stash wip, needs upstream pr

2025-03-07 21:35:31 -06:00
parent 169c463243
commit a9aa3b02c9
3 changed files with 54 additions and 2 deletions
--- a/modules/servers/stash.nix
+++ b/modules/servers/stash.nix
@@ -0,0 +1,47 @@
+{ lib, config, ... }:
+let
+  cfg = config.my.servers.stash;
+  setup = import ./setup.nix { inherit lib config; };
+in
+{
+  options.my.servers.stash = setup.mkOptions "stash" "xxx" 9999;
+  config = {
+    sops.secrets = lib.mkIf cfg.enable {
+      "stash/password".sopsFile = ../../secrets/env.yaml;
+      "stash/jwt".sopsFile = ../../secrets/env.yaml;
+      "stash/session".sopsFile = ../../secrets/env.yaml;
+    };
+    services = {
+      stash = lib.mkIf cfg.enable {
+        enable = true;
+        group = "piracy";
+        openFirewall = !cfg.isLocal;
+        mutableSettings = true;
+        username = "Suing8150";
+        passwordFile = config.sops.secrets."stash/password".path;
+        jwtSecretKeyFile = config.sops.secrets."stash/jwt".path;
+        sessionStoreKeyFile = config.sops.secrets."stash/session".path;
+        settings = {
+          inherit (cfg) port;
+          write_image_thumbnails = true;
+          sound_on_preview = false;
+          preview_audio = false;
+          parallel_tasks = 8;
+          nobrowser = true;
+          plugins_path = /var/lib/stash/plugins;
+          stash = [
+            {
+              Path = "/srv/pool/glue";
+              ExcludeImage = false;
+            }
+            {
+              Path = "/home/jawz/Backups/pool_old/glue";
+              ExcludeImage = false;
+            }
+          ];
+        };
+      };
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverseFix cfg);
+    };
+  };
+}