From a9aa3b02c91c6ef23f4c6c19a11b3f4113ded2f7 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Fri, 7 Mar 2025 21:35:31 -0600 Subject: [PATCH] stash wip, needs upstream pr --- hosts/server/toggles.nix | 1 + modules/servers/stash.nix | 47 +++++++++++++++++++++++++++++++++++++++ secrets/env.yaml | 8 +++++-- 3 files changed, 54 insertions(+), 2 deletions(-) create mode 100644 modules/servers/stash.nix diff --git a/hosts/server/toggles.nix b/hosts/server/toggles.nix index 97d3296..4d8dcb2 100644 --- a/hosts/server/toggles.nix +++ b/hosts/server/toggles.nix @@ -36,5 +36,6 @@ unpackerr.enable = true; plex.enable = true; jellyfin.enable = true; + # stash.enable = true; }; } diff --git a/modules/servers/stash.nix b/modules/servers/stash.nix new file mode 100644 index 0000000..0b5aa3b --- /dev/null +++ b/modules/servers/stash.nix @@ -0,0 +1,47 @@ +{ lib, config, ... }: +let + cfg = config.my.servers.stash; + setup = import ./setup.nix { inherit lib config; }; +in +{ + options.my.servers.stash = setup.mkOptions "stash" "xxx" 9999; + config = { + sops.secrets = lib.mkIf cfg.enable { + "stash/password".sopsFile = ../../secrets/env.yaml; + "stash/jwt".sopsFile = ../../secrets/env.yaml; + "stash/session".sopsFile = ../../secrets/env.yaml; + }; + services = { + stash = lib.mkIf cfg.enable { + enable = true; + group = "piracy"; + openFirewall = !cfg.isLocal; + mutableSettings = true; + username = "Suing8150"; + passwordFile = config.sops.secrets."stash/password".path; + jwtSecretKeyFile = config.sops.secrets."stash/jwt".path; + sessionStoreKeyFile = config.sops.secrets."stash/session".path; + settings = { + inherit (cfg) port; + write_image_thumbnails = true; + sound_on_preview = false; + preview_audio = false; + parallel_tasks = 8; + nobrowser = true; + plugins_path = /var/lib/stash/plugins; + stash = [ + { + Path = "/srv/pool/glue"; + ExcludeImage = false; + } + { + Path = "/home/jawz/Backups/pool_old/glue"; + ExcludeImage = false; + } + ]; + }; + }; + nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg); + }; + }; +} diff --git a/secrets/env.yaml b/secrets/env.yaml index 783fef8..da6eb8f 100644 --- a/secrets/env.yaml +++ b/secrets/env.yaml @@ -1,3 +1,7 @@ +stash: + password: ENC[AES256_GCM,data:DVtKQmtOQA/jS3ZncbuPKMukJyo=,iv:FSLl4Qbq58X0WNjqz8LLOW6XpBQxE5W7L9yOTBQkBOA=,tag:Qun+5Vf193Qt8n+Yp9lBJg==,type:str] + jwt: ENC[AES256_GCM,data:C1RcyQn3j5LaCSDGPjBAm6RYsqvVn1HIFxxBP4FNx7NVCroju4VEtkV98Ve0D6Z60L3mB1yOqi8OrEgXNJv+vw==,iv:t8pmLzXwg1g9kkiL98ql9YLaSitaXoJiiLiUf3G1cWk=,tag:D3mdFIe3m3219E4V8yhmpg==,type:str] + session: ENC[AES256_GCM,data:ifUXaGIO7xKPgtTVEeERx0OyBDni2eoWo7dFxazQ4W2DBrnzQfJ7Plqt8EYLhQQRP4I6e33+oEKNzpuiG+XJCw==,iv:AOI0lMcTT02GpOCQuX74hPBKth3WdFN2W2wlqKgrKJM=,tag:1I+brf4G2oKE7o2E90q/CQ==,type:str] shiori: ENC[AES256_GCM,data:tV7+1GusZvcli8dM86xOD71dc2mzcyfQwMeTh//LDb0=,iv:ED9wR6QjQgwd9Ll/UC5FK3CyYK3b0RniC/D6Y0nGEOI=,tag:X/aopMc2vhnRW2iTphFflQ==,type:str] flame: ENC[AES256_GCM,data:XsYRsA2xs+juWje2Od2Yl2xIvU0OS8xMrtwtcK/0NyyRrg==,iv:FR8lHsNQNCaOy4P+7BsIjNCz+H38i5RlwLYQ4fpB2+w=,tag:61EV7H04pcr1bSX4nSvlpw==,type:str] ryot: ENC[AES256_GCM,data:Vlo6pv2+LuQxvdprI53BoQpngRfUWhqE07o+9ZKLZiaJBC6FCdFbeu37mo7QqGUJ34bHDP87PGU2IDPC69XURbVLy3QpgSqKiQlM56XoXr4Yz+B4MGVkVr384r5bQ6eMoSpIJ25UgMotuYWNgdyixKS+Nu/+pGLtVS/YtQ==,iv:YZs3zAlHuK9fz0OGAX9vQxoaYbzojwXpY++LwIxF6Ig=,tag:t2n8F1ll2ZN44AYDOjmhLQ==,type:str] @@ -49,8 +53,8 @@ sops: QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb 9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-31T05:16:37Z" - mac: ENC[AES256_GCM,data:JKLxoozXr/YuMRjR26dketI4uGWsj1Tj+qjGaB/o1HLiHdXr2lTFqA4mQK6cSdJNK+j6KMlS3p5NdKkwWoSm85OtsTeuNrERdoRFqMH0H+2jToLw5SYofDTHlWhNEgQU78K3uwobu+R8M9ky5akUOj3Yi6WKhZEzmb3aVQX07Yg=,iv:e5ocM887jf6o2lrrAuTYSaQ7t5whk3xYZ2tTg9ueJNE=,tag:WDUQklobYgFti7OnTaKe+g==,type:str] + lastmodified: "2025-03-08T03:20:01Z" + mac: ENC[AES256_GCM,data:c625lqZhrlmV9rVcLQfeaB1XN7uX+SJ7R6ei1X/oHqT68nCfqoNhnLgpIIllZhOwdRCjrgH9eZXMwP/2RCyozqJim//cKbK2E33vrsxyqJZjNgnNON2imycy4hkaTbQo6rGrzJqUkpTdfRJxTJ8PvNBzk+tua5FY0gpfYGHSD5c=,iv:mKGT+lZZr7EjoNyFKlS347kY/tBSOqi6AgRvzwC3o7Q=,tag:GXGSVEhrJq+XrVtYMceVYQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4