pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Changed option namespace for better compatibility

Browse source
This commit is contained in:
pazpi 2024-08-27 17:49:31 +02:00
parent fe8045ee55
commit 8b25f46384
26 changed files with 407 additions and 232 deletions
Download patch file Download diff file Expand all files Collapse all files

82
hosts/arr/default.nix
View file

@ -1,63 +1,31 @@
{ config, pkgs, ... }:
let
# parameters = import ./parameters.nix { };
# GID = 888;
# user = "rtorrent";
# passwordHash = "$y$j9T$dA94KVg1/jYLqclQQbTDk.$cnfxBWUN8P4shr8Kkipv5bU/RCtQNoAwYFDZ0X/BYs5";
timeZone = "Europe/Rome";
defaultLocale = "en_US.UTF-8";
in
{
config,
pkgs,
lib,
...
}:
{
my = {
utils.commons.enable = true;
commons.enable = true;
proxmox.enable = true;
download-pod = {
enable = false;
proxy.enable = false;
};
services.podmanPods = {
mywebapp = {
name = "mywebapp";
ports = [
"9090:80"
"9443:443"
];
containers = {
webserver = {
enable = true;
image = "nginx";
volumes = [
"aaa:/config"
"bbb:/data"
];
};
appserver = {
image = "my-custom-app:latest";
};
};
networking.tailscale = {
enable = false;
exitNode = "vps";
# authKeyFile = builtins.toFile "authKey" ''${parameters.tailscaleAuthKey}'';
};
database = {
name = "database";
ports = [
"3333:4444"
"5432:5432"
];
containers = {
postgres = {
image = "postgres:13";
};
};
services.download-pod = {
enable = true;
proxy.enable = false;
};
virtualisation = {
proxmox.enable = true;
};
};
time.timeZone = "Europe/Rome";
# Extra packages
environment.systemPackages = with pkgs; [ ];
@ -65,13 +33,5 @@ in
openssh.enable = true;
};
tailscale = {
enable = false;
exitNode = "vps";
# authKeyFile = builtins.toFile "authKey" ''${parameters.tailscaleAuthKey}'';
};
time.timeZone = timeZone;
system.stateVersion = "24.05";
}

23
hosts/deadbeef/default.nix
View file

@ -1,6 +1,7 @@
{
config,
pkgs,
lib,
home-manager,
...
}:
@ -8,8 +9,6 @@
imports = [
./hardware-configuration.nix
# home-manager.nixosModules.home-manager
# ../../modules
# "${config.inputs.self}/modules"
];
# Don't use the systemd-boot EFI boot loader.
@ -38,16 +37,20 @@
};
};
desktopUser = {
enable = true;
userName = "pazpi";
hashedPassword = "$y$j9T$dA94KVg1/jYLqclQQbTDk.$cnfxBWUN8P4shr8Kkipv5bU/RCtQNoAwYFDZ0X/BYs5";
my = {
desktop = {
desktopUser = {
enable = true;
userName = "pazpi";
hashedPassword = "$y$j9T$dA94KVg1/jYLqclQQbTDk.$cnfxBWUN8P4shr8Kkipv5bU/RCtQNoAwYFDZ0X/BYs5";
};
audio.enable = false;
};
};
audio.enable = false;
# podman.enable = true;
# Vedi https://github.com/TLATER/dotfiles/blob/f989a86890f27f6b089e9d74b7e8356ec8e5683d/home-config/hosts/yui.nix
# home-manager.users.pazpi = import "${flake-inputs.self}/home-config/hosts/deadbeef.nix";

4
modules/desktop/audio.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.audio;
cfg = config.my.desktop.audio;
in
{
options.audio = {
options.my.desktop.audio = {
enable = lib.mkEnableOption "Enable sound module";
};

4
modules/desktop/desktop-user.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.desktopUser;
cfg = config.my.desktop.desktopUser;
in
{
options.desktopUser = {
options.my.desktop.desktopUser = {
enable = lib.mkEnableOption "Enable desktop user module";
userName = lib.mkOption {

4
modules/desktop/gnome.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.gnome;
cfg = config.my.desktop.gnome;
in
{
options.gnome = {
options.my.desktop.gnome = {
enable = lib.mkEnableOption "Enable Gnome and apply customization module";
keyboardLayout = lib.mkOption {

4
modules/desktop/plymouth.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.plymouth;
cfg = config.my.desktop.plymouth;
in
{
options.plymouth = {
options.my.desktop.plymouth = {
enable = lib.mkEnableOption "Enable Plymouth and apply customization module";
};

4
modules/desktop/steam.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.steam;
cfg = config.my.desktop.steam;
in
{
options.steam = {
options.my.desktop.steam = {
enable = lib.mkEnableOption "Enable Steam and apply customization module";
};

4
modules/networking/avahi.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.avahi;
cfg = config.my.networking.avahi;
in
{
options.avahi = {
options.my.networking.avahi = {
enable = lib.mkEnableOption "Enable Avahi and apply customization module";
};

4
modules/networking/tailscale.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.tailscale;
cfg = config.my.networking.tailscale;
in
{
options.tailscale = {
options.my.networking.tailscale = {
enable = lib.mkEnableOption "Enable Tailscale module";
authKeyFile = lib.mkOption {

149
modules/services/download-pod copy.nix Normal file
View file

@ -0,0 +1,149 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.my.services.download-pod;
in
{
options.my.services.download-pod = {
enable = lib.mkEnableOption "Enable the download searcher stack";
proxy = {
enable = lib.mkEnableOption "Enable proxy for the services";
hostName = lib.mkOption {
default = "example.com";
type = lib.types.str;
description = ''
Top level hostname
'';
};
serverName = lib.mkOption {
default = "localhost";
type = lib.types.str;
description = ''
Server name where Caddy is
'';
};
};
};
config = lib.mkIf cfg.enable {
my.virtualisation.podman.enable = true;
systemd.services.pod-download = {
description = "Start podman 'download' pod";
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [
"podman-jackett.service"
"podman-radarr.service"
"podman-sabnzbd.service"
"podman-sonarr.service"
];
unitConfig = {
RequiresMountsFor = "/run/containers";
};
serviceConfig = {
Type = "oneshot";
# - 7878: Radarr
# - 8080: Sabnzbd
# - 8989: Sonarr
# - 9117: Jackett
# - 9696: Prowlarr
ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 -p 9696:9696 download";
};
path = [ pkgs.podman ];
};
virtualisation.oci-containers.containers = {
my-pod = {
image = "k8s.gcr.io/pause:3.9";
extraOptions = [
"--pod=new:my-pod"
"--publish=8081:80" # Expose port 80 in the pod as 8080 on the host
"--publish=8082:82" # Expose port 82 in the pod as 8082 on the host
"--publish=83:9117" # Expose port 9117 in the pod as 83 on the host
];
};
jackett = {
image = "linuxserver/jackett";
autoStart = true;
extraOptions = [ "--pod=my-pod" ];
volumes = [
"jackett_config:/config"
"jackett_data:/data"
];
};
radarr = {
image = "linuxserver/radarr";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [
"radarr_config:/config"
"radarr_data:/data"
];
};
sabnzbd = {
image = "linuxserver/sabnzbd";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [
"sabnzbd_config:/config"
"sabnzbd_data:/data"
];
};
sonarr = {
image = "linuxserver/sonarr";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [
"sonarr_config:/config"
"sonarr_data:/data"
];
};
prowlarr = {
image = "linuxserver/prowlarr";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [ "prowlarr_config:/config" ];
};
};
services.caddy = lib.mkIf cfg.proxy.enable {
enable = true;
enableReload = false;
virtualHosts = {
"jackett.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:9117
'';
"radarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:7878
'';
"sabnzbd.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8080
'';
"sonarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8989
'';
};
};
};
}

6
modules/services/download-pod-old.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.download-pod-old;
cfg = config.my.services.download-pod-old;
in
{
options.download-pod-old = {
options.my.services.download-pod-old = {
enable = lib.mkEnableOption "Enable download services module";
proxy = {
@ -43,7 +43,7 @@ in
};
config = lib.mkIf cfg.enable {
podman.enable = true;
my.virtualisation.podman.enable = true;
systemd.services.pod-download = {
description = "Start podman 'download' pod";

157
modules/services/download-pod.nix
View file

@ -5,10 +5,33 @@
...
}:
let
cfg = config.download-pod;
cfg = config.my.services.download-pod;
containers = {
webserver = {
enable = true;
image = "nginx";
volumes = [
"aaa:/config"
"bbb:/data"
];
};
postgres = {
enable = false;
image = "postgres:13";
};
};
enabledContainers =
containers:
lib.mapAttrs (name: container: lib.removeAttrs container [ "enable" ]) (
lib.filterAttrs (name: container: container.enable) containers
);
in
{
options.download-pod = {
options.my.services.download-pod = {
enable = lib.mkEnableOption "Enable the download searcher stack";
proxy = {
@ -36,93 +59,69 @@ in
config = lib.mkIf cfg.enable {
podman.enable = true;
systemd.services.pod-download = {
description = "Start podman 'download' pod";
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [
"podman-jackett.service"
"podman-radarr.service"
"podman-sabnzbd.service"
"podman-sonarr.service"
];
unitConfig = {
RequiresMountsFor = "/run/containers";
my.virtualisation.podmanPods = {
mywebapp = {
name = "mywebapp";
ports = [
"9090:80"
"9443:443"
];
containers = enabledContainers containers;
};
serviceConfig = {
Type = "oneshot";
# - 7878: Radarr
# - 8080: Sabnzbd
# - 8989: Sonarr
# - 9117: Jackett
# - 9696: Prowlarr
ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 -p 9696:9696 download";
};
path = [ pkgs.podman ];
};
virtualisation.oci-containers.containers = {
virtualisation.oci-containers.containers = enabledContainers containers;
my-pod = {
image = "k8s.gcr.io/pause:3.9";
extraOptions = [
"--pod=new:my-pod"
"--publish=8081:80" # Expose port 80 in the pod as 8080 on the host
"--publish=8082:82" # Expose port 82 in the pod as 8082 on the host
"--publish=83:9117" # Expose port 9117 in the pod as 83 on the host
];
};
# virtualisation.oci-containers.containers = {
jackett = {
image = "linuxserver/jackett";
autoStart = true;
extraOptions = [ "--pod=my-pod" ];
volumes = [
"jackett_config:/config"
"jackett_data:/data"
];
};
# jackett = {
# image = "linuxserver/jackett";
# autoStart = true;
# extraOptions = [ "--pod=my-pod" ];
# volumes = [
# "jackett_config:/config"
# "jackett_data:/data"
# ];
# };
radarr = {
image = "linuxserver/radarr";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [
"radarr_config:/config"
"radarr_data:/data"
];
};
# radarr = {
# image = "linuxserver/radarr";
# autoStart = true;
# extraOptions = [ "--pod=download" ];
# volumes = [
# "radarr_config:/config"
# "radarr_data:/data"
# ];
# };
sabnzbd = {
image = "linuxserver/sabnzbd";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [
"sabnzbd_config:/config"
"sabnzbd_data:/data"
];
};
# sabnzbd = {
# image = "linuxserver/sabnzbd";
# autoStart = true;
# extraOptions = [ "--pod=download" ];
# volumes = [
# "sabnzbd_config:/config"
# "sabnzbd_data:/data"
# ];
# };
sonarr = {
image = "linuxserver/sonarr";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [
"sonarr_config:/config"
"sonarr_data:/data"
];
};
# sonarr = {
# image = "linuxserver/sonarr";
# autoStart = true;
# extraOptions = [ "--pod=download" ];
# volumes = [
# "sonarr_config:/config"
# "sonarr_data:/data"
# ];
# };
prowlarr = {
image = "linuxserver/prowlarr";
autoStart = true;
extraOptions = [ "--pod=download" ];
volumes = [ "prowlarr_config:/config" ];
};
# prowlarr = {
# image = "linuxserver/prowlarr";
# autoStart = true;
# extraOptions = [ "--pod=download" ];
# volumes = [ "prowlarr_config:/config" ];
# };
};
# };
services.caddy = lib.mkIf cfg.proxy.enable {
enable = true;

6
modules/services/nextcloud-podman.nix
View file

@ -5,15 +5,15 @@
...
}:
let
cfg = config.nextcloud-pd;
cfg = config.my.services.nextcloud-pd;
in
{
options.nextcloud-pd = {
options.my.services.nextcloud-pd = {
enable = lib.mkEnableOption "Enable Nextcloud module";
};
config = lib.mkIf cfg.enable {
podman.enable = true;
my.virtualisation.podman.enable = true;
virtualisation.oci-containers.containers = { };

4
modules/services/rutorrent.nix
View file

@ -8,7 +8,7 @@
with lib;
let
cfg = config.services.rutorrent;
cfg = config.my.services.rutorrent;
rutorrentPkgs = import ../packages/rutorrent.nix {
inherit pkgs;
@ -44,7 +44,7 @@ let
in
{
options = {
options.my = {
services.rutorrent = {
enable = mkEnableOption "ruTorrent";

4
modules/systems/btrfs-autoscrub.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.btrfsAutoscrub;
cfg = config.my.system.btrfsAutoscrub;
in
{
options.btrfsAutoscrub = {
options.my.system.btrfsAutoscrub = {
enable = lib.mkEnableOption "Enable BTRFS Auto Scrub module";
interval = lib.mkOption {

21
modules/systems/ssh.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, ... }:
let
cfg = config.my.systems.ssh;
in
{
options.my.systems.ssh = {
enable = lib.mkEnableOption "Enable SSH Server";
};
config = lib.mkIf cfg.enable {
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = false;
};
};
}

4
modules/utils/commons.nix
View file

@ -1,9 +1,9 @@
{ config, lib, ... }:
let
cfg = config.commons;
cfg = config.my.utils.commons;
in
{
options.commons = {
options.my.utils.commons = {
enable = lib.mkEnableOption "Enable commons stuff that are always nice to have";
allowReboot = lib.mkOption {

7
modules/utils/server-node-users.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.serverNodeUsers;
cfg = config.my.utils.serverNodeUsers;
in
{
options.serverNodeUsers = {
options.my.utils.serverNodeUsers = {
enable = lib.mkEnableOption "Set users for server hosts";
};
@ -24,9 +24,6 @@ in
users.root = {
hashedPassword = "!";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
];
};
users.pazpi = {

1
modules/virtualisation/default.nix
View file

@ -6,6 +6,5 @@
./lxc-guest.nix
./podman.nix
./podman-pod.nix
./proxmox.nix
];
}

4
modules/virtualisation/docker.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.docker;
cfg = config.my.virtualisation.docker;
in
{
options.docker = {
options.my.virtualisation.docker = {
enable = lib.mkEnableOption "Enable Docker module";
};

4
modules/virtualisation/libvirtd.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.libvirtd;
cfg = config.my.virtualisation.libvirtd;
in
{
options.libvirtd = {
options.my.virtualisation.libvirtd = {
enable = lib.mkEnableOption "Enable libvirtd module";
};

4
modules/virtualisation/lxc-guest.nix
View file

@ -1,9 +1,9 @@
{ config, lib, ... }:
let
cfg = config.lxcGuest;
cfg = config.my.virtualisation.lxcGuest;
in
{
options.lxcGuest = {
options.my.virtualisation.lxcGuest = {
enable = lib.mkEnableOption "NixOs inside LXC container";
};

4
modules/virtualisation/lxc.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.lxc;
cfg = config.my.virtualisation.lxc;
in
{
options.lxc = {
options.my.virtualisation.lxc = {
enable = lib.mkEnableOption "Enable LXC module";
};

120
modules/virtualisation/podman-pod.nix
View file

@ -1,4 +1,3 @@
# Save this as podman-pod.nix
{
config,
lib,
@ -9,44 +8,67 @@
with lib;
let
cfg = config.services.podmanPods;
cfg = config.my.virtualisation.podmanPods;
# Get the options from the original oci-containers module
containerOptions = (
filterAttrs (
n: v: n != "definition"
) config.virtualisation.oci-containers.containers.type.getSubOptions
);
# containerOptions = (
# filterAttrs (
# n: v: n != "definition"
# ) config.virtualisation.oci-containers.containers.type.getSubOptions
# );
# containerDefinition = mkOption {
# type = types.attrs;
# description = "The container definition, derived from virtualisation.oci-containers.containers.";
# example = {
# image = "nginx:latest";
# ports = [ "8080:80" ];
# };
# default = { };
# };
# containerDefinition = mkOption {
# type = types.attrs;
# description = "The container definition, derived from virtualisation.oci-containers.containers.";
# example = {
# image = "nginx:latest";
# ports = [ "8080:80" ];
# };
# default = {};
# };
# # config.virtualisation.oci-containers.containers.type.getSubOptions;
containerDefinition = config.virtualisation.oci-containers.containers.type.getSubOptions;
# Add our enable option
extendedContainerOptions = containerOptions // {
extendedContainerOptions = containerDefinition // {
enable = mkEnableOption "Enable this container";
};
podOptions =
{ name, config, ... }:
{
options = {
podOptions = {
options = with types; {
name = mkOption {
type = types.str;
description = "Name of the pod";
};
name = mkOption {
type = str;
description = "Name of the pod";
};
ports = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of port mappings (e.g. ['8080:80'])";
};
containers = mkOption {
type = types.attrsOf (types.submodule { options = extendedContainerOptions; });
default = { };
description = "Attribute set of OCI container configurations for this set";
};
ports = mkOption {
type = listOf str;
default = [ ];
description = "List of port mappings (e.g. ['8080:80'])";
};
containers = mkOption {
type = attrsOf (submodule {
options = extendedContainerOptions;
});
default = { };
description = "Attribute set of OCI container configurations for this set";
};
};
};
createPodScript =
name: podDef:
@ -82,27 +104,49 @@ let
fi
'';
enabledContainers = lib.flatten (
mapAttrs (
podName: podConfig: filterAttrs (name: value: value.enable or true) podConfig.containers
) cfg
);
# enabledContainers = lib.flatten (
# mapAttrs (
# podName: podConfig: filterAttrs (name: value: value.enable or true) podConfig.containers
# ) cfg
# );
# flattenPodContainers =
# pods:
# mapAttrs' (
# podName: pod:
# mapAttrs' (
# containerName: container:
# nameValuePair "${podName}-${containerName}" (
# container
# # // {
# # inherit (pod) name;
# # extraOptions = (container.extraOptions or [ ]) ++ [ "--pod=${pod.name}" ];
# # }
# )
# ) (filterAttrs (n: v: v.enable or true) pod.containers)
# ) pods;
in
{
options.services.podmanPods = mkOption {
options.my.virtualisation.podmanPods = mkOption {
type = types.attrsOf (types.submodule podOptions);
default = { };
description = "Podman pods to create";
};
config = mkIf (cfg != { }) {
virtualisation.podman.enable = true;
virtualisation.oci-containers.backend = "podman";
my.virtualisation.podman.enable = true;
environment.systemPackages = [ pkgs.jq ];
virtualisation.oci-containers.containers = enabledContainers;
# virtualisation.oci-containers.containers = enabledContainers;
# virtualisation.oci-containers.containers = flattenPodContainers cfg;
# virtualisation.oci-containers.containers = lib.mkMerge (
# map (entry: entry.container) (filter (entry: entry.enable) cfg.containers)
# );
# virtualisation.oci-containers.containers = listToAttrs (flatten (mapAttrsToList
# (podName: podDef:
@ -159,6 +203,7 @@ in
wantedBy = [ "multi-user.target" ];
}
) cfg;
containerServices = mapAttrs' (
name: container:
nameValuePair "podman-${name}" {
@ -166,8 +211,9 @@ in
requires = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
partOf = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
}
) config.virtualisation.oci-containers.containers;
) config.containers;
in
podServices // containerServices;
};
}

4
modules/virtualisation/podman.nix
View file

@ -5,10 +5,10 @@
...
}:
let
cfg = config.podman;
cfg = config.my.virtualisation.podman;
in
{
options.podman = {
options.my.virtualisation.podman = {
enable = lib.mkEnableOption "Enable Podman module";
};

7
modules/virtualisation/proxmox.nix
View file

@ -2,15 +2,16 @@
config,
lib,
pkgs,
inputs,
...
}:
let
cfg = config.proxmox;
cfg = config.my.virtualisation.proxmox;
in
{
options.proxmox = {
options.my.virtualisation.proxmox = {
enable = lib.mkEnableOption "If this host is running inside Proxmox";
privileged = lib.mkOption {
@ -50,7 +51,7 @@ in
manageHostName = cfg.manageHostName;
};
serverNodeUsers.enable = true;
my.utils.serverNodeUsers.enable = true;
};
}