1
0
Fork 0

Modules: Fix autostarting services

This commit is contained in:
Aires 2024-07-02 14:40:49 -04:00
parent c1308f9ef4
commit fa6157c228
4 changed files with 156 additions and 137 deletions

View file

@ -32,37 +32,41 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkMerge [
aux.system.users.media.enable = true; (lib.mkIf cfg.enable {
users.users.airsonic.extraGroups = [ "media" ]; aux.system.users.media.enable = true;
users.users.airsonic.extraGroups = [ "media" ];
services = { services = {
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain; useACMEHost = cfg.domain;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:4040"; proxyPass = "http://127.0.0.1:4040";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; extraConfig = "proxy_ssl_server_name on;";
};
}; };
airsonic = {
enable = true;
war = "${
(pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
}/webapps/airsonic.war";
port = 4040;
jre = pkgs.jdk17;
jvmOptions = [
"-Dserver.use-forward-headers=true"
"-Xmx4G" # Increase Java heap size to 4GB
];
} // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
}; };
airsonic = { systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ];
enable = true; })
war = "${ (lib.mkIf (!cfg.autostart) {
(pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; }) # Disable autostart if needed
}/webapps/airsonic.war"; systemd.services.airsonic.wantedBy = lib.mkForce [ ];
port = 4040; })
jre = pkgs.jdk17; ];
jvmOptions = [
"-Dserver.use-forward-headers=true"
"-Xmx4G" # Increase Java heap size to 4GB
];
} // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
};
systemd.services = {
nginx.wants = [ config.systemd.services.airsonic.name ];
} // lib.optionalAttrs (!cfg.autostart) { airsonic.wantedBy = lib.mkForce [ ]; };
};
} }

View file

@ -28,31 +28,39 @@ rec {
}; };
}; };
config = mkIf cfg.enable { config = lib.mkMerge [
nixpkgs.config.allowUnfree = true; (lib.mkIf cfg.enable {
environment.systemPackages = [ duplicacy-web ]; nixpkgs.config.allowUnfree = true;
environment.systemPackages = [ duplicacy-web ];
networking.firewall.allowedTCPPorts = [ 3875 ]; networking.firewall.allowedTCPPorts = [ 3875 ];
# Install systemd service. # Install systemd service.
systemd.services."duplicacy-web" = { systemd.services."duplicacy-web" = {
enable = true; enable = true;
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ after = [
"syslog.target" "syslog.target"
"network-online.target" "network-online.target"
]; ];
description = "Start the Duplicacy backup service and web UI"; description = "Start the Duplicacy backup service and web UI";
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = ''${duplicacy-web}/duplicacy-web''; ExecStart = ''${duplicacy-web}/duplicacy-web'';
Restart = "on-failure"; Restart = "on-failure";
RestartSrc = 10; RestartSrc = 10;
KillMode = "process"; KillMode = "process";
};
environment = {
HOME = cfg.environment;
};
}; };
environment = { })
HOME = cfg.environment;
}; (lib.mkIf (!cfg.autostart) {
} // optionalAttrs cfg.autostart { wantedBy = [ "multi-user.target" ]; }; # Start at boot if autostart is enabled. # Disable autostart if needed
}; systemd.services.duplicacy-web.wantedBy = lib.mkForce [ ];
})
];
} }

View file

@ -55,77 +55,81 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkMerge [
environment.systemPackages = [ (lib.mkIf cfg.enable {
forgejo-cli environment.systemPackages = [
pkgs.podman-tui forgejo-cli
]; pkgs.podman-tui
services = { ];
forgejo = { services = {
enable = true; forgejo = {
settings.server = {
DOMAIN = cfg.domain;
ROOT_URL = cfg.url;
HTTP_PORT = 3000;
};
useWizard = true;
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
# Enable runner for CI actions
gitea-actions-runner = lib.mkIf cfg.actions.enable {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true; enable = true;
name = config.networking.hostName; settings.server = {
url = cfg.url; DOMAIN = cfg.domain;
token = cfg.actions.token; ROOT_URL = cfg.url;
labels = [ HTTP_PORT = 3000;
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/ };
"debian:docker://node:20-bullseye" useWizard = true;
"ubuntu-latest:docker://ubuntu:latest" } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
];
settings = { nginx.virtualHosts."${cfg.url}" = {
# For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix useACMEHost = cfg.domain;
# For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml forceSSL = true;
container.options = "-v /nix:/nix"; locations."/" = {
container.validVolumes = [ "/nix" ]; proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
};
};
# Enable runner for CI actions
gitea-actions-runner = lib.mkIf cfg.actions.enable {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = config.networking.hostName;
url = cfg.url;
token = cfg.actions.token;
labels = [
"nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
"debian:docker://node:20-bullseye"
"ubuntu-latest:docker://ubuntu:latest"
];
settings = {
# For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
# For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
container.options = "-v /nix:/nix";
container.validVolumes = [ "/nix" ];
};
}; };
}; };
}; };
};
systemd.services = { systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ];
nginx.wants = [ config.systemd.services.forgejo.name ];
} // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; };
# Enable Podman for running...uh, runners. # Enable Podman for running...uh, runners.
virtualisation = lib.mkIf cfg.actions.enable { virtualisation = lib.mkIf cfg.actions.enable {
containers.enable = true; containers.enable = true;
podman = { podman = {
enable = true; enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement # Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true; dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other. # Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true; defaultNetwork.settings.dns_enabled = true;
};
}; };
};
# Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/) # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable { networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ]; allowedUDPPorts = [ 53 ];
}; };
}; })
(lib.mkIf (!cfg.autostart) {
# Disable autostart if needed
systemd.services.forgejo.wantedBy = lib.mkForce [ ];
})
];
} }

View file

@ -17,28 +17,31 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkMerge [
services.nginx = { (lib.mkIf cfg.enable {
enable = true; services.nginx = {
enable = true;
# Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading # Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = cfg.virtualHosts; virtualHosts = cfg.virtualHosts;
}; };
# Open ports # Open ports
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
80 80
443 443
]; ];
}; };
})
# Disable autostart if needed (lib.mkIf (!cfg.autostart) {
systemd.services.nginx.wantedBy = lib.mkIf (!cfg.autostart) [ ]; # Disable autostart if needed
}; systemd.services.nginx.wantedBy = lib.mkForce [ ];
})
];
} }