jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sops: root d, hosts d, modules/servers til multiscrobbler

Browse Source
This commit is contained in:
Danilo Reyes
2024-06-22 15:35:35 -06:00
parent 50f716df1f
commit 81e74871a1
20 changed files with 193 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/dev/python.nix
View File

@@ -1,9 +1,8 @@
{ config, lib, pkgs, ... }: {
options.my.dev.python.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.dev.python.enable {
home-manager.users.jawz.xdg.configFile = {
"python/pythonrc".source = ../../dotfiles/pythonrc;
};
home-manager.users.jawz.xdg.configFile."python/pythonrc".source =
../../dotfiles/pythonrc;
environment.variables.PYTHONSTARTUP = "\${XDG_CONFIG_HOME}/python/pythonrc";
users.users.jawz.packages = with pkgs; [
pipenv # python development workflow for humans

5
modules/servers.nix
View File

@@ -80,6 +80,11 @@ in {
default = "servidos.lat";
description = "The domain name.";
};
miniserver-ip = lib.mkOption {
type = lib.types.str;
default = "192.168.1.100";
description = "The miniserver ip.";
};
postgresSocket = lib.mkOption {
type = lib.types.str;
default = "/run/postgresql";

5
modules/servers/flame.nix
View File

@@ -8,6 +8,7 @@ in {
flameSecret.enable = lib.mkEnableOption "enable";
};
config = lib.mkIf config.my.servers.flame.enable {
sops.secrets.flame = { };
virtualisation.oci-containers = {
backend = "docker";
containers = {
@@ -23,7 +24,7 @@ in {
TZ = "America/Mexico_City";
PUID = "1000";
PGID = "100";
PASSWORD = "RkawpqMc8lR56QyU7JSfiLhG";
PASSWORD_FILE = config.sops.secrets.flame-password.path;
};
};
flame-nsfw = {
@@ -35,7 +36,7 @@ in {
TZ = "America/Mexico_City";
PUID = "1000";
PGID = "100";
PASSWORD = "RkawpqMc8lR56QyU7JSfiLhG";
PASSWORD_FILE = config.sops.secrets.flame-password.path;
};
};
};

6
modules/servers/kavita.nix
View File

@@ -1,6 +1,7 @@
{ lib, config, pkgs, proxyReverse, ... }: {
{ lib, config, proxyReverse, ... }: {
options.my.servers.kavita.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.kavita.enable {
sops.secrets.kavita-token = { };
users.users.kavita = {
isSystemUser = true;
group = "kavita";
@@ -9,8 +10,7 @@
services = {
kavita = {
enable = true;
tokenKeyFile = "${pkgs.writeText "kavitaToken"
"Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}";
tokenKeyFile = config.sops.secrets.kavita-token.path;
};
nginx = {
enable = true;

4
modules/servers/maloja.nix
View File

@@ -5,6 +5,7 @@ let
in {
options.my.servers.maloja.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.maloja.enable {
sops.secrets."maloja/password" = { };
virtualisation.oci-containers = {
backend = "docker";
containers.maloja = {
@@ -17,7 +18,8 @@ in {
PGID = "100";
MALOJA_DATA_DIRECTORY = "/mljdata";
MALOJA_SKIP_SETUP = "true";
MALOJA_FORCE_PASSWORD = "chichis";
MALOJA_FORCE_PASSWORD =
"cat ${config.sops.secrets."maloja/password".path}";
};
volumes = [ "${config.my.containerData}/maloja:/mljdata" ];
labels = {

10
modules/servers/mealie.nix
View File

@@ -6,6 +6,10 @@ let
in {
options.my.servers.mealie.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.mealie.enable {
sops.secrets = {
"smtp/email" = { };
"smtp/password" = { };
};
virtualisation.oci-containers = {
backend = "docker";
containers.mealie = {
@@ -23,9 +27,9 @@ in {
BASE_URL = url;
SMTP_HOST = "smtp.gmail.com";
SMTP_PORT = "587";
SMTP_FROM_EMAIL = "stunner6399@gmail.com";
SMTP_USER = "stunner6399@gmail.com";
SMTP_PASSWORD = "ywofhisexfawslob";
SMTP_FROM_EMAIL = "cat ${config.sops.secrets."smtp/email".path}";
SMTP_USER = "cat ${config.sops.secrets."smtp/email".path}";
SMTP_PASSWORD = "cat ${config.sops.secrets."smtp/password".path}";
};
extraOptions = [
"--memory=1g" # VA-API (omit for NVENC)

20
modules/servers/multi-scrobbler.nix
View File

@@ -6,6 +6,11 @@ let
in {
options.my.servers.multi-scrobbler.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.multi-scrobbler.enable {
sops.secrets = {
"maloja/apikey" = { };
"multi-scrobbler/deezer/client-id" = { };
"multi-scrobbler/deezer/client-secret" = { };
};
virtualisation.oci-containers = {
backend = "docker";
containers.multi-scrobbler = {
@@ -18,12 +23,17 @@ in {
BASE_URL = url;
# JELLYFIN_USER = "jawz";
# JELLYFIN_SERVER = "DaniloFlix";
DEEZER_CLIENT_ID = "657431";
DEEZER_CLIENT_SECRET = "cb2ad03682dd5a55dfef857388ef181e";
DEEZER_REDIRECT_URI = "http://192.168.1.69:9078/deezer/callback";
DEEZER_CLIENT_ID = "cat ${
config.sops.secrets."multi-scrobbler/deezer/client-id".path
}";
DEEZER_CLIENT_SECRET = "cat ${
config.sops.secrets."multi-scrobbler/deezer/client-secret".path
}";
DEEZER_REDIRECT_URI = "http://${config.my.miniserver-ip}:${
toString port
}/deezer/callback";
MALOJA_URL = "https://maloja.${config.my.domain}";
MALOJA_API_KEY =
"LsnY2Ed484JlzUmF6EwhpGJ0gUCjJ2G5s1oJTwALJN8w1N3K6eXpfjBQp3raNPLA";
MALOJA_API_KEY = "cat ${config.sops.secrets."maloja/apikey".path}";
WS_ENABLE = "true";
};
volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ];

10
modules/servers/ryot.nix
View File

@@ -6,6 +6,10 @@ in {
options.my.servers.ryot.enable = lib.mkEnableOption "enable";
config = lib.mkIf
(config.my.servers.ryot.enable && config.my.servers.postgres.enable) {
sops.secrets = {
"ryot/twitch/id" = { };
"ryot/twitch/secret" = { };
};
virtualisation.oci-containers = {
backend = "docker";
containers.ryot = {
@@ -15,8 +19,10 @@ in {
TZ = "America/Mexico_City";
DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
FRONTEND_INSECURE_COOKIES = "true";
VIDEO_GAMES_TWITCH_CLIENT_ID = "tfu0hw0zbdbu4lco4h72nqkb8krxp9";
VIDEO_GAMES_TWITCH_CLIENT_SECRET = "582ecfb01ihv6wnt8zbc9pf3hs9p54";
VIDEO_GAMES_TWITCH_CLIENT_ID =
"cat ${config.sops.secrets."ryot/twitch/id".path}";
VIDEO_GAMES_TWITCH_CLIENT_SECRET =
"cat ${config.sops.secrets."ryot/twitch/secret".path}";
};
volumes =
[ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];