pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix fmt with "nixfmt-rfc-style"

Browse source
This commit is contained in:
pazpi 2024-08-27 09:46:44 +02:00
parent 4a39b2cbfd
commit eb9f742b1e
26 changed files with 460 additions and 267 deletions
Download patch file Download diff file Expand all files Collapse all files

12
hosts/arr/default.nix
View file

@ -23,12 +23,18 @@ in
services.podmanPods = { services.podmanPods = {
mywebapp = { mywebapp = {
name = "mywebapp"; name = "mywebapp";
ports = [ "9090:80" "9443:443" ]; ports = [
"9090:80"
"9443:443"
];
containers = { containers = {
webserver = { webserver = {
enable = true; enable = true;
image = "nginx"; image = "nginx";
volumes = [ "aaa:/config" "bbb:/data" ]; volumes = [
"aaa:/config"
"bbb:/data"
];
}; };
appserver = { appserver = {
image = "my-custom-app:latest"; image = "my-custom-app:latest";
@ -50,8 +56,6 @@ in
}; };
}; };
# Extra packages # Extra packages
# environment.systemPackages = with pkgs; [ ]; # environment.systemPackages = with pkgs; [ ];

9
hosts/deadbeef/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, home-manager, ... }: {
config,
pkgs,
home-manager,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -43,8 +48,6 @@
# podman.enable = true; # podman.enable = true;
download-pod.enable = true;
# Vedi https://github.com/TLATER/dotfiles/blob/f989a86890f27f6b089e9d74b7e8356ec8e5683d/home-config/hosts/yui.nix # Vedi https://github.com/TLATER/dotfiles/blob/f989a86890f27f6b089e9d74b7e8356ec8e5683d/home-config/hosts/yui.nix
# home-manager.users.pazpi = import "${flake-inputs.self}/home-config/hosts/deadbeef.nix"; # home-manager.users.pazpi = import "${flake-inputs.self}/home-config/hosts/deadbeef.nix";

78
hosts/deadbeef/hardware-configuration.nix
View file

@ -1,47 +1,65 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-label/NixOS";
device = "/dev/disk/by-label/NixOS"; fsType = "btrfs";
fsType = "btrfs"; options = [
options = [ "subvol=root" "compress=zstd" "discard=async" ]; "subvol=root"
}; "compress=zstd"
"discard=async"
];
};
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-label/NixOS";
device = "/dev/disk/by-label/NixOS"; fsType = "btrfs";
fsType = "btrfs"; options = [
options = [ "subvol=home" "compress=zstd" "discard=async" ]; "subvol=home"
}; "compress=zstd"
"discard=async"
];
};
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-label/NixOS";
device = "/dev/disk/by-label/NixOS"; fsType = "btrfs";
fsType = "btrfs"; options = [
options = [ "subvol=nix" "noatime" "discard=async" ]; "subvol=nix"
}; "noatime"
"discard=async"
];
};
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-label/BOOT";
device = "/dev/disk/by-label/BOOT"; fsType = "vfat";
fsType = "vfat"; };
};
swapDevices = [{ device = "/dev/disk/by-label/SWAP"; }]; swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

7
lxc-nix/configuration-empty.nix
View file

@ -68,7 +68,7 @@ in
hashedPassword = "$6$gir1YD6tNdC9xAj0$zLr1yt/ea9PvwygjHfQVnPmeCd1.2zrAKWiN80duidwOkZF6hwm06ta6J3O9uw6F3uUHC0N7iiKYhCgXXR.Q7/"; hashedPassword = "$6$gir1YD6tNdC9xAj0$zLr1yt/ea9PvwygjHfQVnPmeCd1.2zrAKWiN80duidwOkZF6hwm06ta6J3O9uw6F3uUHC0N7iiKYhCgXXR.Q7/";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrVYJrU6Ys2o/QYfI6Es5yqVVyjUyDYj6Fglvz63ywP krzo@pazpi.top" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrVYJrU6Ys2o/QYfI6Es5yqVVyjUyDYj6Fglvz63ywP krzo@pazpi.top"
]; ];
}; };
@ -82,7 +82,10 @@ in
"sys-fs-fuse-connections.mount" "sys-fs-fuse-connections.mount"
]; ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

5
lxc-nix/configuration.nix
View file

@ -125,7 +125,10 @@ in
"sys-fs-fuse-connections.mount" "sys-fs-fuse-connections.mount"
]; ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

5
lxc-nix/services/networking.nix
View file

@ -21,7 +21,10 @@
# }; # };
# Since we don't use DHCP, we need to set our own nameservers. # Since we don't use DHCP, we need to set our own nameservers.
nameservers = [ "1.1.1.1" "1.0.0.1" ]; nameservers = [
"1.1.1.1"
"1.0.0.1"
];
}; };

7
modules/audio.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.audio; cfg = config.audio;
in in

7
modules/btrfs-autoscrub.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.btrfsAutoscrub; cfg = config.btrfsAutoscrub;
in in

5
modules/commons.nix
View file

@ -25,7 +25,10 @@ in
nix = { nix = {
settings.experimental-features = [ "nix-command" "flakes" ]; settings.experimental-features = [
"nix-command"
"flakes"
];
gc = { gc = {
# Auto delete old generations # Auto delete old generations

63
modules/desktop/gnome.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.gnome; cfg = config.gnome;
in in
@ -58,33 +63,35 @@ in
]; ];
# Remove standard Gnome Packages # Remove standard Gnome Packages
gnome.excludePackages = (with pkgs; [ gnome.excludePackages =
gedit # text editor (with pkgs; [
gnome-photos gedit # text editor
gnome-tour gnome-photos
gnome-connections gnome-tour
gnome-photos gnome-connections
]) ++ (with pkgs.gnome; [ gnome-photos
atomix # puzzle game ])
cheese # webcam tool ++ (with pkgs.gnome; [
epiphany # web browser atomix # puzzle game
evince # document viewer cheese # webcam tool
geary # email reader epiphany # web browser
gnome-calendar evince # document viewer
gnome-characters geary # email reader
gnome-clocks gnome-calendar
gnome-contacts gnome-characters
gnome-font-viewer gnome-clocks
gnome-maps gnome-contacts
gnome-music gnome-font-viewer
gnome-terminal gnome-maps
gnome-weather gnome-music
hitori # sudoku game gnome-terminal
iagno # go game gnome-weather
tali # poker game hitori # sudoku game
totem # video player iagno # go game
yelp # help viewer tali # poker game
]); totem # video player
yelp # help viewer
]);
}; };

11
modules/desktop/plymouth.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.plymouth; cfg = config.plymouth;
in in
@ -11,7 +16,9 @@ in
boot.plymouth = { boot.plymouth = {
enable = true; enable = true;
theme = "colorful_loop"; theme = "colorful_loop";
themePackages = [ (pkgs.adi1090x-plymouth-themes.override { selected_themes = [ "colorful_loop" ]; }) ]; themePackages = [
(pkgs.adi1090x-plymouth-themes.override { selected_themes = [ "colorful_loop" ]; })
];
}; };
}; };

7
modules/desktop/steam.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.steam; cfg = config.steam;
in in

19
modules/main-user.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.mainUser; cfg = config.mainUser;
in in
@ -37,14 +42,22 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.users.${cfg.userName} = { users.users.${cfg.userName} = {
description = cfg.description; description = cfg.description;
extraGroups = [ "users" "wheel" ]; extraGroups = [
"users"
"wheel"
];
initialHashedPassword = cfg.hashedPassword; initialHashedPassword = cfg.hashedPassword;
isNormalUser = true; isNormalUser = true;
isSystemUser = false; isSystemUser = false;
shell = pkgs.zsh; shell = pkgs.zsh;
uid = 1000; uid = 1000;
packages = with pkgs; lib.mkIf cfg.flatpak [ flatpak gnome.gnome-software ]; packages =
with pkgs;
lib.mkIf cfg.flatpak [
flatpak
gnome.gnome-software
];
}; };
console.keyMap = "it"; console.keyMap = "it";

7
modules/networking/avahi.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.avahi; cfg = config.avahi;
in in

7
modules/networking/tailscale.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.tailscale; cfg = config.tailscale;
in in

193
modules/services/download-pod-old.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.download-pod-old; cfg = config.download-pod-old;
in in
@ -37,103 +42,113 @@ in
}; };
config = lib.mkIf cfg.enable config = lib.mkIf cfg.enable {
{ podman.enable = true;
podman.enable = true;
systemd.services.pod-download = { systemd.services.pod-download = {
description = "Start podman 'download' pod"; description = "Start podman 'download' pod";
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
requiredBy = [ requiredBy = [
"podman-jackett.service" "podman-jackett.service"
"podman-radarr.service" "podman-radarr.service"
"podman-sabnzbd.service" "podman-sabnzbd.service"
"podman-sonarr.service" "podman-sonarr.service"
];
unitConfig = {
RequiresMountsFor = "/run/containers";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 download";
}; # -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989
#--share cgroup,ipc,uts
path = [ pkgs.podman ];
};
virtualisation.oci-containers.containers = {
jackett = {
image = "linuxserver/jackett";
autoStart = true;
user = "1000:100";
ports = [ "9117:9117" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [
"jackett_config:/config"
"${cfg.dataDir}:/data"
]; ];
unitConfig = {
RequiresMountsFor = "/run/containers";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 download";
}; # -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989
#--share cgroup,ipc,uts
path = [ pkgs.podman ];
}; };
virtualisation.oci-containers.containers = { radarr = {
jackett = { image = "linuxserver/radarr";
image = "linuxserver/jackett"; autoStart = true;
autoStart = true; user = "1000:100";
user = "1000:100"; ports = [ "7878:7878" ];
ports = [ "9117:9117" ]; extraOptions = [
extraOptions = [ "--init=true"
"--init=true" "--pod=download"
"--pod=download" ];
]; volumes = [
volumes = [ "jackett_config:/config" "${cfg.dataDir}:/data" ]; "radarr_config:/config"
}; "${cfg.dataDir}:/data"
];
radarr = {
image = "linuxserver/radarr";
autoStart = true;
user = "1000:100";
ports = [ "7878:7878" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "radarr_config:/config" "${cfg.dataDir}:/data" ];
};
sabnzbd = {
image = "linuxserver/sabnzbd";
autoStart = true;
user = "1000:100";
ports = [ "8080:8080" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "sabnzbd_config:/config" "${cfg.dataDir}:/data" ];
};
sonarr = {
image = "linuxserver/sonarr";
autoStart = true;
user = "1000:100";
ports = [ "8989:8989" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "sonarr_config:/config" "${cfg.dataDir}:/data" ];
};
}; };
services.caddy = lib.mkIf cfg.proxy.enable { sabnzbd = {
enable = true; image = "linuxserver/sabnzbd";
enableReload = false; autoStart = true;
virtualHosts = { user = "1000:100";
"jackett.${cfg.proxy.hostName}".extraConfig = '' ports = [ "8080:8080" ];
reverse_proxy http://${cfg.proxy.serverName}:9117 extraOptions = [
''; "--init=true"
"radarr.${cfg.proxy.hostName}".extraConfig = '' "--pod=download"
reverse_proxy http://${cfg.proxy.serverName}:7878 ];
''; volumes = [
"sabnzbd.${cfg.proxy.hostName}".extraConfig = '' "sabnzbd_config:/config"
reverse_proxy http://${cfg.proxy.serverName}:8080 "${cfg.dataDir}:/data"
''; ];
"sonarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8989
'';
};
}; };
sonarr = {
image = "linuxserver/sonarr";
autoStart = true;
user = "1000:100";
ports = [ "8989:8989" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [
"sonarr_config:/config"
"${cfg.dataDir}:/data"
];
};
}; };
services.caddy = lib.mkIf cfg.proxy.enable {
enable = true;
enableReload = false;
virtualHosts = {
"jackett.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:9117
'';
"radarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:7878
'';
"sabnzbd.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8080
'';
"sonarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8989
'';
};
};
};
} }

40
modules/services/download-pod.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.download-pod; cfg = config.download-pod;
in in
@ -73,45 +78,47 @@ in
jackett = { jackett = {
image = "linuxserver/jackett"; image = "linuxserver/jackett";
autoStart = true; autoStart = true;
extraOptions = [ extraOptions = [ "--pod=my-pod" ];
"--pod=my-pod" volumes = [
"jackett_config:/config"
"jackett_data:/data"
]; ];
volumes = [ "jackett_config:/config" "jackett_data:/data" ];
}; };
radarr = { radarr = {
image = "linuxserver/radarr"; image = "linuxserver/radarr";
autoStart = true; autoStart = true;
extraOptions = [ extraOptions = [ "--pod=download" ];
"--pod=download" volumes = [
"radarr_config:/config"
"radarr_data:/data"
]; ];
volumes = [ "radarr_config:/config" "radarr_data:/data" ];
}; };
sabnzbd = { sabnzbd = {
image = "linuxserver/sabnzbd"; image = "linuxserver/sabnzbd";
autoStart = true; autoStart = true;
extraOptions = [ extraOptions = [ "--pod=download" ];
"--pod=download" volumes = [
"sabnzbd_config:/config"
"sabnzbd_data:/data"
]; ];
volumes = [ "sabnzbd_config:/config" "sabnzbd_data:/data" ];
}; };
sonarr = { sonarr = {
image = "linuxserver/sonarr"; image = "linuxserver/sonarr";
autoStart = true; autoStart = true;
extraOptions = [ extraOptions = [ "--pod=download" ];
"--pod=download" volumes = [
"sonarr_config:/config"
"sonarr_data:/data"
]; ];
volumes = [ "sonarr_config:/config" "sonarr_data:/data" ];
}; };
prowlarr = { prowlarr = {
image = "linuxserver/prowlarr"; image = "linuxserver/prowlarr";
autoStart = true; autoStart = true;
extraOptions = [ extraOptions = [ "--pod=download" ];
"--pod=download"
];
volumes = [ "prowlarr_config:/config" ]; volumes = [ "prowlarr_config:/config" ];
}; };
@ -139,5 +146,4 @@ in
}; };
} }

7
modules/services/nextcloud-podman.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.nextcloud-pd; cfg = config.nextcloud-pd;
in in

72
modules/services/rutorrent.nix
View file

@ -1,22 +1,40 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.services.rutorrent; cfg = config.services.rutorrent;
rutorrentPkgs = import ../packages/rutorrent.nix { inherit pkgs; inherit lib; }; rutorrentPkgs = import ../packages/rutorrent.nix {
inherit pkgs;
inherit lib;
};
rtorrentPluginDependencies = with pkgs; { rtorrentPluginDependencies = with pkgs; {
_task = [ procps ]; _task = [ procps ];
unpack = [ unzip unrar ]; unpack = [
unzip
unrar
];
rss = [ curl ]; rss = [ curl ];
mediainfo = [ mediainfo ]; mediainfo = [ mediainfo ];
spectrogram = [ sox ]; spectrogram = [ sox ];
screenshots = [ ffmpeg ]; screenshots = [ ffmpeg ];
}; };
python = with pkgs; (python312.withPackages (p: with p; [ cloudscraper cfscrape ])); python =
with pkgs;
(python312.withPackages (
p: with p; [
cloudscraper
cfscrape
]
));
phpPluginDependencies = with pkgs; { phpPluginDependencies = with pkgs; {
_cloudflare = [ python ]; _cloudflare = [ python ];
@ -77,7 +95,13 @@ in
}; };
poolSettings = mkOption { poolSettings = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]); type =
with types;
attrsOf (oneOf [
str
int
bool
]);
default = { default = {
"pm" = "dynamic"; "pm" = "dynamic";
"pm.max_children" = 32; "pm.max_children" = 32;
@ -118,7 +142,10 @@ in
{ {
assertions = assertions =
let let
usedRpcPlugins = intersectLists cfg.plugins [ "httprpc" "rpc" ]; usedRpcPlugins = intersectLists cfg.plugins [
"httprpc"
"rpc"
];
in in
[ [
{ {
@ -136,11 +163,17 @@ in
nginxVhostCfg = config.services.nginx.virtualHosts."${cfg.hostName}"; nginxVhostCfg = config.services.nginx.virtualHosts."${cfg.hostName}";
in in
[ ] [ ]
++ (optional (cfg.nginx.exposeInsecureRPC2mount && (nginxVhostCfg.basicAuth == { } || nginxVhostCfg.basicAuthFile == null)) '' ++ (optional
You are using exposeInsecureRPC2mount without using basic auth on the virtual host. The exposed rpc mount allow for remote command execution. (
cfg.nginx.exposeInsecureRPC2mount
&& (nginxVhostCfg.basicAuth == { } || nginxVhostCfg.basicAuthFile == null)
)
''
You are using exposeInsecureRPC2mount without using basic auth on the virtual host. The exposed rpc mount allow for remote command execution.
Please make sure it is not accessible from the outside. Please make sure it is not accessible from the outside.
''); ''
);
systemd = { systemd = {
services = { services = {
@ -229,8 +262,11 @@ in
cp -r ${rutorrentPkgs}/php ${cfg.dataDir}/ cp -r ${rutorrentPkgs}/php ${cfg.dataDir}/
${optionalString (cfg.plugins != []) ${optionalString (cfg.plugins != [ ])
''cp -r ${concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins} ${cfg.dataDir}/plugins/''} ''cp -r ${
concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins
} ${cfg.dataDir}/plugins/''
}
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}/{conf,share,logs,plugins} chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}/{conf,share,logs,plugins}
chmod -R 755 ${cfg.dataDir}/{conf,share,logs,plugins} chmod -R 755 ${cfg.dataDir}/{conf,share,logs,plugins}
@ -263,7 +299,10 @@ in
{ {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [
80
443
];
}; };
services = { services = {
@ -303,11 +342,12 @@ in
pool = { pool = {
user = cfg.user; user = cfg.user;
group = config.services.rtorrent.group; group = config.services.rtorrent.group;
settings = mapAttrs (name: mkDefault) settings =
{ mapAttrs (name: mkDefault) {
"listen.owner" = config.services.nginx.user; "listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group; "listen.group" = config.services.nginx.group;
} // cfg.poolSettings; }
// cfg.poolSettings;
}; };
in in
if (envPath == "") then pool else pool // { phpEnv.PATH = envPath; }; if (envPath == "") then pool else pool // { phpEnv.PATH = envPath; };

7
modules/virtualisation/docker.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.docker; cfg = config.docker;
in in

7
modules/virtualisation/libvirtd.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.libvirtd; cfg = config.libvirtd;
in in

7
modules/virtualisation/lxc.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.lxc; cfg = config.lxc;
in in

126
modules/virtualisation/podman-pod.nix
View file

@ -1,5 +1,10 @@
# Save this as podman-pod.nix # Save this as podman-pod.nix
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
@ -7,40 +12,44 @@ let
cfg = config.services.podmanPods; cfg = config.services.podmanPods;
# Get the options from the original oci-containers module # Get the options from the original oci-containers module
containerOptions = (filterAttrs (n: v: n != "definition") containerOptions = (
config.virtualisation.oci-containers.containers.type.getSubOptions); filterAttrs (
n: v: n != "definition"
) config.virtualisation.oci-containers.containers.type.getSubOptions
);
# Add our enable option # Add our enable option
extendedContainerOptions = containerOptions // { extendedContainerOptions = containerOptions // {
enable = mkEnableOption "Enable this container"; enable = mkEnableOption "Enable this container";
}; };
podOptions = { name, config, ... }: { podOptions =
options = { { name, config, ... }:
{
options = {
name = mkOption {
type = types.str;
description = "Name of the pod";
};
ports = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of port mappings (e.g. ['8080:80'])";
};
containers = mkOption {
type = types.attrsOf (types.submodule { options = extendedContainerOptions; });
default = { };
description = "Attribute set of OCI container configurations for this set";
};
name = mkOption {
type = types.str;
description = "Name of the pod";
}; };
ports = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of port mappings (e.g. ['8080:80'])";
};
containers = mkOption {
type = types.attrsOf (types.submodule {
options = extendedContainerOptions;
});
default = { };
description = "Attribute set of OCI container configurations for this set";
};
}; };
};
createPodScript = name: podDef: createPodScript =
name: podDef:
let let
podDefinitionString = builtins.toJSON { inherit (podDef) ports; }; podDefinitionString = builtins.toJSON { inherit (podDef) ports; };
in in
@ -73,11 +82,11 @@ let
fi fi
''; '';
enabledContainers = lib.flatten (mapAttrs enabledContainers = lib.flatten (
(podName: podConfig: mapAttrs (
filterAttrs (name: value: value.enable or true) podConfig.containers podName: podConfig: filterAttrs (name: value: value.enable or true) podConfig.containers
) ) cfg
cfg); );
in in
{ {
@ -126,37 +135,38 @@ in
# ) # )
# (filterAttrs (name: value: value.enable) cfg.containers); # (filterAttrs (name: value: value.enable) cfg.containers);
networking.firewall.allowedTCPPorts = flatten (mapAttrsToList networking.firewall.allowedTCPPorts = flatten (
(name: podDef: mapAttrsToList (
map (portMapping: lib.toInt (lib.head (lib.splitString ":" portMapping))) podDef.ports name: podDef: map (portMapping: lib.toInt (lib.head (lib.splitString ":" portMapping))) podDef.ports
) ) cfg
cfg); );
systemd.services = systemd.services =
let let
podServices = mapAttrs' podServices = mapAttrs' (
(name: podDef: name: podDef:
nameValuePair "podman-pod-${name}" { nameValuePair "podman-pod-${name}" {
description = "Manage Podman pod: ${name}"; description = "Manage Podman pod: ${name}";
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${createPodScript name podDef}"; ExecStart = "${createPodScript name podDef}";
}; };
path = [ pkgs.jq pkgs.podman ]; path = [
after = [ "network.target" ]; pkgs.jq
wantedBy = [ "multi-user.target" ]; pkgs.podman
} ];
) after = [ "network.target" ];
cfg; wantedBy = [ "multi-user.target" ];
containerServices = mapAttrs' }
(name: container: ) cfg;
nameValuePair "podman-${name}" { containerServices = mapAttrs' (
after = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; name: container:
requires = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; nameValuePair "podman-${name}" {
partOf = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; after = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
} requires = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
) partOf = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
config.virtualisation.oci-containers.containers; }
) config.virtualisation.oci-containers.containers;
in in
podServices // containerServices; podServices // containerServices;
}; };

7
modules/virtualisation/podman.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.podman; cfg = config.podman;
in in

7
modules/virtualisation/proxmox.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.proxmox; cfg = config.proxmox;

5
packages/rutorrent.nix
View file

@ -1,4 +1,7 @@
{ pkgs ? import <nixpkgs> { }, lib, }: {
pkgs ? import <nixpkgs> { },
lib,
}:
with pkgs; with pkgs;