Modules: Fix autostarting services
This commit is contained in:
parent
c1308f9ef4
commit
fa6157c228
|
@ -32,37 +32,41 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkMerge [
|
||||||
aux.system.users.media.enable = true;
|
(lib.mkIf cfg.enable {
|
||||||
users.users.airsonic.extraGroups = [ "media" ];
|
aux.system.users.media.enable = true;
|
||||||
|
users.users.airsonic.extraGroups = [ "media" ];
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
nginx.virtualHosts."${cfg.url}" = {
|
nginx.virtualHosts."${cfg.url}" = {
|
||||||
useACMEHost = cfg.domain;
|
useACMEHost = cfg.domain;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:4040";
|
proxyPass = "http://127.0.0.1:4040";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
extraConfig = "proxy_ssl_server_name on;";
|
extraConfig = "proxy_ssl_server_name on;";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
airsonic = {
|
||||||
|
enable = true;
|
||||||
|
war = "${
|
||||||
|
(pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
|
||||||
|
}/webapps/airsonic.war";
|
||||||
|
port = 4040;
|
||||||
|
jre = pkgs.jdk17;
|
||||||
|
jvmOptions = [
|
||||||
|
"-Dserver.use-forward-headers=true"
|
||||||
|
"-Xmx4G" # Increase Java heap size to 4GB
|
||||||
|
];
|
||||||
|
} // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
|
||||||
};
|
};
|
||||||
|
|
||||||
airsonic = {
|
systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ];
|
||||||
enable = true;
|
})
|
||||||
war = "${
|
(lib.mkIf (!cfg.autostart) {
|
||||||
(pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
|
# Disable autostart if needed
|
||||||
}/webapps/airsonic.war";
|
systemd.services.airsonic.wantedBy = lib.mkForce [ ];
|
||||||
port = 4040;
|
})
|
||||||
jre = pkgs.jdk17;
|
];
|
||||||
jvmOptions = [
|
|
||||||
"-Dserver.use-forward-headers=true"
|
|
||||||
"-Xmx4G" # Increase Java heap size to 4GB
|
|
||||||
];
|
|
||||||
} // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services = {
|
|
||||||
nginx.wants = [ config.systemd.services.airsonic.name ];
|
|
||||||
} // lib.optionalAttrs (!cfg.autostart) { airsonic.wantedBy = lib.mkForce [ ]; };
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,31 +28,39 @@ rec {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkMerge [
|
||||||
nixpkgs.config.allowUnfree = true;
|
(lib.mkIf cfg.enable {
|
||||||
environment.systemPackages = [ duplicacy-web ];
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
environment.systemPackages = [ duplicacy-web ];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 3875 ];
|
networking.firewall.allowedTCPPorts = [ 3875 ];
|
||||||
|
|
||||||
# Install systemd service.
|
# Install systemd service.
|
||||||
systemd.services."duplicacy-web" = {
|
systemd.services."duplicacy-web" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wants = [ "network-online.target" ];
|
wants = [ "network-online.target" ];
|
||||||
after = [
|
after = [
|
||||||
"syslog.target"
|
"syslog.target"
|
||||||
"network-online.target"
|
"network-online.target"
|
||||||
];
|
];
|
||||||
description = "Start the Duplicacy backup service and web UI";
|
description = "Start the Duplicacy backup service and web UI";
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = ''${duplicacy-web}/duplicacy-web'';
|
ExecStart = ''${duplicacy-web}/duplicacy-web'';
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
RestartSrc = 10;
|
RestartSrc = 10;
|
||||||
KillMode = "process";
|
KillMode = "process";
|
||||||
|
};
|
||||||
|
environment = {
|
||||||
|
HOME = cfg.environment;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
environment = {
|
})
|
||||||
HOME = cfg.environment;
|
|
||||||
};
|
(lib.mkIf (!cfg.autostart) {
|
||||||
} // optionalAttrs cfg.autostart { wantedBy = [ "multi-user.target" ]; }; # Start at boot if autostart is enabled.
|
# Disable autostart if needed
|
||||||
};
|
systemd.services.duplicacy-web.wantedBy = lib.mkForce [ ];
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -55,77 +55,81 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkMerge [
|
||||||
environment.systemPackages = [
|
(lib.mkIf cfg.enable {
|
||||||
forgejo-cli
|
environment.systemPackages = [
|
||||||
pkgs.podman-tui
|
forgejo-cli
|
||||||
];
|
pkgs.podman-tui
|
||||||
services = {
|
];
|
||||||
forgejo = {
|
services = {
|
||||||
enable = true;
|
forgejo = {
|
||||||
settings.server = {
|
|
||||||
DOMAIN = cfg.domain;
|
|
||||||
ROOT_URL = cfg.url;
|
|
||||||
HTTP_PORT = 3000;
|
|
||||||
};
|
|
||||||
useWizard = true;
|
|
||||||
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
|
|
||||||
|
|
||||||
nginx.virtualHosts."${cfg.url}" = {
|
|
||||||
useACMEHost = cfg.domain;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:3000";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enable runner for CI actions
|
|
||||||
gitea-actions-runner = lib.mkIf cfg.actions.enable {
|
|
||||||
package = pkgs.forgejo-actions-runner;
|
|
||||||
instances.default = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
name = config.networking.hostName;
|
settings.server = {
|
||||||
url = cfg.url;
|
DOMAIN = cfg.domain;
|
||||||
token = cfg.actions.token;
|
ROOT_URL = cfg.url;
|
||||||
labels = [
|
HTTP_PORT = 3000;
|
||||||
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
|
};
|
||||||
"debian:docker://node:20-bullseye"
|
useWizard = true;
|
||||||
"ubuntu-latest:docker://ubuntu:latest"
|
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
|
||||||
];
|
|
||||||
settings = {
|
nginx.virtualHosts."${cfg.url}" = {
|
||||||
# For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
|
useACMEHost = cfg.domain;
|
||||||
# For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
|
forceSSL = true;
|
||||||
container.options = "-v /nix:/nix";
|
locations."/" = {
|
||||||
container.validVolumes = [ "/nix" ];
|
proxyPass = "http://127.0.0.1:3000";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable runner for CI actions
|
||||||
|
gitea-actions-runner = lib.mkIf cfg.actions.enable {
|
||||||
|
package = pkgs.forgejo-actions-runner;
|
||||||
|
instances.default = {
|
||||||
|
enable = true;
|
||||||
|
name = config.networking.hostName;
|
||||||
|
url = cfg.url;
|
||||||
|
token = cfg.actions.token;
|
||||||
|
labels = [
|
||||||
|
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
|
||||||
|
"debian:docker://node:20-bullseye"
|
||||||
|
"ubuntu-latest:docker://ubuntu:latest"
|
||||||
|
];
|
||||||
|
settings = {
|
||||||
|
# For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
|
||||||
|
# For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
|
||||||
|
container.options = "-v /nix:/nix";
|
||||||
|
container.validVolumes = [ "/nix" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services = {
|
systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ];
|
||||||
nginx.wants = [ config.systemd.services.forgejo.name ];
|
|
||||||
} // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; };
|
|
||||||
|
|
||||||
# Enable Podman for running...uh, runners.
|
# Enable Podman for running...uh, runners.
|
||||||
virtualisation = lib.mkIf cfg.actions.enable {
|
virtualisation = lib.mkIf cfg.actions.enable {
|
||||||
containers.enable = true;
|
containers.enable = true;
|
||||||
podman = {
|
podman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
||||||
dockerCompat = true;
|
dockerCompat = true;
|
||||||
|
|
||||||
# Required for containers under podman-compose to be able to talk to each other.
|
# Required for containers under podman-compose to be able to talk to each other.
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
defaultNetwork.settings.dns_enabled = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
|
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
|
||||||
networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
|
networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
|
||||||
allowedTCPPorts = [ 53 ];
|
allowedTCPPorts = [ 53 ];
|
||||||
allowedUDPPorts = [ 53 ];
|
allowedUDPPorts = [ 53 ];
|
||||||
};
|
};
|
||||||
};
|
})
|
||||||
|
(lib.mkIf (!cfg.autostart) {
|
||||||
|
# Disable autostart if needed
|
||||||
|
systemd.services.forgejo.wantedBy = lib.mkForce [ ];
|
||||||
|
})
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,28 +17,31 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkMerge [
|
||||||
services.nginx = {
|
(lib.mkIf cfg.enable {
|
||||||
enable = true;
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
# Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
|
# Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
virtualHosts = cfg.virtualHosts;
|
virtualHosts = cfg.virtualHosts;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Open ports
|
# Open ports
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
80
|
80
|
||||||
443
|
443
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
})
|
||||||
# Disable autostart if needed
|
(lib.mkIf (!cfg.autostart) {
|
||||||
systemd.services.nginx.wantedBy = lib.mkIf (!cfg.autostart) [ ];
|
# Disable autostart if needed
|
||||||
};
|
systemd.services.nginx.wantedBy = lib.mkForce [ ];
|
||||||
|
})
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue