplicacy backup service and web UI"; description = "Start the Duplicacy backup service and web UI";
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = ''${duplicacy-web}/duplicacy-web''; ExecStart = ''${duplicacy-web}/duplicacy-web'';
Restart = "on-failure"; Restart = "on-failure";
RestartSrc = 10; RestartSrc = 10;
KillMode = "process"; KillMode = "process";
};
environment = {
HOME = cfg.environment;
};
}; };
}) environment = {
HOME = cfg.environment;
(lib.mkIf (!cfg.autostart) { };
# Disable autostart if needed } // lib.optionalAttrs (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
systemd.services.duplicacy-web.wantedBy = lib.mkForce [ ]; };
})
];
} }

130
modules/services/forgejo.nix
View file

@ -55,81 +55,77 @@ in
}; };
}; };
config = lib.mkMerge [ config = lib.mkIf cfg.enable {
(lib.mkIf cfg.enable { environment.systemPackages = [
environment.systemPackages = [ forgejo-cli
forgejo-cli pkgs.podman-tui
pkgs.podman-tui ];
]; services = {
services = { forgejo = {
forgejo = { enable = true;
settings.server = {
DOMAIN = cfg.domain;
ROOT_URL = cfg.url;
HTTP_PORT = 3000;
};
useWizard = true;
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
# Enable runner for CI actions
gitea-actions-runner = lib.mkIf cfg.actions.enable {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true; enable = true;
settings.server = { name = config.networking.hostName;
DOMAIN = cfg.domain; url = cfg.url;
ROOT_URL = cfg.url; token = cfg.actions.token;
HTTP_PORT = 3000; labels = [
}; "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
useWizard = true; "debian:docker://node:20-bullseye"
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; }; "ubuntu-latest:docker://ubuntu:latest"
];
nginx.virtualHosts."${cfg.url}" = { settings = {
useACMEHost = cfg.domain; # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
forceSSL = true; # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
locations."/" = { container.options = "-v /nix:/nix";
proxyPass = "http://127.0.0.1:3000"; container.validVolumes = [ "/nix" ];
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
# Enable runner for CI actions
gitea-actions-runner = lib.mkIf cfg.actions.enable {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = config.networking.hostName;
url = cfg.url;
token = cfg.actions.token;
labels = [
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
"debian:docker://node:20-bullseye"
"ubuntu-latest:docker://ubuntu:latest"
];
settings = {
# For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
# For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
container.options = "-v /nix:/nix";
container.validVolumes = [ "/nix" ];
};
}; };
}; };
}; };
};
systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ]; systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ];
# Enable Podman for running...uh, runners. # Enable Podman for running...uh, runners.
virtualisation = lib.mkIf cfg.actions.enable { virtualisation = lib.mkIf cfg.actions.enable {
containers.enable = true; containers.enable = true;
podman = { podman = {
enable = true; enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement # Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true; dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other. # Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true; defaultNetwork.settings.dns_enabled = true;
};
}; };
};
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/) # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable { networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ]; allowedUDPPorts = [ 53 ];
}; };
}) # Disable autostart if configured
(lib.mkIf (!cfg.autostart) { systemd.services.forgejo = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
# Disable autostart if needed };
systemd.services.forgejo.wantedBy = lib.mkForce [ ];
})
];
} }

45
modules/services/nginx.nix
View file

@ -17,31 +17,28 @@ in
}; };
}; };
config = lib.mkMerge [ config = lib.mkIf cfg.enable {
(lib.mkIf cfg.enable { services.nginx = {
services.nginx = { enable = true;
enable = true;
# Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading # Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = cfg.virtualHosts; virtualHosts = cfg.virtualHosts;
}; };
# Open ports # Open ports
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
80 80
443 443
]; ];
}; };
})
(lib.mkIf (!cfg.autostart) { # Disable autostart if configured
# Disable autostart if needed systemd.services.nginx = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
systemd.services.nginx.wantedBy = lib.mkForce [ ]; };
})
];
} }