diff --git a/modules/services/airsonic.nix b/modules/services/airsonic.nix index 619efac..7fe7c60 100644 --- a/modules/services/airsonic.nix +++ b/modules/services/airsonic.nix @@ -32,37 +32,41 @@ in }; }; - config = lib.mkIf cfg.enable { - aux.system.users.media.enable = true; - users.users.airsonic.extraGroups = [ "media" ]; + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + aux.system.users.media.enable = true; + users.users.airsonic.extraGroups = [ "media" ]; - services = { - nginx.virtualHosts."${cfg.url}" = { - useACMEHost = cfg.domain; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:4040"; - proxyWebsockets = true; - extraConfig = "proxy_ssl_server_name on;"; + services = { + nginx.virtualHosts."${cfg.url}" = { + useACMEHost = cfg.domain; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:4040"; + proxyWebsockets = true; + extraConfig = "proxy_ssl_server_name on;"; + }; }; + + airsonic = { + enable = true; + war = "${ + (pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; }) + }/webapps/airsonic.war"; + port = 4040; + jre = pkgs.jdk17; + jvmOptions = [ + "-Dserver.use-forward-headers=true" + "-Xmx4G" # Increase Java heap size to 4GB + ]; + } // lib.optionalAttrs (cfg.home != "") { home = cfg.home; }; }; - airsonic = { - enable = true; - war = "${ - (pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; }) - }/webapps/airsonic.war"; - port = 4040; - jre = pkgs.jdk17; - jvmOptions = [ - "-Dserver.use-forward-headers=true" - "-Xmx4G" # Increase Java heap size to 4GB - ]; - } // lib.optionalAttrs (cfg.home != "") { home = cfg.home; }; - }; - - systemd.services = { - nginx.wants = [ config.systemd.services.airsonic.name ]; - } // lib.optionalAttrs (!cfg.autostart) { airsonic.wantedBy = lib.mkForce [ ]; }; - }; + systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ]; + }) + (lib.mkIf (!cfg.autostart) { + # Disable autostart if needed + systemd.services.airsonic.wantedBy = lib.mkForce [ ]; + }) + ]; } diff --git a/modules/services/duplicacy-web.nix b/modules/services/duplicacy-web.nix index 2932b68..494d48d 100644 --- a/modules/services/duplicacy-web.nix +++ b/modules/services/duplicacy-web.nix @@ -28,31 +28,39 @@ rec { }; }; - config = mkIf cfg.enable { - nixpkgs.config.allowUnfree = true; - environment.systemPackages = [ duplicacy-web ]; + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + nixpkgs.config.allowUnfree = true; + environment.systemPackages = [ duplicacy-web ]; - networking.firewall.allowedTCPPorts = [ 3875 ]; + networking.firewall.allowedTCPPorts = [ 3875 ]; - # Install systemd service. - systemd.services."duplicacy-web" = { - enable = true; - wants = [ "network-online.target" ]; - after = [ - "syslog.target" - "network-online.target" - ]; - description = "Start the Duplicacy backup service and web UI"; - serviceConfig = { - Type = "simple"; - ExecStart = ''${duplicacy-web}/duplicacy-web''; - Restart = "on-failure"; - RestartSrc = 10; - KillMode = "process"; + # Install systemd service. + systemd.services."duplicacy-web" = { + enable = true; + wants = [ "network-online.target" ]; + after = [ + "syslog.target" + "network-online.target" + ]; + description = "Start the Duplicacy backup service and web UI"; + serviceConfig = { + Type = "simple"; + ExecStart = ''${duplicacy-web}/duplicacy-web''; + Restart = "on-failure"; + RestartSrc = 10; + KillMode = "process"; + }; + environment = { + HOME = cfg.environment; + }; }; - environment = { - HOME = cfg.environment; - }; - } // optionalAttrs cfg.autostart { wantedBy = [ "multi-user.target" ]; }; # Start at boot if autostart is enabled. - }; + }) + + (lib.mkIf (!cfg.autostart) { + # Disable autostart if needed + systemd.services.duplicacy-web.wantedBy = lib.mkForce [ ]; + }) + ]; + } diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index cd23191..0f6aaf2 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -55,77 +55,81 @@ in }; }; - config = lib.mkIf cfg.enable { - environment.systemPackages = [ - forgejo-cli - pkgs.podman-tui - ]; - services = { - forgejo = { - enable = true; - settings.server = { - DOMAIN = cfg.domain; - ROOT_URL = cfg.url; - HTTP_PORT = 3000; - }; - useWizard = true; - } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; }; - - nginx.virtualHosts."${cfg.url}" = { - useACMEHost = cfg.domain; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - proxyWebsockets = true; - extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts - }; - }; - - # Enable runner for CI actions - gitea-actions-runner = lib.mkIf cfg.actions.enable { - package = pkgs.forgejo-actions-runner; - instances.default = { + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + environment.systemPackages = [ + forgejo-cli + pkgs.podman-tui + ]; + services = { + forgejo = { enable = true; - name = config.networking.hostName; - url = cfg.url; - token = cfg.actions.token; - labels = [ - "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/ - "debian:docker://node:20-bullseye" - "ubuntu-latest:docker://ubuntu:latest" - ]; - settings = { - # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix - # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml - container.options = "-v /nix:/nix"; - container.validVolumes = [ "/nix" ]; + settings.server = { + DOMAIN = cfg.domain; + ROOT_URL = cfg.url; + HTTP_PORT = 3000; + }; + useWizard = true; + } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; }; + + nginx.virtualHosts."${cfg.url}" = { + useACMEHost = cfg.domain; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + proxyWebsockets = true; + extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts + }; + }; + + # Enable runner for CI actions + gitea-actions-runner = lib.mkIf cfg.actions.enable { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = config.networking.hostName; + url = cfg.url; + token = cfg.actions.token; + labels = [ + "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/ + "debian:docker://node:20-bullseye" + "ubuntu-latest:docker://ubuntu:latest" + ]; + settings = { + # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix + # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml + container.options = "-v /nix:/nix"; + container.validVolumes = [ "/nix" ]; + }; }; }; }; - }; - systemd.services = { - nginx.wants = [ config.systemd.services.forgejo.name ]; - } // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; }; + systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ]; - # Enable Podman for running...uh, runners. - virtualisation = lib.mkIf cfg.actions.enable { - containers.enable = true; - podman = { - enable = true; + # Enable Podman for running...uh, runners. + virtualisation = lib.mkIf cfg.actions.enable { + containers.enable = true; + podman = { + enable = true; - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; - # Required for containers under podman-compose to be able to talk to each other. - defaultNetwork.settings.dns_enabled = true; + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; }; - }; - # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/) - networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; - }; + # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/) + networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + }) + (lib.mkIf (!cfg.autostart) { + # Disable autostart if needed + systemd.services.forgejo.wantedBy = lib.mkForce [ ]; + }) + ]; } diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index b624c92..7ea5af1 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -17,28 +17,31 @@ in }; }; - config = lib.mkIf cfg.enable { - services.nginx = { - enable = true; + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + services.nginx = { + enable = true; - # Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; + # Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; - virtualHosts = cfg.virtualHosts; - }; + virtualHosts = cfg.virtualHosts; + }; - # Open ports - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 80 - 443 - ]; - }; - - # Disable autostart if needed - systemd.services.nginx.wantedBy = lib.mkIf (!cfg.autostart) [ ]; - }; + # Open ports + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 80 + 443 + ]; + }; + }) + (lib.mkIf (!cfg.autostart) { + # Disable autostart if needed + systemd.services.nginx.wantedBy = lib.mkForce [ ]; + }) + ]; }