1
0
Fork 0

Modules: Fix autostarting services

This commit is contained in:
Aires 2024-07-02 14:40:49 -04:00
parent c1308f9ef4
commit fa6157c228
4 changed files with 156 additions and 137 deletions

View file

@ -32,37 +32,41 @@ in
};
};
config = lib.mkIf cfg.enable {
aux.system.users.media.enable = true;
users.users.airsonic.extraGroups = [ "media" ];
config = lib.mkMerge [
(lib.mkIf cfg.enable {
aux.system.users.media.enable = true;
users.users.airsonic.extraGroups = [ "media" ];
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4040";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4040";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
};
airsonic = {
enable = true;
war = "${
(pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
}/webapps/airsonic.war";
port = 4040;
jre = pkgs.jdk17;
jvmOptions = [
"-Dserver.use-forward-headers=true"
"-Xmx4G" # Increase Java heap size to 4GB
];
} // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
};
airsonic = {
enable = true;
war = "${
(pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
}/webapps/airsonic.war";
port = 4040;
jre = pkgs.jdk17;
jvmOptions = [
"-Dserver.use-forward-headers=true"
"-Xmx4G" # Increase Java heap size to 4GB
];
} // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
};
systemd.services = {
nginx.wants = [ config.systemd.services.airsonic.name ];
} // lib.optionalAttrs (!cfg.autostart) { airsonic.wantedBy = lib.mkForce [ ]; };
};
systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ];
})
(lib.mkIf (!cfg.autostart) {
# Disable autostart if needed
systemd.services.airsonic.wantedBy = lib.mkForce [ ];
})
];
}

View file

@ -28,31 +28,39 @@ rec {
};
};
config = mkIf cfg.enable {
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ duplicacy-web ];
config = lib.mkMerge [
(lib.mkIf cfg.enable {
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ duplicacy-web ];
networking.firewall.allowedTCPPorts = [ 3875 ];
networking.firewall.allowedTCPPorts = [ 3875 ];
# Install systemd service.
systemd.services."duplicacy-web" = {
enable = true;
wants = [ "network-online.target" ];
after = [
"syslog.target"
"network-online.target"
];
description = "Start the Duplicacy backup service and web UI";
serviceConfig = {
Type = "simple";
ExecStart = ''${duplicacy-web}/duplicacy-web'';
Restart = "on-failure";
RestartSrc = 10;
KillMode = "process";
# Install systemd service.
systemd.services."duplicacy-web" = {
enable = true;
wants = [ "network-online.target" ];
after = [
"syslog.target"
"network-online.target"
];
description = "Start the Duplicacy backup service and web UI";
serviceConfig = {
Type = "simple";
ExecStart = ''${duplicacy-web}/duplicacy-web'';
Restart = "on-failure";
RestartSrc = 10;
KillMode = "process";
};
environment = {
HOME = cfg.environment;
};
};
environment = {
HOME = cfg.environment;
};
} // optionalAttrs cfg.autostart { wantedBy = [ "multi-user.target" ]; }; # Start at boot if autostart is enabled.
};
})
(lib.mkIf (!cfg.autostart) {
# Disable autostart if needed
systemd.services.duplicacy-web.wantedBy = lib.mkForce [ ];
})
];
}

View file

@ -55,77 +55,81 @@ in
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [
forgejo-cli
pkgs.podman-tui
];
services = {
forgejo = {
enable = true;
settings.server = {
DOMAIN = cfg.domain;
ROOT_URL = cfg.url;
HTTP_PORT = 3000;
};
useWizard = true;
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
# Enable runner for CI actions
gitea-actions-runner = lib.mkIf cfg.actions.enable {
package = pkgs.forgejo-actions-runner;
instances.default = {
config = lib.mkMerge [
(lib.mkIf cfg.enable {
environment.systemPackages = [
forgejo-cli
pkgs.podman-tui
];
services = {
forgejo = {
enable = true;
name = config.networking.hostName;
url = cfg.url;
token = cfg.actions.token;
labels = [
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
"debian:docker://node:20-bullseye"
"ubuntu-latest:docker://ubuntu:latest"
];
settings = {
# For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
# For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
container.options = "-v /nix:/nix";
container.validVolumes = [ "/nix" ];
settings.server = {
DOMAIN = cfg.domain;
ROOT_URL = cfg.url;
HTTP_PORT = 3000;
};
useWizard = true;
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
# Enable runner for CI actions
gitea-actions-runner = lib.mkIf cfg.actions.enable {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = config.networking.hostName;
url = cfg.url;
token = cfg.actions.token;
labels = [
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
"debian:docker://node:20-bullseye"
"ubuntu-latest:docker://ubuntu:latest"
];
settings = {
# For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
# For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
container.options = "-v /nix:/nix";
container.validVolumes = [ "/nix" ];
};
};
};
};
};
systemd.services = {
nginx.wants = [ config.systemd.services.forgejo.name ];
} // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; };
systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ];
# Enable Podman for running...uh, runners.
virtualisation = lib.mkIf cfg.actions.enable {
containers.enable = true;
podman = {
enable = true;
# Enable Podman for running...uh, runners.
virtualisation = lib.mkIf cfg.actions.enable {
containers.enable = true;
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
};
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
};
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
})
(lib.mkIf (!cfg.autostart) {
# Disable autostart if needed
systemd.services.forgejo.wantedBy = lib.mkForce [ ];
})
];
}

View file

@ -17,28 +17,31 @@ in
};
};
config = lib.mkIf cfg.enable {
services.nginx = {
enable = true;
config = lib.mkMerge [
(lib.mkIf cfg.enable {
services.nginx = {
enable = true;
# Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
# Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts = cfg.virtualHosts;
};
virtualHosts = cfg.virtualHosts;
};
# Open ports
networking.firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
# Disable autostart if needed
systemd.services.nginx.wantedBy = lib.mkIf (!cfg.autostart) [ ];
};
# Open ports
networking.firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
})
(lib.mkIf (!cfg.autostart) {
# Disable autostart if needed
systemd.services.nginx.wantedBy = lib.mkForce [ ];
})
];
}