sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

fix

Browse Source
This commit is contained in:
soraefir
2026-06-07 16:21:21 +02:00
parent 649b7cc032
commit 8569c40183
24 changed files with 129 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/server/containers/apps/.template.nix
View File

@@ -24,7 +24,7 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path="${serverCfg.path.config}/example/"; path="${serverCfg.path.config.path}/example/";
mode = "0444"; mode = "0444";
}]; }];

10
modules/server/containers/apps/authentik.nix
View File

@@ -35,7 +35,7 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path="${serverCfg.path.config}/authentik"; path="${serverCfg.path.config.path}/authentik";
owner = "1000:1000"; owner = "1000:1000";
dirs = ["media" "templates"]; dirs = ["media" "templates"];
mode = "0755"; mode = "0755";
@@ -69,8 +69,8 @@ in {
cmd = [ "server" ]; cmd = [ "server" ];
volumes = [ volumes = [
"${serverCfg.path.config}/authentik/media:/media" "${serverCfg.path.config.path}/authentik/media:/media"
"${serverCfg.path.config}/authentik/templates:/templates" "${serverCfg.path.config.path}/authentik/templates:/templates"
"${authentikData}:/blueprints/custom:ro" "${authentikData}:/blueprints/custom:ro"
"${mediaCfg.logo.svg}:${logoSvgMount}:ro" "${mediaCfg.logo.svg}:${logoSvgMount}:ro"
"${mediaCfg.logo.ico}:${logoIcoMount}:ro" "${mediaCfg.logo.ico}:${logoIcoMount}:ro"
@@ -94,8 +94,8 @@ in {
overrides = { overrides = {
cmd = [ "worker" ]; cmd = [ "worker" ];
volumes = [ volumes = [
"${serverCfg.path.config}/authentik/media:/media" "${serverCfg.path.config.path}/authentik/media:/media"
"${serverCfg.path.config}/authentik/templates:/templates" "${serverCfg.path.config.path}/authentik/templates:/templates"
"${authentikData}:/blueprints/custom:ro" "${authentikData}:/blueprints/custom:ro"
"${mediaCfg.logo.svg}:${logoSvgMount}:ro" "${mediaCfg.logo.svg}:${logoSvgMount}:ro"
"${mediaCfg.logo.ico}:${logoIcoMount}:ro" "${mediaCfg.logo.ico}:${logoIcoMount}:ro"

4
modules/server/containers/apps/calibre.nix
View File

@@ -27,8 +27,8 @@ in {
}; };
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.book}:/calibre-library" "${serverCfg.path.book.path}:/calibre-library"
"${serverCfg.path.download}/book:/cwa-book-ingest" "${serverCfg.path.download.path}/book:/cwa-book-ingest"
]; ];
}; };
}; };

4
modules/server/containers/apps/ethercalc.nix
View File

@@ -17,7 +17,7 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path="${serverCfg.path.data}/ethercalc/"; path="${serverCfg.path.data.path}/ethercalc/";
mode = "0666"; mode = "0666";
}]; }];
@@ -33,7 +33,7 @@ in {
}; };
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.data}/ethercalc:/data" "${serverCfg.path.data.path}/ethercalc:/data"
]; ];
}; };
}; };

8
modules/server/containers/apps/etherpad.nix
View File

@@ -83,7 +83,7 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path="${serverCfg.path.config}/etherpad/"; path="${serverCfg.path.config.path}/etherpad/";
mode = "0444"; mode = "0444";
}]; }];
@@ -111,7 +111,7 @@ in {
cmd = [ "--settings" "/etc/etherpad/settings.json" "--apikey" "/etc/etherpad/APIKEY.txt" ]; cmd = [ "--settings" "/etc/etherpad/settings.json" "--apikey" "/etc/etherpad/APIKEY.txt" ];
volumes = [ volumes = [
"${settings}:/etc/etherpad/settings.json" "${settings}:/etc/etherpad/settings.json"
"${serverCfg.path.config}/etherpad/APIKEY.txt:/etc/etherpad/APIKEY.txt:ro" "${serverCfg.path.config.path}/etherpad/APIKEY.txt:/etc/etherpad/APIKEY.txt:ro"
]; ];
}; };
}; };
@@ -121,8 +121,8 @@ in {
trigger = "server"; trigger = "server";
envFile = config.sops.secrets."ETHERPAD".path; envFile = config.sops.secrets."ETHERPAD".path;
script = pkgs.writeShellScript "setup" '' script = pkgs.writeShellScript "setup" ''
echo "$APIKEY" > ${serverCfg.path.config}/etherpad/APIKEY.txt echo "$APIKEY" > ${serverCfg.path.config.path}/etherpad/APIKEY.txt
chmod 444 ${serverCfg.path.config}/etherpad/APIKEY.txt chmod 444 ${serverCfg.path.config.path}/etherpad/APIKEY.txt
''; '';
}; };
}; };

4
modules/server/containers/apps/favicon.nix
View File

@@ -232,7 +232,7 @@ in {
runtime = { runtime = {
paths = [ paths = [
{ {
path = "${serverCfg.path.config}/favicon"; path = "${serverCfg.path.config.path}/favicon";
mode = "0755"; mode = "0755";
dirs = [ "cache" ]; dirs = [ "cache" ];
} }
@@ -260,7 +260,7 @@ in {
overrides = { overrides = {
volumes = [ volumes = [
"${configFile}:/config/config.json:ro" "${configFile}:/config/config.json:ro"
"${serverCfg.path.config}/favicon/cache:/cache" "${serverCfg.path.config.path}/favicon/cache:/cache"
"${mediaCfg.logo.svg}:${logoSvgMount}:ro" "${mediaCfg.logo.svg}:${logoSvgMount}:ro"
]; ];
}; };

4
modules/server/containers/apps/freshrss.nix
View File

@@ -11,7 +11,7 @@ in {
runtime = { runtime = {
paths = [ paths = [
{ {
path = "${serverCfg.path.config}/freshrss"; path = "${serverCfg.path.config.path}/freshrss";
owner = "1000:1000"; owner = "1000:1000";
mode = "0755"; mode = "0755";
} }
@@ -37,7 +37,7 @@ in {
overrides = { overrides = {
environmentFiles = [ config.sops.secrets."FRESHRSS".path config.sops.secrets."CUSTOM".path ]; environmentFiles = [ config.sops.secrets."FRESHRSS".path config.sops.secrets."CUSTOM".path ];
volumes = ["${serverCfg.path.config}/freshrss:/var/www/FreshRSS/data"]; volumes = ["${serverCfg.path.config.path}/freshrss:/var/www/FreshRSS/data"];
}; };
}; };
}; };

10
modules/server/containers/apps/frigate.nix
View File

@@ -32,7 +32,7 @@ in {
runtime = { runtime = {
paths = [ paths = [
{ {
path = "${serverCfg.path.config}/frigate/"; path = "${serverCfg.path.config.path}/frigate/";
mode = "0755"; mode = "0755";
} }
{ {
@@ -53,7 +53,7 @@ in {
overrides = { overrides = {
cmd = [ ]; cmd = [ ];
volumes = [ volumes = [
"${serverCfg.path.config}/frigate:/config" "${serverCfg.path.config.path}/frigate:/config"
"/var/lib/frigate/storage:/media/frigate" "/var/lib/frigate/storage:/media/frigate"
"/dev/bus/usb:/dev/bus/usb" # Passes Google Coral USB TPU to the container "/dev/bus/usb:/dev/bus/usb" # Passes Google Coral USB TPU to the container
"/dev/dri:/dev/dri" # Passes Intel/AMD GPU for hardware video decoding "/dev/dri:/dev/dri" # Passes Intel/AMD GPU for hardware video decoding
@@ -66,12 +66,12 @@ in {
trigger = "server"; trigger = "server";
envFile = config.sops.secrets."FRIGATE_ENV".path; envFile = config.sops.secrets."FRIGATE_ENV".path;
script = pkgs.writeShellScript "setup-frigate" '' script = pkgs.writeShellScript "setup-frigate" ''
mkdir -p "${serverCfg.path.config}/frigate" mkdir -p "${serverCfg.path.config.path}/frigate"
mkdir -p "/var/lib/frigate/storage" mkdir -p "/var/lib/frigate/storage"
# Bootstrap a standard configuration layout if missing # Bootstrap a standard configuration layout if missing
if [ ! -f "${serverCfg.path.config}/frigate/config.yml" ]; then if [ ! -f "${serverCfg.path.config.path}/frigate/config.yml" ]; then
cat <<EOF > "${serverCfg.path.config}/frigate/config.yml" cat <<EOF > "${serverCfg.path.config.path}/frigate/config.yml"
mqtt: mqtt:
enabled: False # Set to True and define host if connecting to Home Assistant enabled: False # Set to True and define host if connecting to Home Assistant

8
modules/server/containers/apps/gitea.nix
View File

@@ -12,7 +12,7 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path="${serverCfg.path.data}/gitea"; path="${serverCfg.path.data.path}/gitea";
owner = "1000:1000"; owner = "1000:1000";
dirs = ["data" "runner"]; dirs = ["data" "runner"];
mode = "0755"; mode = "0755";
@@ -82,7 +82,7 @@ in {
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.data}/gitea/data:/data" "${serverCfg.path.data.path}/gitea/data:/data"
]; ];
ports = [ "2222:22" ]; ports = [ "2222:22" ];
}; };
@@ -99,7 +99,7 @@ in {
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.data}/gitea/runner:/data" "${serverCfg.path.data.path}/gitea/runner:/data"
"/var/run/podman/podman.sock:/var/run/docker.sock" "/var/run/podman/podman.sock:/var/run/docker.sock"
]; ];
}; };
@@ -117,7 +117,7 @@ in {
$GT admin user create --username "$DEFAULT_ADMIN_USERNAME" --password "$DEFAULT_ADMIN_PASSWORD" --email "$DEFAULT_ADMIN_EMAIL" --admin || true $GT admin user create --username "$DEFAULT_ADMIN_USERNAME" --password "$DEFAULT_ADMIN_PASSWORD" --email "$DEFAULT_ADMIN_EMAIL" --admin || true
touch ${serverCfg.path.data}/gitea/data-runner/config.yml touch ${serverCfg.path.data.path}/gitea/data-runner/config.yml
RUNNER_TOKEN=$($GT actions generate-runner-token) RUNNER_TOKEN=$($GT actions generate-runner-token)
$GTR register \ $GTR register \

10
modules/server/containers/apps/handbrake.nix
View File

@@ -5,7 +5,7 @@ let
in { in {
runtime = { runtime = {
paths = [{ paths = [{
path = "${serverCfg.path.config}/handbrake"; path = "${serverCfg.path.config.path}/handbrake";
mode = "0755"; mode = "0755";
}]; }];
@@ -28,9 +28,9 @@ in {
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.config}/handbrake:/config:rw" "${serverCfg.path.config.path}/handbrake:/config:rw"
"${serverCfg.path.dlComplete}:/watch:rw" "${serverCfg.path.dlComplete.path}:/watch:rw"
"${serverCfg.path.dlConverted}:/output:rw" "${serverCfg.path.dlConverted.path}:/output:rw"
]; ];
}; };
}; };
@@ -40,7 +40,7 @@ in {
setup = { setup = {
trigger = "server"; trigger = "server";
script = pkgs.writeShellScript "setup" '' script = pkgs.writeShellScript "setup" ''
mkdir -p ${serverCfg.path.data}/handbrake/{watch,output} mkdir -p ${serverCfg.path.data.path}/handbrake/{watch,output}
''; '';
}; };

14
modules/server/containers/apps/immich.nix
View File

@@ -11,11 +11,11 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path = "${serverCfg.path.config}/immich"; path = "${serverCfg.path.config.path}/immich";
dirs = ["cache"]; dirs = ["cache"];
mode = "0750"; mode = "0750";
}{ }{
path = "${serverCfg.path.data}/immich/"; path = "${serverCfg.path.data.path}/immich/";
dirs = ["upload" "thumbs" "encoded-video" "backups"]; dirs = ["upload" "thumbs" "encoded-video" "backups"];
mode = "0755"; mode = "0755";
}]; }];
@@ -38,10 +38,10 @@ in {
}; };
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.photo}:/data/upload" "${serverCfg.path.photo.path}:/data/upload"
"${serverCfg.path.data}/immich/backups:/data/backups" "${serverCfg.path.data.path}/immich/backups:/data/backups"
"${serverCfg.path.config}/immich/thumbs:/data/thumbs" "${serverCfg.path.config.path}/immich/thumbs:/data/thumbs"
"${serverCfg.path.config}/immich/encoded-video:/data/encoded-video" "${serverCfg.path.config.path}/immich/encoded-video:/data/encoded-video"
]; ];
}; };
}; };
@@ -51,7 +51,7 @@ in {
port = 3003; port = 3003;
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.config}/immich/cache:/cache" "${serverCfg.path.config.path}/immich/cache:/cache"
]; ];
}; };
}; };

18
modules/server/containers/apps/influx.nix
View File

@@ -34,11 +34,11 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path = "${serverCfg.path.config}/influxdb/"; path = "${serverCfg.path.config.path}/influxdb/";
owner = "1500:1500"; owner = "1500:1500";
mode = "0755"; mode = "0755";
}{ }{
path = "${serverCfg.path.data}/influxdb/"; path = "${serverCfg.path.data.path}/influxdb/";
dirs = ["data" "ui"]; dirs = ["data" "ui"];
owner = "1500:1500"; owner = "1500:1500";
mode = "0755"; mode = "0755";
@@ -56,8 +56,8 @@ in {
cmd = [ "influxdb3" "serve" "--node-id=node0" "--data-dir=/var/lib/influxdb3/data" "--admin-token-file=/var/lib/influxdb3/token.json" ]; cmd = [ "influxdb3" "serve" "--node-id=node0" "--data-dir=/var/lib/influxdb3/data" "--admin-token-file=/var/lib/influxdb3/token.json" ];
ports = [ "8181:8181" ]; ports = [ "8181:8181" ];
volumes = [ volumes = [
"${serverCfg.path.data}/influxdb/data:/var/lib/influxdb3/data:rw" "${serverCfg.path.data.path}/influxdb/data:/var/lib/influxdb3/data:rw"
"${serverCfg.path.config}/influxdb/admin-token.json:/var/lib/influxdb3/token.json:ro" "${serverCfg.path.config.path}/influxdb/admin-token.json:/var/lib/influxdb3/token.json:ro"
]; ];
}; };
@@ -77,8 +77,8 @@ in {
overrides = { overrides = {
cmd = [ "--mode=admin" ]; cmd = [ "--mode=admin" ];
volumes = [ volumes = [
"${serverCfg.path.data}/influxdb/ui:/db:rw" "${serverCfg.path.data.path}/influxdb/ui:/db:rw"
"${serverCfg.path.config}/influxdb/:/app-root/config:rw" "${serverCfg.path.config.path}/influxdb/:/app-root/config:rw"
]; ];
}; };
} else builder.mkContainer { } else builder.mkContainer {
@@ -114,7 +114,7 @@ in {
user = "1500:1500"; user = "1500:1500";
environmentFiles = [ config.sops.secrets."INFLUX".path config.sops.secrets."CUSTOM".path ] ; environmentFiles = [ config.sops.secrets."INFLUX".path config.sops.secrets."CUSTOM".path ] ;
volumes = [ volumes = [
"${serverCfg.path.data}/influxdb/ui:/var/lib/grafana:rw" "${serverCfg.path.data.path}/influxdb/ui:/var/lib/grafana:rw"
"${influxSource}:/etc/grafana/provisioning/datasources/influx.yaml:ro" "${influxSource}:/etc/grafana/provisioning/datasources/influx.yaml:ro"
]; ];
}; };
@@ -125,7 +125,7 @@ in {
trigger = "db"; trigger = "db";
envFile = config.sops.secrets."INFLUX".path; envFile = config.sops.secrets."INFLUX".path;
script = pkgs.writeShellScript "setup" '' script = pkgs.writeShellScript "setup" ''
cat > ${serverCfg.path.config}/influxdb/config.json << EOF cat > ${serverCfg.path.config.path}/influxdb/config.json << EOF
{ {
"DEFAULT_INFLUX_SERVER": "http://${builder.host}:8181", "DEFAULT_INFLUX_SERVER": "http://${builder.host}:8181",
"DEFAULT_INFLUX_DATABASE": "main", "DEFAULT_INFLUX_DATABASE": "main",
@@ -134,7 +134,7 @@ in {
} }
EOF EOF
cat > ${serverCfg.path.config}/influxdb/admin-token.json << EOF cat > ${serverCfg.path.config.path}/influxdb/admin-token.json << EOF
{ {
"token": "$INFLUXDB_TOKEN", "token": "$INFLUXDB_TOKEN",
"name": "admin", "name": "admin",

6
modules/server/containers/apps/invidious.nix
View File

@@ -31,7 +31,7 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path="${serverCfg.path.config}/invidious"; path="${serverCfg.path.config.path}/invidious";
mode = "0755"; mode = "0755";
}]; }];
@@ -53,7 +53,7 @@ in {
}; };
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.config}/invidious:/data:ro" "${serverCfg.path.config.path}/invidious:/data:ro"
]; ];
}; };
}; };
@@ -76,7 +76,7 @@ in {
export DB_HOST=${builder.host} export DB_HOST=${builder.host}
export INVIDIOUS_DOMAIN=${containerCfg.subdomain}.${serverCfg.domain} export INVIDIOUS_DOMAIN=${containerCfg.subdomain}.${serverCfg.domain}
${pkgs.gettext}/bin/envsubst < "${../data/invidious/config.yml}" > "${serverCfg.path.config}/invidious/config.yml" ${pkgs.gettext}/bin/envsubst < "${../data/invidious/config.yml}" > "${serverCfg.path.config.path}/invidious/config.yml"
''; '';
}; };
}; };

8
modules/server/containers/apps/jellyfin.nix
View File

@@ -28,7 +28,7 @@ in {
runtime = { runtime = {
paths = [ paths = [
{ {
path = "${serverCfg.path.config}/jellyfin/"; path = "${serverCfg.path.config.path}/jellyfin/";
owner = "1000:1000"; owner = "1000:1000";
mode = "0755"; mode = "0755";
} }
@@ -54,8 +54,8 @@ in {
"--logdir" "/config/log" "--logdir" "/config/log"
]; ];
volumes = [ volumes = [
"${serverCfg.path.film}:/media:ro" "${serverCfg.path.film.path}:/media:ro"
"${serverCfg.path.config}/jellyfin:/config" "${serverCfg.path.config.path}/jellyfin:/config"
]; ];
# If you have an Intel/AMD GPU for transcoding, add the device: # If you have an Intel/AMD GPU for transcoding, add the device:
devices = lib.optionals (builtins.pathExists "/dev/dri") [ "/dev/dri:/dev/dri" ]; devices = lib.optionals (builtins.pathExists "/dev/dri") [ "/dev/dri:/dev/dri" ];
@@ -163,7 +163,7 @@ in {
fi fi
''} ''}
${pkgs.sqlite}/bin/sqlite3 ${serverCfg.path.config}/jellyfin/data/data/jellyfin.db <<EOF ${pkgs.sqlite}/bin/sqlite3 ${serverCfg.path.config.path}/jellyfin/data/data/jellyfin.db <<EOF
INSERT OR IGNORE INTO ApiKeys (Id, AccessToken, Name, DateCreated, DateLastActivity) INSERT OR IGNORE INTO ApiKeys (Id, AccessToken, Name, DateCreated, DateLastActivity)
VALUES ( 1, "$HOMEPAGE_VAR_JELLYFIN_API", 'Home', strftime('%Y-%m-%d %H:%M:%S', 'now'), strftime('%Y-%m-%d %H:%M:%S', 'now')); VALUES ( 1, "$HOMEPAGE_VAR_JELLYFIN_API", 'Home', strftime('%Y-%m-%d %H:%M:%S', 'now'), strftime('%Y-%m-%d %H:%M:%S', 'now'));
EOF EOF

6
modules/server/containers/apps/nextcloud.nix
View File

@@ -20,7 +20,7 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path="${serverCfg.path.config}/nextcloud"; path="${serverCfg.path.config.path}/nextcloud";
owner = "33:33"; owner = "33:33";
mode = "0755"; mode = "0755";
}]; }];
@@ -58,8 +58,8 @@ in {
overrides = { overrides = {
ports = if containerCfg.port!=null then [ "${toString containerCfg.port}:80" ] else []; ports = if containerCfg.port!=null then [ "${toString containerCfg.port}:80" ] else [];
volumes = [ volumes = [
"${serverCfg.path.config}/nextcloud:/var/www/html" "${serverCfg.path.config.path}/nextcloud:/var/www/html"
"${serverCfg.path.cloud}:/var/www/html/data" "${serverCfg.path.cloud.path}:/var/www/html/data"
"${mediaCfg.logo.png}:${logoPngMount}:ro" "${mediaCfg.logo.png}:${logoPngMount}:ro"
"${mediaCfg.logo.svg}:${logoSvgMount}:ro" "${mediaCfg.logo.svg}:${logoSvgMount}:ro"
"${mediaCfg.logo.ico}:${logoIcoMount}:ro" "${mediaCfg.logo.ico}:${logoIcoMount}:ro"

12
modules/server/containers/apps/openhab.nix
View File

@@ -6,9 +6,9 @@ let
in { in {
runtime = { runtime = {
paths = [ paths = [
{ path="${serverCfg.path.config}/openhab/conf"; owner="1000:1000"; mode = "0755"; } { path="${serverCfg.path.config.path}/openhab/conf"; owner="1000:1000"; mode = "0755"; }
{ path="${serverCfg.path.config}/openhab/userdata"; owner="1000:1000"; mode = "0755"; } { path="${serverCfg.path.config.path}/openhab/userdata"; owner="1000:1000"; mode = "0755"; }
{ path="${serverCfg.path.config}/openhab/addons"; owner="1000:1000"; mode = "0755"; } { path="${serverCfg.path.config.path}/openhab/addons"; owner="1000:1000"; mode = "0755"; }
]; ];
containers = { containers = {
@@ -30,9 +30,9 @@ in {
]; ];
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.config}/openhab/conf:/openhab/conf" "${serverCfg.path.config.path}/openhab/conf:/openhab/conf"
"${serverCfg.path.config}/openhab/userdata:/openhab/userdata" "${serverCfg.path.config.path}/openhab/userdata:/openhab/userdata"
"${serverCfg.path.config}/openhab/addons:/opt/openhab/addons" "${serverCfg.path.config.path}/openhab/addons:/opt/openhab/addons"
"/var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro" "/var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:ro"
]; ];
}; };

8
modules/server/containers/apps/selfmark.nix
View File

@@ -5,7 +5,7 @@ let
in { in {
runtime = { runtime = {
paths = [{ paths = [{
path = "${serverCfg.path.config}/selfmark/"; path = "${serverCfg.path.config.path}/selfmark/";
mode = "0444"; mode = "0444";
}]; }];
@@ -79,9 +79,9 @@ in {
}; };
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.dlComplete}:/books:rw" "${serverCfg.path.dlComplete.path}:/books:rw"
"${serverCfg.path.book}:/output:rw" "${serverCfg.path.book.path}:/output:rw"
"${serverCfg.path.config}/selfmark:/config:rw" "${serverCfg.path.config.path}/selfmark:/config:rw"
]; ];
}; };
}; };

22
modules/server/containers/apps/servarr.nix
View File

@@ -23,8 +23,8 @@ let
}; };
sharedVolumes = [ sharedVolumes = [
"${serverCfg.path.data}/media:/media" # Fast hardlinking requires a single shared root "${serverCfg.path.data.path}/media:/media" # Fast hardlinking requires a single shared root
"${serverCfg.path.config}/servarr:/config-root" "${serverCfg.path.config.path}/servarr:/config-root"
]; ];
in in
assert containerCfg.subpath == null || throw "Error: Servarr does not support subpath."; assert containerCfg.subpath == null || throw "Error: Servarr does not support subpath.";
@@ -34,11 +34,11 @@ in
runtime = { runtime = {
paths = [ paths = [
{ path = "${serverCfg.path.data}/media/"; mode = "0755"; } { path = "${serverCfg.path.data.path}/media/"; mode = "0755"; }
{ path = "${serverCfg.path.config}/servarr/prowlarr"; mode = "0755"; } { path = "${serverCfg.path.config.path}/servarr/prowlarr"; mode = "0755"; }
{ path = "${serverCfg.path.config}/servarr/radarr"; mode = "0755"; } { path = "${serverCfg.path.config.path}/servarr/radarr"; mode = "0755"; }
{ path = "${serverCfg.path.config}/servarr/sonarr"; mode = "0755"; } { path = "${serverCfg.path.config.path}/servarr/sonarr"; mode = "0755"; }
{ path = "${serverCfg.path.config}/servarr/lidarr"; mode = "0755"; } { path = "${serverCfg.path.config.path}/servarr/lidarr"; mode = "0755"; }
]; ];
containers = { containers = {
@@ -62,7 +62,7 @@ in
"--user=0:0" "--user=0:0"
"--passwd-entry=root:x:0:0:root:/root:/bin/sh" "--passwd-entry=root:x:0:0:root:/root:/bin/sh"
]; ];
overrides.volumes = sharedVolumes ++ [ "${serverCfg.path.config}/servarr/prowlarr:/config" ]; overrides.volumes = sharedVolumes ++ [ "${serverCfg.path.config.path}/servarr/prowlarr:/config" ];
}; };
}// lib.optionalAttrs (builtins.elem "radarr" (containerCfg.extra.modules)) { }// lib.optionalAttrs (builtins.elem "radarr" (containerCfg.extra.modules)) {
@@ -85,7 +85,7 @@ in
"--user=0:0" "--user=0:0"
"--passwd-entry=root:x:0:0:root:/root:/bin/sh" "--passwd-entry=root:x:0:0:root:/root:/bin/sh"
]; ];
overrides.volumes = sharedVolumes ++ [ "${serverCfg.path.config}/servarr/radarr:/config" ]; overrides.volumes = sharedVolumes ++ [ "${serverCfg.path.config.path}/servarr/radarr:/config" ];
}; };
}// lib.optionalAttrs (builtins.elem "sonarr" (containerCfg.extra.modules)) { }// lib.optionalAttrs (builtins.elem "sonarr" (containerCfg.extra.modules)) {
@@ -108,7 +108,7 @@ in
"--user=0:0" "--user=0:0"
"--passwd-entry=root:x:0:0:root:/root:/bin/sh" "--passwd-entry=root:x:0:0:root:/root:/bin/sh"
]; ];
overrides.volumes = sharedVolumes ++ [ "${serverCfg.path.config}/servarr/sonarr:/config" ]; overrides.volumes = sharedVolumes ++ [ "${serverCfg.path.config.path}/servarr/sonarr:/config" ];
}; };
}// lib.optionalAttrs (builtins.elem "lidarr" (containerCfg.extra.modules )) { }// lib.optionalAttrs (builtins.elem "lidarr" (containerCfg.extra.modules )) {
@@ -131,7 +131,7 @@ in
"--user=0:0" "--user=0:0"
"--passwd-entry=root:x:0:0:root:/root:/bin/sh" "--passwd-entry=root:x:0:0:root:/root:/bin/sh"
]; ];
overrides.volumes = sharedVolumes ++ [ "${serverCfg.path.config}/servarr/lidarr:/config" ]; overrides.volumes = sharedVolumes ++ [ "${serverCfg.path.config.path}/servarr/lidarr:/config" ];
}; };
}// lib.optionalAttrs (builtins.elem "readarr" (containerCfg.extra.modules)) { }// lib.optionalAttrs (builtins.elem "readarr" (containerCfg.extra.modules)) {

4
modules/server/containers/apps/suwayomi.nix
View File

@@ -43,8 +43,8 @@ in {
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.manga}:/home/suwayomi/.local/share/Tachidesk/downloads" "${serverCfg.path.manga.path}:/home/suwayomi/.local/share/Tachidesk/downloads"
# "${serverCfg.path.config}/suwayomi:/home/suwayomi/.local/share/Tachidesk" # "${serverCfg.path.config.path}/suwayomi:/home/suwayomi/.local/share/Tachidesk"
]; ];
}; };
}; };

6
modules/server/containers/apps/traefik.nix
View File

@@ -15,7 +15,7 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path="${serverCfg.path.config}/traefik"; path="${serverCfg.path.config.path}/traefik";
owner = "1000:1000"; owner = "1000:1000";
mode = "0755"; mode = "0755";
}]; }];
@@ -79,8 +79,8 @@ in {
ports = [ "443:443" "80:80" ] ++ (if containerCfg.port!=null then [ "${toString containerCfg.port}:8080" ] else []); ports = [ "443:443" "80:80" ] ++ (if containerCfg.port!=null then [ "${toString containerCfg.port}:8080" ] else []);
volumes = [ volumes = [
"/var/run/podman/podman.sock:/var/run/docker.sock" "/var/run/podman/podman.sock:/var/run/docker.sock"
# "${serverCfg.path.config}/traefik/access.log:/etc/traefik/access.log" # "${serverCfg.path.config.path}/traefik/access.log:/etc/traefik/access.log"
"${serverCfg.path.config}/traefik:/custom" "${serverCfg.path.config.path}/traefik:/custom"
]; ];
}; };
}; };

10
modules/server/containers/apps/transmission.nix
View File

@@ -16,7 +16,7 @@ let
in { in {
runtime = { runtime = {
paths = [{ paths = [{
path = "${serverCfg.path.config}/transmission"; path = "${serverCfg.path.config.path}/transmission";
owner = "1000:1000"; owner = "1000:1000";
mode = "0755"; mode = "0755";
}]; }];
@@ -38,9 +38,9 @@ in {
overrides = { overrides = {
volumes = [ volumes = [
"${serverCfg.path.dlComplete}:/downloads/complete" "${serverCfg.path.dlComplete.path}:/downloads/complete"
"${serverCfg.path.dlIncomplete}:/downloads/incomplete" "${serverCfg.path.dlIncomplete.path}:/downloads/incomplete"
"${serverCfg.path.config}/transmission:/config" "${serverCfg.path.config.path}/transmission:/config"
]; ];
}; };
}; };
@@ -52,7 +52,7 @@ in {
envFile = [ config.sops.secrets."CUSTOM".path ]; envFile = [ config.sops.secrets."CUSTOM".path ];
script = pkgs.writeShellScript "setup" '' script = pkgs.writeShellScript "setup" ''
${pkgs.gettext}/bin/envsubst < "${../data/transmission/settings.json}" > "${serverCfg.path.config}/transmission/config/settings.json" ${pkgs.gettext}/bin/envsubst < "${../data/transmission/settings.json}" > "${serverCfg.path.config.path}/transmission/config/settings.json"
''; '';
}; };
}; };

2
modules/server/containers/apps/umami.nix
View File

@@ -22,7 +22,7 @@ in {
runtime = { runtime = {
paths = [{ paths = [{
path = "${serverCfg.path.config}/umami/"; path = "${serverCfg.path.config.path}/umami/";
mode = "0444"; mode = "0444";
}]; }];

7
modules/server/containers/default.nix
View File

@@ -13,10 +13,9 @@ let
mergedContainers = lib.concatMapAttrs (appName: app: mergedContainers = lib.concatMapAttrs (appName: app:
lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.runtime.containers lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.runtime.containers
) loadedContainers; ) loadedContainers;
allPathConfigs = map (path: { allPathConfigs =
inherit path; (lib.mapAttrsToList (_: cfg: cfg) serverCfg.path)
mode = "0755"; ++ concatRuntimeLists "paths";
}) (lib.unique (builtins.attrValues serverCfg.path)) ++ concatRuntimeLists "paths";
allSetupConfigs = map (app: ({ name = app.name; envFile = ""; } // app.runtime.setup)) appsList; allSetupConfigs = map (app: ({ name = app.name; envFile = ""; } // app.runtime.setup)) appsList;
allCronsConfigs = concatRuntimeLists "cron"; allCronsConfigs = concatRuntimeLists "cron";
allVMConfigs = builtins.filter (app: app.runtime.vm != null) appsList; allVMConfigs = builtins.filter (app: app.runtime.vm != null) appsList;

50
modules/shared/syscfg/server.nix
View File

@@ -1,6 +1,28 @@
{ lib,... }: { lib,... }:
let let
inherit (lib) mkOption;
inherit (lib.types) attrsOf coercedTo listOf str submodule nullOr port bool oneOf anything enum;
pathEntryType = coercedTo str (path: { inherit path; }) (submodule {
options = {
path = mkOption { type = str; };
owner = mkOption {
type = str;
default = "root:root";
};
mode = mkOption {
type = str;
default = "0755";
};
dirs = mkOption {
type = listOf str;
default = [ ];
};
};
});
mkPathOption = defaultPath: defaults: mkOption {
type = pathEntryType;
default = { path = defaultPath; } // defaults;
};
in with lib; { in with lib; {
domain = mkOption { type = types.str; }; domain = mkOption { type = types.str; };
mail = { mail = {
@@ -11,21 +33,21 @@ in with lib; {
path = mkOption { path = mkOption {
type = types.submodule { type = types.submodule {
freeformType = types.attrsOf types.str; freeformType = attrsOf pathEntryType;
options = { options = {
config = mkOption { type = types.str; default = "/media/config"; }; config = mkPathOption "/media/config" { };
data = mkOption { type = types.str; default = "/media/data"; }; data = mkPathOption "/media/data" { };
download = mkOption { type = types.str; default = "/media/data/download"; }; download = mkPathOption "/media/data/download" { owner = "1000:1000"; };
cloud = mkOption { type = types.str; default ="/media/media/cloud"; }; cloud = mkPathOption "/media/media/cloud" { owner = "33:33"; };
film = mkOption { type = types.str; default ="/media/media/film"; }; film = mkPathOption "/media/media/film" { owner = "1000:1000"; };
book = mkOption { type = types.str; default ="/media/media/book"; }; book = mkPathOption "/media/media/book" { owner = "1000:1000"; };
manga = mkOption { type = types.str; default ="/media/media/manga"; }; manga = mkPathOption "/media/media/manga" { owner = "1000:1000"; };
photo = mkOption { type = types.str; default ="/media/media/photo"; }; photo = mkPathOption "/media/media/photo" { owner = "1000:1000"; };
# music = mkOption { type = types.str; default ="/media/media/music"; }; # music = mkPathOption "/media/media/music" { owner = "1000:1000"; };
dlComplete = mkOption { type = types.str; default ="/media/download/complete"; }; dlComplete = mkPathOption "/media/download/complete" { owner = "1000:1000"; };
dlIncomplete = mkOption { type = types.str; default ="/media/download/incomplete"; }; dlIncomplete = mkPathOption "/media/download/incomplete" { owner = "1000:1000"; };
dlConverted = mkOption { type = types.str; default ="/media/download/converted"; }; dlConverted = mkPathOption "/media/download/converted" { owner = "1000:1000"; };
}; };
}; };
default = {}; default = {};