jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

properly inherit enable on servers

Browse Source
This commit is contained in:
Danilo Reyes 2025-09-28 11:14:57 -06:00
parent a376428118
commit b4417a6acd
29 changed files with 105 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/servers/adguardhome.nix
View File

@ -1,9 +1,12 @@
{ lib, config, ... }: { lib, config, ... }:
let
cfg = config.my.servers.adguardhome;
in
{ {
options.my.servers.adguardhome.enable = lib.mkEnableOption "enable"; options.my.servers.adguardhome.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.adguardhome.enable { config = lib.mkIf (cfg.enable && config.my.secureHost) {
services.adguardhome = { services.adguardhome = {
enable = true; inherit (cfg) enable;
mutableSettings = true; mutableSettings = true;
}; };
}; };

2
modules/servers/atticd.nix
View File

@ -8,7 +8,7 @@ in
config = lib.mkIf (cfg.enable && config.my.secureHost) { config = lib.mkIf (cfg.enable && config.my.secureHost) {
sops.secrets."private_cache_keys/atticd".sopsFile = ../../secrets/keys.yaml; sops.secrets."private_cache_keys/atticd".sopsFile = ../../secrets/keys.yaml;
services.atticd = { services.atticd = {
enable = true; inherit (cfg) enable;
environmentFile = config.sops.secrets."private_cache_keys/atticd".path; environmentFile = config.sops.secrets."private_cache_keys/atticd".path;
settings = { settings = {
listen = "[::]:${toString cfg.port}"; listen = "[::]:${toString cfg.port}";

7
modules/servers/audiobookshelf.nix
View File

@ -5,11 +5,10 @@ let
in in
{ {
options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687; options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687;
config = { config = lib.mkIf (cfg.enable && config.my.secureHost) {
my.servers.audiobookshelf.enableSocket = true; my.servers.audiobookshelf.enableSocket = true;
services.audiobookshelf = lib.mkIf cfg.enable { services.audiobookshelf = {
inherit (cfg) port; inherit (cfg) enable port;
enable = true;
host = cfg.ip; host = cfg.ip;
group = "piracy"; group = "piracy";
}; };

2
modules/servers/bazarr.nix
View File

@ -6,7 +6,7 @@ in
{ {
options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort; options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort;
config.services.bazarr = lib.mkIf cfg.enable { config.services.bazarr = lib.mkIf cfg.enable {
enable = true; inherit (cfg) enable;
group = "piracy"; group = "piracy";
}; };
} }

39
modules/servers/firefly-iii.nix
View File

@ -1,22 +1,25 @@
{ lib, config, ... }: { lib, config, ... }:
let
cfg = config.my.servers.firefly-iii;
in
{ {
options.my.servers.firefly-iii.enable = lib.mkEnableOption "enable"; options.my.servers.firefly-iii = {
config = enable = lib.mkEnableOption "enable";
lib.mkIf enableProxy = lib.mkEnableOption "enableProxy";
(config.my.servers.firefly-iii.enable && config.my.servers.postgres.enable && config.my.secureHost) };
{ config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
sops.secrets.firefly-iii-keyfile = { sops.secrets.firefly-iii-keyfile = {
owner = config.users.users.firefly-iii.name; owner = config.users.users.firefly-iii.name;
inherit (config.users.users.firefly-iii) group; inherit (config.users.users.firefly-iii) group;
}; };
services.firefly-iii = { services.firefly-iii = {
enable = true; inherit (cfg) enable;
enableNginx = true; enableNginx = cfg.enableProxy;
settings = { settings = {
APP_KEY_FILE = config.sops.secrets.firefly-iii-keyfile.path; APP_KEY_FILE = config.sops.secrets.firefly-iii-keyfile.path;
DB_HOST = config.my.postgresSocket; DB_HOST = config.my.postgresSocket;
DB_CONNECTION = "pgsql"; DB_CONNECTION = "pgsql";
};
};
}; };
};
};
} }

2
modules/servers/firefox-syncserver.nix
View File

@ -5,7 +5,7 @@ let
in in
{ {
options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233; options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233;
config = { config = lib.mkIf (cfg.enable && config.my.secureHost) {
# sops.secrets.firefox-syncserver.sopsFile = ../../secrets/env.yaml; # sops.secrets.firefox-syncserver.sopsFile = ../../secrets/env.yaml;
services.firefox-syncserver = { services.firefox-syncserver = {
inherit (cfg) enable; inherit (cfg) enable;

2
modules/servers/gitea.nix
View File

@ -17,7 +17,7 @@ in
config = lib.mkIf (cfg.enable && config.my.secureHost) { config = lib.mkIf (cfg.enable && config.my.secureHost) {
sops.secrets.gitea.sopsFile = ../../secrets/env.yaml; sops.secrets.gitea.sopsFile = ../../secrets/env.yaml;
services.gitea = { services.gitea = {
enable = true; inherit (cfg) enable;
domain = cfg.host; domain = cfg.host;
rootUrl = cfg.url; rootUrl = cfg.url;
settings = { settings = {

2
modules/servers/homepage.nix
View File

@ -16,7 +16,7 @@ in
}; };
my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path; my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path;
services.homepage-dashboard = lib.mkIf cfg.enable { services.homepage-dashboard = lib.mkIf cfg.enable {
enable = true; inherit (cfg) enable;
listenPort = cfg.port; listenPort = cfg.port;
environmentFile = config.sops.secrets.homepage.path; environmentFile = config.sops.secrets.homepage.path;
settings = { settings = {

15
modules/servers/jellyfin.nix
View File

@ -23,15 +23,14 @@ let
in in
{ {
options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096; options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096;
config = { config = lib.mkIf (cfg.enable && config.my.secureHost) {
environment = { environment.systemPackages = [
systemPackages = lib.mkIf cfg.enable ( pkgs.jellyfin-ffmpeg
[ pkgs.jellyfin-ffmpeg ] ++ (lib.optional cfg.enableCron [ sub-sync-path ]) ]
); ++ (lib.optional cfg.enableCron [ sub-sync-path ]);
};
services = { services = {
jellyfin = lib.mkIf cfg.enable { jellyfin = {
enable = true; inherit (cfg) enable;
group = "piracy"; group = "piracy";
}; };
nginx = lib.mkIf cfg.enableProxy { nginx = lib.mkIf cfg.enableProxy {

4
modules/servers/kavita.nix
View File

@ -10,7 +10,7 @@ in
owner = config.users.users.kavita.name; owner = config.users.users.kavita.name;
inherit (config.users.users.kavita) group; inherit (config.users.users.kavita) group;
}; };
users.users.kavita = lib.mkIf cfg.enable { users.users.kavita = {
isSystemUser = true; isSystemUser = true;
group = "kavita"; group = "kavita";
extraGroups = [ extraGroups = [
@ -19,7 +19,7 @@ in
]; ];
}; };
services.kavita = { services.kavita = {
enable = true; inherit (cfg) enable;
tokenKeyFile = config.sops.secrets.kavita-token.path; tokenKeyFile = config.sops.secrets.kavita-token.path;
}; };
}; };

2
modules/servers/mealie.nix
View File

@ -8,7 +8,7 @@ in
config = lib.mkIf (cfg.enable && config.my.secureHost) { config = lib.mkIf (cfg.enable && config.my.secureHost) {
sops.secrets.mealie.sopsFile = ../../secrets/env.yaml; sops.secrets.mealie.sopsFile = ../../secrets/env.yaml;
services.mealie = { services.mealie = {
inherit (cfg) port enable; inherit (cfg) enable port;
settings = { settings = {
TZ = config.my.timeZone; TZ = config.my.timeZone;
DEFAULT_GROUP = "Home"; DEFAULT_GROUP = "Home";

4
modules/servers/microbin.nix
View File

@ -5,8 +5,8 @@ let
in in
{ {
options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086; options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086;
config.services.microbin = lib.mkIf cfg.enable { config.services.microbin = lib.mkIf (cfg.enable && config.my.secureHost) {
enable = true; inherit (cfg) enable;
settings = { settings = {
MICROBIN_PORT = cfg.port; MICROBIN_PORT = cfg.port;
MICROBIN_HIDE_LOGO = false; MICROBIN_HIDE_LOGO = false;

4
modules/servers/nextcloud.nix
View File

@ -229,7 +229,7 @@ in
"--device=/dev/dri" # VA-API (omit for NVENC) "--device=/dev/dri" # VA-API (omit for NVENC)
]; ];
}; };
collabora = lib.mkIf config.my.servers.collabora.enable { collabora = lib.mkIf cfgC.enable {
autoStart = true; autoStart = true;
image = "collabora/code"; image = "collabora/code";
imageFile = pkgs.dockerTools.pullImage { imageFile = pkgs.dockerTools.pullImage {
@ -255,7 +255,7 @@ in
]; ];
}; };
}; };
systemd = lib.mkIf config.my.servers.nextcloud.enableCron { systemd = lib.mkIf cfg.enableCron {
services = { services = {
nextcloud-cron.path = [ pkgs.perl ]; nextcloud-cron.path = [ pkgs.perl ];
nextcloud-cronjob = nextcloud-cronjob =

3
modules/servers/nix-serve.nix
View File

@ -13,9 +13,8 @@ in
config = lib.mkIf (cfg.enable && config.my.secureHost) { config = lib.mkIf (cfg.enable && config.my.secureHost) {
sops.secrets."private_cache_keys/miniserver".sopsFile = ../../secrets/keys.yaml; sops.secrets."private_cache_keys/miniserver".sopsFile = ../../secrets/keys.yaml;
services.nix-serve = { services.nix-serve = {
enable = true; inherit (cfg) enable port;
package = pkgs.nix-serve-ng; package = pkgs.nix-serve-ng;
inherit (cfg) port;
secretKeyFile = config.sops.secrets."private_cache_keys/miniserver".path; secretKeyFile = config.sops.secrets."private_cache_keys/miniserver".path;
}; };
}; };

3
modules/servers/ombi.nix
View File

@ -6,7 +6,6 @@ in
{ {
options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425; options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425;
config.services.ombi = lib.mkIf cfg.enable { config.services.ombi = lib.mkIf cfg.enable {
enable = true; inherit (cfg) enable port;
inherit (cfg) port;
}; };
} }

7
modules/servers/paperless.nix
View File

@ -1,10 +1,13 @@
{ lib, config, ... }: { lib, config, ... }:
let
cfg = config.my.servers.paperless;
in
{ {
options.my.servers.paperless.enable = lib.mkEnableOption "enable"; options.my.servers.paperless.enable = lib.mkEnableOption "enable";
config = lib.mkIf (config.my.servers.paperless.enable && config.my.servers.postgres.enable) { config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
networking.firewall.allowedTCPPorts = [ config.services.paperless.port ]; networking.firewall.allowedTCPPorts = [ config.services.paperless.port ];
services.paperless = { services.paperless = {
enable = true; inherit (cfg) enable;
address = "0.0.0.0"; address = "0.0.0.0";
consumptionDirIsPublic = true; consumptionDirIsPublic = true;
consumptionDir = "/srv/pool/scans/"; consumptionDir = "/srv/pool/scans/";

6
modules/servers/plex.nix
View File

@ -9,9 +9,9 @@ let
in in
{ {
options.my.servers.plex = setup.mkOptions "plex" "plex" 32400; options.my.servers.plex = setup.mkOptions "plex" "plex" 32400;
config.services = { config.services = lib.mkIf (cfg.enable && config.my.secureHost) {
plex = lib.mkIf cfg.enable { plex = {
enable = true; inherit (cfg) enable;
group = "piracy"; group = "piracy";
}; };
nginx = lib.mkIf cfg.enableProxy { nginx = lib.mkIf cfg.enableProxy {

5
modules/servers/postgres.nix
View File

@ -5,6 +5,7 @@
... ...
}: }:
let let
cfg = config.my.servers.postgres;
# upgrade here first, then below. # upgrade here first, then below.
upgrade-pg-cluster = upgrade-pg-cluster =
let let
@ -42,10 +43,10 @@ let
in in
{ {
options.my.servers.postgres.enable = lib.mkEnableOption "enable"; options.my.servers.postgres.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.postgres.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ upgrade-pg-cluster ]; environment.systemPackages = [ upgrade-pg-cluster ];
services.postgresql = { services.postgresql = {
enable = true; inherit (cfg) enable;
enableTCPIP = true; enableTCPIP = true;
ensureDatabases = dbNames; ensureDatabases = dbNames;
package = pkgs.postgresql_17; package = pkgs.postgresql_17;

12
modules/servers/prowlarr.nix
View File

@ -9,14 +9,18 @@ let
in in
{ {
options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696; options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;
config = { config = lib.mkIf cfg.enable {
users.users.prowlarr = lib.mkIf cfg.enable { users.users.prowlarr = {
group = "piracy"; group = "piracy";
isSystemUser = true; isSystemUser = true;
}; };
services = { services = {
prowlarr.enable = cfg.enable; prowlarr = {
flaresolverr.enable = cfg.enable; inherit (cfg) enable;
};
flaresolverr = {
inherit (cfg) enable;
};
}; };
}; };
} }

4
modules/servers/radarr.nix
View File

@ -5,9 +5,9 @@ let
in in
{ {
options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878; options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878;
config = lib.mkIf (cfg.enable && config.my.secureHost) { config = lib.mkIf cfg.enable {
services.radarr = { services.radarr = {
enable = true; inherit (cfg) enable;
group = "piracy"; group = "piracy";
}; };
}; };

2
modules/servers/readeck.nix
View File

@ -8,7 +8,7 @@ in
config = lib.mkIf (cfg.enable && config.my.secureHost) { config = lib.mkIf (cfg.enable && config.my.secureHost) {
sops.secrets.readeck.sopsFile = ../../secrets/env.yaml; sops.secrets.readeck.sopsFile = ../../secrets/env.yaml;
services.readeck = { services.readeck = {
enable = true; inherit (cfg) enable;
environmentFile = config.sops.secrets.readeck.path; environmentFile = config.sops.secrets.readeck.path;
settings = { settings = {
main = { main = {

31
modules/servers/ryot.nix
View File

@ -5,22 +5,19 @@ let
in in
{ {
options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765; options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765;
config = config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
lib.mkIf sops.secrets.ryot.sopsFile = ../../secrets/env.yaml;
(config.my.servers.ryot.enable && config.my.servers.postgres.enable && config.my.secureHost) virtualisation.oci-containers.containers.ryot = {
{ image = "ghcr.io/ignisda/ryot:v9.2.0";
sops.secrets.ryot.sopsFile = ../../secrets/env.yaml; ports = [ "${toString cfg.port}:8000" ];
virtualisation.oci-containers.containers.ryot = { environmentFiles = [ config.sops.secrets.ryot.path ];
image = "ghcr.io/ignisda/ryot:v9.2.0"; environment = {
ports = [ "${toString cfg.port}:8000" ]; RUST_LOG = "ryot=debug,sea_orm=debug";
environmentFiles = [ config.sops.secrets.ryot.path ]; TZ = config.my.timeZone;
environment = { DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
RUST_LOG = "ryot=debug,sea_orm=debug"; FRONTEND_INSECURE_COOKIES = "true";
TZ = config.my.timeZone;
DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
FRONTEND_INSECURE_COOKIES = "true";
};
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
};
}; };
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
};
};
} }

7
modules/servers/sabnzbd.nix
View File

@ -1,4 +1,7 @@
{ lib, config, ... }: { lib, config, ... }:
let
cfg = config.my.servers.sabnzbd;
in
{ {
options.my.servers.sabnzbd = { options.my.servers.sabnzbd = {
enable = lib.mkEnableOption "enable"; enable = lib.mkEnableOption "enable";
@ -8,9 +11,9 @@
description = "The port to access sabnzbd web-ui"; description = "The port to access sabnzbd web-ui";
}; };
}; };
config = lib.mkIf config.my.servers.sabnzbd.enable { config = lib.mkIf cfg.enable {
services.sabnzbd = { services.sabnzbd = {
enable = true; inherit (cfg) enable;
group = "piracy"; group = "piracy";
}; };
}; };

20
modules/servers/shiori.nix
View File

@ -5,16 +5,12 @@ let
in in
{ {
options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368; options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368;
config = config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
lib.mkIf sops.secrets.shiori.sopsFile = ../../secrets/env.yaml;
(config.my.servers.shiori.enable && config.my.servers.postgres.enable && config.my.secureHost) services.shiori = {
{ inherit (cfg) enable port;
sops.secrets.shiori.sopsFile = ../../secrets/env.yaml; environmentFile = config.sops.secrets.shiori.path;
services.shiori = { databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
inherit (cfg) port; };
enable = true; };
environmentFile = config.sops.secrets.shiori.path;
databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
};
};
} }

2
modules/servers/sonarr.nix
View File

@ -6,7 +6,7 @@ in
{ {
options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989; options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989;
config.services.sonarr = lib.mkIf cfg.enable { config.services.sonarr = lib.mkIf cfg.enable {
enable = true; inherit (cfg) enable;
group = "piracy"; group = "piracy";
}; };
} }

2
modules/servers/stash.nix
View File

@ -12,7 +12,7 @@ in
"stash/session".sopsFile = ../../secrets/env.yaml; "stash/session".sopsFile = ../../secrets/env.yaml;
}; };
services.stash = { services.stash = {
enable = true; inherit (cfg) enable;
group = "piracy"; group = "piracy";
mutableSettings = true; mutableSettings = true;
username = "Suing8150"; username = "Suing8150";

2
modules/servers/synapse.nix
View File

@ -52,7 +52,7 @@ in
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ]; networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = { services = {
matrix-synapse = { matrix-synapse = {
enable = true; inherit (cfg) enable;
extraConfigFiles = [ extraConfigFiles = [
config.sops.secrets.synapse.path config.sops.secrets.synapse.path
]; ];

4
modules/servers/tranga.nix
View File

@ -5,8 +5,8 @@ let
in in
{ {
options.my.servers.tranga = setup.mkOptions "tranga" "tranga" 9555; options.my.servers.tranga = setup.mkOptions "tranga" "tranga" 9555;
config = { config = lib.mkIf cfg.enable {
virtualisation.oci-containers.containers = lib.mkIf cfg.enable { virtualisation.oci-containers.containers = {
tranga-api = { tranga-api = {
image = "glax/tranga-api:latest"; image = "glax/tranga-api:latest";
user = "${toString config.users.users.jawz.uid}:${toString config.users.groups.kavita.gid}"; user = "${toString config.users.users.jawz.uid}:${toString config.users.groups.kavita.gid}";

2
modules/servers/vaultwarden.nix
View File

@ -13,7 +13,7 @@ in
config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) { config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable && config.my.secureHost) {
sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml; sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml;
services.vaultwarden = { services.vaultwarden = {
enable = true; inherit (cfg) enable;
dbBackend = "postgresql"; dbBackend = "postgresql";
package = pkgs.vaultwarden; package = pkgs.vaultwarden;
environmentFile = config.sops.secrets.vaultwarden.path; environmentFile = config.sops.secrets.vaultwarden.path;