From b4417a6acd36e66826c93943f34002280f6de3e2 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Sun, 28 Sep 2025 11:14:57 -0600 Subject: [PATCH] properly inherit enable on servers --- modules/servers/adguardhome.nix | 7 +++-- modules/servers/atticd.nix | 2 +- modules/servers/audiobookshelf.nix | 7 ++--- modules/servers/bazarr.nix | 2 +- modules/servers/firefly-iii.nix | 39 ++++++++++++++------------ modules/servers/firefox-syncserver.nix | 2 +- modules/servers/gitea.nix | 2 +- modules/servers/homepage.nix | 2 +- modules/servers/jellyfin.nix | 15 +++++----- modules/servers/kavita.nix | 4 +-- modules/servers/mealie.nix | 2 +- modules/servers/microbin.nix | 4 +-- modules/servers/nextcloud.nix | 4 +-- modules/servers/nix-serve.nix | 3 +- modules/servers/ombi.nix | 3 +- modules/servers/paperless.nix | 7 +++-- modules/servers/plex.nix | 6 ++-- modules/servers/postgres.nix | 5 ++-- modules/servers/prowlarr.nix | 12 +++++--- modules/servers/radarr.nix | 4 +-- modules/servers/readeck.nix | 2 +- modules/servers/ryot.nix | 31 +++++++++----------- modules/servers/sabnzbd.nix | 7 +++-- modules/servers/shiori.nix | 20 ++++++------- modules/servers/sonarr.nix | 2 +- modules/servers/stash.nix | 2 +- modules/servers/synapse.nix | 2 +- modules/servers/tranga.nix | 4 +-- modules/servers/vaultwarden.nix | 2 +- 29 files changed, 105 insertions(+), 99 deletions(-) diff --git a/modules/servers/adguardhome.nix b/modules/servers/adguardhome.nix index 1924549..f5fdc0a 100644 --- a/modules/servers/adguardhome.nix +++ b/modules/servers/adguardhome.nix @@ -1,9 +1,12 @@ { lib, config, ... }: +let + cfg = config.my.servers.adguardhome; +in { options.my.servers.adguardhome.enable = lib.mkEnableOption "enable"; - config = lib.mkIf config.my.servers.adguardhome.enable { + config = lib.mkIf (cfg.enable && config.my.secureHost) { services.adguardhome = { - enable = true; + inherit (cfg) enable; mutableSettings = true; }; }; diff --git a/modules/servers/atticd.nix b/modules/servers/atticd.nix index 032a211..ec94fef 100644 --- a/modules/servers/atticd.nix +++ b/modules/servers/atticd.nix @@ -8,7 +8,7 @@ in config = lib.mkIf (cfg.enable && config.my.secureHost) { sops.secrets."private_cache_keys/atticd".sopsFile = ../../secrets/keys.yaml; services.atticd = { - enable = true; + inherit (cfg) enable; environmentFile = config.sops.secrets."private_cache_keys/atticd".path; settings = { listen = "[::]:${toString cfg.port}"; diff --git a/modules/servers/audiobookshelf.nix b/modules/servers/audiobookshelf.nix index a400a50..9cfa2ba 100644 --- a/modules/servers/audiobookshelf.nix +++ b/modules/servers/audiobookshelf.nix @@ -5,11 +5,10 @@ let in { options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687; - config = { + config = lib.mkIf (cfg.enable && config.my.secureHost) { my.servers.audiobookshelf.enableSocket = true; - services.audiobookshelf = lib.mkIf cfg.enable { - inherit (cfg) port; - enable = true; + services.audiobookshelf = { + inherit (cfg) enable port; host = cfg.ip; group = "piracy"; }; diff --git a/modules/servers/bazarr.nix b/modules/servers/bazarr.nix index d4fd3ba..181caf2 100644 --- a/modules/servers/bazarr.nix +++ b/modules/servers/bazarr.nix @@ -6,7 +6,7 @@ in { options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort; config.services.bazarr = lib.mkIf cfg.enable { - enable = true; + inherit (cfg) enable; group = "piracy"; }; } diff --git a/modules/servers/firefly-iii.nix b/modules/servers/firefly-iii.nix index e229f2c..d4280de 100644 --- a/modules/servers/firefly-iii.nix +++ b/modules/servers/firefly-iii.nix @@ -1,22 +1,25 @@ { lib, config, ... }: +let + cfg = config.my.servers.firefly-iii; +in { - options.my.servers.firefly-iii.enable = lib.mkEnableOption "enable"; - config = - lib.mkIf - (config.my.servers.firefly-iii.enable && config.my.servers.postgres.enable && config.my.secureHost) - { - sops.secrets.firefly-iii-keyfile = { - owner = config.users.users.firefly-iii.name; - inherit (config.users.users.firefly-iii) group; - }; - services.firefly-iii = { - enable = true; - enableNginx = true; - settings = { - APP_KEY_FILE = config.sops.secrets.firefly-iii-keyfile.path; - DB_HOST = config.my.postgresSocket; - DB_CONNECTION = "pgsql"; - }; - }; + options.my.servers.firefly-iii = { + enable = lib.mkEnableOption "enable"; + enableProxy = lib.mkEnableOption "enableProxy"; + }; + config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) { + sops.secrets.firefly-iii-keyfile = { + owner = config.users.users.firefly-iii.name; + inherit (config.users.users.firefly-iii) group; + }; + services.firefly-iii = { + inherit (cfg) enable; + enableNginx = cfg.enableProxy; + settings = { + APP_KEY_FILE = config.sops.secrets.firefly-iii-keyfile.path; + DB_HOST = config.my.postgresSocket; + DB_CONNECTION = "pgsql"; }; + }; + }; } diff --git a/modules/servers/firefox-syncserver.nix b/modules/servers/firefox-syncserver.nix index 001489d..710e9f2 100644 --- a/modules/servers/firefox-syncserver.nix +++ b/modules/servers/firefox-syncserver.nix @@ -5,7 +5,7 @@ let in { options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233; - config = { + config = lib.mkIf (cfg.enable && config.my.secureHost) { # sops.secrets.firefox-syncserver.sopsFile = ../../secrets/env.yaml; services.firefox-syncserver = { inherit (cfg) enable; diff --git a/modules/servers/gitea.nix b/modules/servers/gitea.nix index 403b2b8..44ad8c8 100644 --- a/modules/servers/gitea.nix +++ b/modules/servers/gitea.nix @@ -17,7 +17,7 @@ in config = lib.mkIf (cfg.enable && config.my.secureHost) { sops.secrets.gitea.sopsFile = ../../secrets/env.yaml; services.gitea = { - enable = true; + inherit (cfg) enable; domain = cfg.host; rootUrl = cfg.url; settings = { diff --git a/modules/servers/homepage.nix b/modules/servers/homepage.nix index d22a29e..5625fd7 100644 --- a/modules/servers/homepage.nix +++ b/modules/servers/homepage.nix @@ -16,7 +16,7 @@ in }; my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path; services.homepage-dashboard = lib.mkIf cfg.enable { - enable = true; + inherit (cfg) enable; listenPort = cfg.port; environmentFile = config.sops.secrets.homepage.path; settings = { diff --git a/modules/servers/jellyfin.nix b/modules/servers/jellyfin.nix index 7e04c6e..1a8c984 100644 --- a/modules/servers/jellyfin.nix +++ b/modules/servers/jellyfin.nix @@ -23,15 +23,14 @@ let in { options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096; - config = { - environment = { - systemPackages = lib.mkIf cfg.enable ( - [ pkgs.jellyfin-ffmpeg ] ++ (lib.optional cfg.enableCron [ sub-sync-path ]) - ); - }; + config = lib.mkIf (cfg.enable && config.my.secureHost) { + environment.systemPackages = [ + pkgs.jellyfin-ffmpeg + ] + ++ (lib.optional cfg.enableCron [ sub-sync-path ]); services = { - jellyfin = lib.mkIf cfg.enable { - enable = true; + jellyfin = { + inherit (cfg) enable; group = "piracy"; }; nginx = lib.mkIf cfg.enableProxy { diff --git a/modules/servers/kavita.nix b/modules/servers/kavita.nix index 5a98e27..85147ff 100644 --- a/modules/servers/kavita.nix +++ b/modules/servers/kavita.nix @@ -10,7 +10,7 @@ in owner = config.users.users.kavita.name; inherit (config.users.users.kavita) group; }; - users.users.kavita = lib.mkIf cfg.enable { + users.users.kavita = { isSystemUser = true; group = "kavita"; extraGroups = [ @@ -19,7 +19,7 @@ in ]; }; services.kavita = { - enable = true; + inherit (cfg) enable; tokenKeyFile = config.sops.secrets.kavita-token.path; }; }; diff --git a/modules/servers/mealie.nix b/modules/servers/mealie.nix index 6e60843..77026dd 100644 --- a/modules/servers/mealie.nix +++ b/modules/servers/mealie.nix @@ -8,7 +8,7 @@ in config = lib.mkIf (cfg.enable && config.my.secureHost) { sops.secrets.mealie.sopsFile = ../../secrets/env.yaml; services.mealie = { - inherit (cfg) port enable; + inherit (cfg) enable port; settings = { TZ = config.my.timeZone; DEFAULT_GROUP = "Home"; diff --git a/modules/servers/microbin.nix b/modules/servers/microbin.nix index 682a8b5..1d10346 100644 --- a/modules/servers/microbin.nix +++ b/modules/servers/microbin.nix @@ -5,8 +5,8 @@ let in { options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086; - config.services.microbin = lib.mkIf cfg.enable { - enable = true; + config.services.microbin = lib.mkIf (cfg.enable && config.my.secureHost) { + inherit (cfg) enable; settings = { MICROBIN_PORT = cfg.port; MICROBIN_HIDE_LOGO = false; diff --git a/modules/servers/nextcloud.nix b/modules/servers/nextcloud.nix index 31bce26..92e5d11 100644 --- a/modules/servers/nextcloud.nix +++ b/modules/servers/nextcloud.nix @@ -229,7 +229,7 @@ in "--device=/dev/dri" # VA-API (omit for NVENC) ]; }; - collabora = lib.mkIf config.my.servers.collabora.enable { + collabora = lib.mkIf cfgC.enable { autoStart = true; image = "collabora/code"; imageFile = pkgs.dockerTools.pullImage { @@ -255,7 +255,7 @@ in ]; }; }; - systemd = lib.mkIf config.my.servers.nextcloud.enableCron { + systemd = lib.mkIf cfg.enableCron { services = { nextcloud-cron.path = [ pkgs.perl ]; nextcloud-cronjob = diff --git a/modules/servers/nix-serve.nix b/modules/servers/nix-serve.nix index 8c3f51e..14cb172 100644 --- a/modules/servers/nix-serve.nix +++ b/modules/servers/nix-serve.nix @@ -13,9 +13,8 @@ in config = lib.mkIf (cfg.enable && config.my.secureHost) { sops.secrets."private_cache_keys/miniserver".sopsFile = ../../secrets/keys.yaml; services.nix-serve = { - enable = true; + inherit (cfg) enable port; package = pkgs.nix-serve-ng; - inherit (cfg) port; secretKeyFile = config.sops.secrets."private_cache_keys/miniserver".path; }; }; diff --git a/modules/servers/ombi.nix b/modules/servers/ombi.nix index 2c35d3b..f54026c 100644 --- a/modules/servers/ombi.nix +++ b/modules/servers/ombi.nix @@ -6,7 +6,6 @@ in { options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425; config.services.ombi = lib.mkIf cfg.enable { - enable = true; - inherit (cfg) port; + inherit (cfg) enable port; }; } diff --git a/modules/servers/paperless.nix b/modules/servers/paperless.nix index fa0c8c1..9439715 100644 --- a/modules/servers/paperless.nix +++ b/modules/servers/paperless.nix @@ -1,10 +1,13 @@ { lib, config, ... }: +let + cfg = config.my.servers.paperless; +in { options.my.servers.paperless.enable = lib.mkEnableOption "enable"; - config = lib.mkIf (config.my.servers.paperless.enable && config.my.servers.postgres.enable) { + config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) { networking.firewall.allowedTCPPorts = [ config.services.paperless.port ]; services.paperless = { - enable = true; + inherit (cfg) enable; address = "0.0.0.0"; consumptionDirIsPublic = true; consumptionDir = "/srv/pool/scans/"; diff --git a/modules/servers/plex.nix b/modules/servers/plex.nix index 9347c2a..2af7afa 100644 --- a/modules/servers/plex.nix +++ b/modules/servers/plex.nix @@ -9,9 +9,9 @@ let in { options.my.servers.plex = setup.mkOptions "plex" "plex" 32400; - config.services = { - plex = lib.mkIf cfg.enable { - enable = true; + config.services = lib.mkIf (cfg.enable && config.my.secureHost) { + plex = { + inherit (cfg) enable; group = "piracy"; }; nginx = lib.mkIf cfg.enableProxy { diff --git a/modules/servers/postgres.nix b/modules/servers/postgres.nix index 68f3844..67eb666 100644 --- a/modules/servers/postgres.nix +++ b/modules/servers/postgres.nix @@ -5,6 +5,7 @@ ... }: let + cfg = config.my.servers.postgres; # upgrade here first, then below. upgrade-pg-cluster = let @@ -42,10 +43,10 @@ let in { options.my.servers.postgres.enable = lib.mkEnableOption "enable"; - config = lib.mkIf config.my.servers.postgres.enable { + config = lib.mkIf cfg.enable { environment.systemPackages = [ upgrade-pg-cluster ]; services.postgresql = { - enable = true; + inherit (cfg) enable; enableTCPIP = true; ensureDatabases = dbNames; package = pkgs.postgresql_17; diff --git a/modules/servers/prowlarr.nix b/modules/servers/prowlarr.nix index 813cb48..e2f2975 100644 --- a/modules/servers/prowlarr.nix +++ b/modules/servers/prowlarr.nix @@ -9,14 +9,18 @@ let in { options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696; - config = { - users.users.prowlarr = lib.mkIf cfg.enable { + config = lib.mkIf cfg.enable { + users.users.prowlarr = { group = "piracy"; isSystemUser = true; }; services = { - prowlarr.enable = cfg.enable; - flaresolverr.enable = cfg.enable; + prowlarr = { + inherit (cfg) enable; + }; + flaresolverr = { + inherit (cfg) enable; + }; }; }; } diff --git a/modules/servers/radarr.nix b/modules/servers/radarr.nix index d4b25e9..32c99de 100644 --- a/modules/servers/radarr.nix +++ b/modules/servers/radarr.nix @@ -5,9 +5,9 @@ let in { options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878; - config = lib.mkIf (cfg.enable && config.my.secureHost) { + config = lib.mkIf cfg.enable { services.radarr = { - enable = true; + inherit (cfg) enable; group = "piracy"; }; }; diff --git a/modules/servers/readeck.nix b/modules/servers/readeck.nix index 012590a..d867826 100644 --- a/modules/servers/readeck.nix +++ b/modules/servers/readeck.nix @@ -8,7 +8,7 @@ in config = lib.mkIf (cfg.enable && config.my.secureHost) { sops.secrets.readeck.sopsFile = ../../secrets/env.yaml; services.readeck = { - enable = true; + inherit (cfg) enable; environmentFile = config.sops.secrets.readeck.path; settings = { main = { diff --git a/modules/servers/ryot.nix b/modules/servers/ryot.nix index 74eb382..6c57df6 100644 --- a/modules/servers/ryot.nix +++ b/modules/servers/ryot.nix @@ -5,22 +5,19 @@ let in { options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765; - config = - lib.mkIf - (config.my.servers.ryot.enable && config.my.servers.postgres.enable && config.my.secureHost) - { - sops.secrets.ryot.sopsFile = ../../secrets/env.yaml; - virtualisation.oci-containers.containers.ryot = { - image = "ghcr.io/ignisda/ryot:v9.2.0"; - ports = [ "${toString cfg.port}:8000" ]; - environmentFiles = [ config.sops.secrets.ryot.path ]; - environment = { - RUST_LOG = "ryot=debug,sea_orm=debug"; - TZ = config.my.timeZone; - DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}"; - FRONTEND_INSECURE_COOKIES = "true"; - }; - volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ]; - }; + config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) { + sops.secrets.ryot.sopsFile = ../../secrets/env.yaml; + virtualisation.oci-containers.containers.ryot = { + image = "ghcr.io/ignisda/ryot:v9.2.0"; + ports = [ "${toString cfg.port}:8000" ]; + environmentFiles = [ config.sops.secrets.ryot.path ]; + environment = { + RUST_LOG = "ryot=debug,sea_orm=debug"; + TZ = config.my.timeZone; + DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}"; + FRONTEND_INSECURE_COOKIES = "true"; }; + volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ]; + }; + }; } diff --git a/modules/servers/sabnzbd.nix b/modules/servers/sabnzbd.nix index 8cf48c1..2e3743c 100644 --- a/modules/servers/sabnzbd.nix +++ b/modules/servers/sabnzbd.nix @@ -1,4 +1,7 @@ { lib, config, ... }: +let + cfg = config.my.servers.sabnzbd; +in { options.my.servers.sabnzbd = { enable = lib.mkEnableOption "enable"; @@ -8,9 +11,9 @@ description = "The port to access sabnzbd web-ui"; }; }; - config = lib.mkIf config.my.servers.sabnzbd.enable { + config = lib.mkIf cfg.enable { services.sabnzbd = { - enable = true; + inherit (cfg) enable; group = "piracy"; }; }; diff --git a/modules/servers/shiori.nix b/modules/servers/shiori.nix index 5b0a123..3fef157 100644 --- a/modules/servers/shiori.nix +++ b/modules/servers/shiori.nix @@ -5,16 +5,12 @@ let in { options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368; - config = - lib.mkIf - (config.my.servers.shiori.enable && config.my.servers.postgres.enable && config.my.secureHost) - { - sops.secrets.shiori.sopsFile = ../../secrets/env.yaml; - services.shiori = { - inherit (cfg) port; - enable = true; - environmentFile = config.sops.secrets.shiori.path; - databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}"; - }; - }; + config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) { + sops.secrets.shiori.sopsFile = ../../secrets/env.yaml; + services.shiori = { + inherit (cfg) enable port; + environmentFile = config.sops.secrets.shiori.path; + databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}"; + }; + }; } diff --git a/modules/servers/sonarr.nix b/modules/servers/sonarr.nix index 3a80205..ebfa61f 100644 --- a/modules/servers/sonarr.nix +++ b/modules/servers/sonarr.nix @@ -6,7 +6,7 @@ in { options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989; config.services.sonarr = lib.mkIf cfg.enable { - enable = true; + inherit (cfg) enable; group = "piracy"; }; } diff --git a/modules/servers/stash.nix b/modules/servers/stash.nix index dcfb0dc..c2f066b 100644 --- a/modules/servers/stash.nix +++ b/modules/servers/stash.nix @@ -12,7 +12,7 @@ in "stash/session".sopsFile = ../../secrets/env.yaml; }; services.stash = { - enable = true; + inherit (cfg) enable; group = "piracy"; mutableSettings = true; username = "Suing8150"; diff --git a/modules/servers/synapse.nix b/modules/servers/synapse.nix index d3672ed..a7bf6de 100644 --- a/modules/servers/synapse.nix +++ b/modules/servers/synapse.nix @@ -52,7 +52,7 @@ in networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ]; services = { matrix-synapse = { - enable = true; + inherit (cfg) enable; extraConfigFiles = [ config.sops.secrets.synapse.path ]; diff --git a/modules/servers/tranga.nix b/modules/servers/tranga.nix index 856a85b..7826be6 100644 --- a/modules/servers/tranga.nix +++ b/modules/servers/tranga.nix @@ -5,8 +5,8 @@ let in { options.my.servers.tranga = setup.mkOptions "tranga" "tranga" 9555; - config = { - virtualisation.oci-containers.containers = lib.mkIf cfg.enable { + config = lib.mkIf cfg.enable { + virtualisation.oci-containers.containers = { tranga-api = { image = "glax/tranga-api:latest"; user = "${toString config.users.users.jawz.uid}:${toString config.users.groups.kavita.gid}"; diff --git a/modules/servers/vaultwarden.nix b/modules/servers/vaultwarden.nix index f171a22..07d0516 100644 --- a/modules/servers/vaultwarden.nix +++ b/modules/servers/vaultwarden.nix @@ -13,7 +13,7 @@ in config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) { sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml; services.vaultwarden = { - enable = true; + inherit (cfg) enable; dbBackend = "postgresql"; package = pkgs.vaultwarden; environmentFile = config.sops.secrets.vaultwarden.path;