myned/nixos
myned/nixos
1
1
Fork 0
Code Issues Activity

nix: move settings.containers to top-level custom

Browse source 
Signed-off-by: Myned <dev@bjork.tech>
This commit is contained in:
Myned 2024-10-06 10:16:52 -05:00
parent 3e787c2cba
commit 0fe3308ef6
Signed by: myned
GPG key ID: C7224454F7881A34
19 changed files with 90 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
options/custom/settings/containers/actualbudget.nix → options/custom/containers/actualbudget.nix
View file

@ -4,9 +4,9 @@
...
}:
with lib; let
cfg = config.custom.settings.containers.actualbudget;
cfg = config.custom.containers.actualbudget;
in {
options.custom.settings.containers.actualbudget.enable = mkOption {default = false;};
options.custom.containers.actualbudget.enable = mkOption {default = false;};
config = mkIf cfg.enable {
#?? arion-actualbudget pull
@ -21,7 +21,7 @@ in {
image = "actualbudget/actual-server:24.9.0";
ports = ["5006:5006"];
restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/actualbudget/data:/data"];
volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"];
# TODO: Set up trusted proxies
};
};

8
options/custom/settings/containers/coturn.nix → options/custom/containers/coturn.nix
View file

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.custom.settings.containers.coturn;
cfg = config.custom.containers.coturn;
in {
options.custom.settings.containers.coturn.enable = mkOption {default = false;};
options.custom.containers.coturn.enable = mkOption {default = false;};
config = mkIf cfg.enable {
age.secrets = let
@ -33,7 +33,7 @@ in {
restart = "unless-stopped";
volumes = [
"${config.custom.settings.containers.directory}/coturn/coturn.conf:/etc/coturn/turnserver.conf"
"${config.custom.containers.directory}/coturn/coturn.conf:/etc/coturn/turnserver.conf"
];
};
};
@ -43,7 +43,7 @@ in {
# HACK: Copy with global read-only permissions in container directory which is assumed to be locked down
# https://github.com/moby/moby/issues/2259
systemd.tmpfiles.rules = [
"C ${config.custom.settings.containers.directory}/coturn/coturn.conf 0444 - - - ${
"C ${config.custom.containers.directory}/coturn/coturn.conf 0444 - - - ${
config.age.secrets."${config.custom.profile}/coturn/coturn.conf".path
}"
];

6
options/custom/settings/containers/default.nix → options/custom/containers/default.nix
View file

@ -6,10 +6,10 @@
...
}:
with lib; let
cfg = config.custom.settings.containers;
cfg = config.custom.containers;
in {
options.custom.settings.containers = {
enable = mkOption {default = false;};
options.custom.containers = {
enable = mkOption {default = config.custom.full;};
boot = mkOption {default = false;};
directory = mkOption {default = "/containers";};
docker = mkOption {default = true;};

8
options/custom/settings/containers/forgejo.nix → options/custom/containers/forgejo.nix
View file

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.custom.settings.containers.forgejo;
cfg = config.custom.containers.forgejo;
in {
options.custom.settings.containers.forgejo.enable = mkOption {default = false;};
options.custom.containers.forgejo.enable = mkOption {default = false;};
config = mkIf cfg.enable {
age.secrets = let
@ -38,7 +38,7 @@ in {
env_file = [config.age.secrets."${config.custom.profile}/forgejo/.env".path];
image = "codeberg.org/forgejo/forgejo:8";
restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/forgejo/data:/data"];
volumes = ["${config.custom.containers.directory}/forgejo/data:/data"];
ports = [
"127.0.0.1:3333:3000"
@ -51,7 +51,7 @@ in {
env_file = [config.age.secrets."${config.custom.profile}/forgejo/db.env".path];
image = "postgres:15";
restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/forgejo/db:/var/lib/postgresql/data"];
volumes = ["${config.custom.containers.directory}/forgejo/db:/var/lib/postgresql/data"];
};
};
};

6
options/custom/settings/containers/foundryvtt.nix → options/custom/containers/foundryvtt.nix
View file

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.custom.settings.containers.foundryvtt;
cfg = config.custom.containers.foundryvtt;
in {
options.custom.settings.containers.foundryvtt.enable = mkOption {default = false;};
options.custom.containers.foundryvtt.enable = mkOption {default = false;};
config = mkIf cfg.enable {
age.secrets = let
@ -31,7 +31,7 @@ in {
image = "felddy/foundryvtt:12";
ports = ["127.0.0.1:30000:30000"];
restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/foundryvtt/data:/data"];
volumes = ["${config.custom.containers.directory}/foundryvtt/data:/data"];
};
};
};

8
options/custom/settings/containers/headscale.nix → options/custom/containers/headscale.nix
View file

@ -6,9 +6,9 @@
...
}:
with lib; let
cfg = config.custom.settings.containers.headscale;
cfg = config.custom.containers.headscale;
in {
options.custom.settings.containers.headscale.enable = mkOption {default = false;};
options.custom.containers.headscale.enable = mkOption {default = false;};
config = mkIf cfg.enable {
age.secrets = let
@ -43,8 +43,8 @@ in {
];
volumes = [
"${config.custom.settings.containers.directory}/headscale/config:/etc/headscale"
"${config.custom.settings.containers.directory}/headscale/data:/var/lib/headscale"
"${config.custom.containers.directory}/headscale/config:/etc/headscale"
"${config.custom.containers.directory}/headscale/data:/var/lib/headscale"
# Minimum config.yaml
# https://github.com/juanfont/headscale/blob/main/config-example.yaml

6
options/custom/settings/containers/homeassistant.nix → options/custom/containers/homeassistant.nix
View file

@ -4,9 +4,9 @@
...
}:
with lib; let
cfg = config.custom.settings.containers.homeassistant;
cfg = config.custom.containers.homeassistant;
in {
options.custom.settings.containers.homeassistant.enable = mkOption {default = false;};
options.custom.containers.homeassistant.enable = mkOption {default = false;};
config = mkIf cfg.enable {
#?? arion-homeassistant pull
@ -21,7 +21,7 @@ in {
image = "homeassistant/home-assistant:2024.9.1";
ports = ["8123:8123"];
restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/homeassistant/config:/config"];
volumes = ["${config.custom.containers.directory}/homeassistant/config:/config"];
};
};
};

10
options/custom/settings/containers/mastodon.nix → options/custom/containers/mastodon.nix
View file

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.custom.settings.containers.mastodon;
cfg = config.custom.containers.mastodon;
in {
options.custom.settings.containers.mastodon.enable = mkOption {default = false;};
options.custom.containers.mastodon.enable = mkOption {default = false;};
config = mkIf cfg.enable {
age.secrets = let
@ -34,7 +34,7 @@ in {
image = "lscr.io/linuxserver/mastodon:4.2.12";
ports = ["3000:443"];
restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/mastodon/config:/config"];
volumes = ["${config.custom.containers.directory}/mastodon/config:/config"];
depends_on = [
"cache"
@ -46,7 +46,7 @@ in {
container_name = "mastodon-cache";
image = "redis:latest";
restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/mastodon/cache:/data"];
volumes = ["${config.custom.containers.directory}/mastodon/cache:/data"];
};
db.service = {
@ -54,7 +54,7 @@ in {
env_file = [config.age.secrets."${config.custom.profile}/mastodon/db.env".path];
image = "postgres:15";
restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/mastodon/db:/var/lib/postgresql/data"];
volumes = ["${config.custom.containers.directory}/mastodon/db:/var/lib/postgresql/data"];
};
};
};

12
options/custom/settings/containers/nextcloud.nix → options/custom/containers/nextcloud.nix
View file

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.custom.settings.containers.nextcloud;
cfg = config.custom.containers.nextcloud;
in {
options.custom.settings.containers.nextcloud.enable = mkOption {default = false;};
options.custom.containers.nextcloud.enable = mkOption {default = false;};
config = mkIf cfg.enable {
age.secrets = let
@ -35,8 +35,8 @@ in {
restart = "unless-stopped";
volumes = [
"${config.custom.settings.containers.directory}/nextcloud/app:/var/www/html"
"${config.custom.settings.containers.directory}/nextcloud/data:/var/www/html/data"
"${config.custom.containers.directory}/nextcloud/app:/var/www/html"
"${config.custom.containers.directory}/nextcloud/data:/var/www/html/data"
];
depends_on = [
@ -63,7 +63,7 @@ in {
container_name = "nextcloud-cache";
image = "redis:latest";
restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/nextcloud/cache:/data"];
volumes = ["${config.custom.containers.directory}/nextcloud/cache:/data"];
};
db.service = {
@ -73,7 +73,7 @@ in {
restart = "unless-stopped";
volumes = [
"${config.custom.settings.containers.directory}/nextcloud/db:/var/lib/postgresql/data"
"${config.custom.containers.directory}/nextcloud/db:/var/lib/postgresql/data"
];
};
};

4
options/custom/settings/containers/redlib.nix → options/custom/containers/redlib.nix
View file

@ -4,9 +4,9 @@
...
}:
with lib; let
cfg = config.custom.settings.containers.redlib;
cfg = config.custom.containers.redlib;
in {
options.custom.settings.containers.redlib.enable = mkOption {default = false;};
options.custom.containers.redlib.enable = mkOption {default = false;};
config = mkIf cfg.enable {
#?? arion-redlib pull

4
options/custom/settings/containers/searxng/default.nix → options/custom/containers/searxng/default.nix
View file

@ -5,9 +5,9 @@
...
}:
with lib; let
cfg = config.custom.settings.containers.searxng;
cfg = config.custom.containers.searxng;
in {
options.custom.settings.containers.searxng.enable = mkOption {default = false;};
options.custom.containers.searxng.enable = mkOption {default = false;};
config = mkIf cfg.enable {
age.secrets = let

0
options/custom/settings/containers/searxng/limiter.toml → options/custom/containers/searxng/limiter.toml
View file

0
options/custom/settings/containers/searxng/settings.yml → options/custom/containers/searxng/settings.yml
View file

2
options/custom/desktops/hyprland/binds.nix
View file

@ -191,7 +191,7 @@ in {
(key "Up" "Super" "movewindow" "u")
(key "Up" "Super+Shift" "movewindoworgroup" "u")
(key "0" "Super" "exec" "${audio} --bypass")
(key "0" "Super" "exec" "${audio}")
(key "0" "Super+Shift" "exec" "${zoom}")
(key "1" "Ctrl+Alt" "exec" "lifx state --brightness 0.01")
(key "1" "Super" "workspace" "1")

4
options/custom/programs/vscode.nix
View file

@ -62,7 +62,6 @@ in {
ms-python.black-formatter
ms-python.debugpy
ms-python.isort
ms-python.python
natizyskunk.sftp
pkief.material-icon-theme
pkief.material-product-icons
@ -72,10 +71,11 @@ in {
vincaslt.highlight-matching-tag
]
++ (with (repo "vscode-marketplace"); [
# Some extensions go missing from open-vsx, so use official marketplace as fallback
#!! Some extensions go missing from open-vsx, so use official marketplace as fallback
# https://github.com/nix-community/nix-vscode-extensions?tab=readme-ov-file#note
bodil.blueprint-gtk
cormoran.disable-default-keybinding
ms-python.python
sirmspencer.vscode-autohide
]);
};

51
options/custom/services/samba.nix
View file

@ -13,32 +13,35 @@ in {
# https://gitlab.com/samba-team/samba
#!! User configuration is imperative
#?? sudo smbpasswd -a $USER
services.samba = {
enable = true;
openFirewall = true;
nmbd.enable = false;
nsswins = false;
services.samba =
if (versionAtLeast version "24.11")
then {
enable = true;
nmbd.enable = false;
nsswins = false;
openFirewall = true;
# https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
settings = {
Public.path = "/home/${config.custom.username}/Public";
SYNC.path = "/home/${config.custom.username}/SYNC";
# https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
settings = {
Public.path = "/home/${config.custom.username}/Public";
SYNC.path = "/home/${config.custom.username}/SYNC";
global = {
"allow insecure wide links" = "yes";
"browseable" = "no";
"follow symlinks" = "yes";
"force user" = config.custom.username;
"hostname lookups" = "yes";
"hosts allow" = "192.168.111.";
"inherit owner" = "unix only";
"inherit permissions" = "yes";
"logging" = "systemd";
"map to guest" = "bad password";
"wide links" = "yes";
"writeable" = "yes";
global = {
"allow insecure wide links" = "yes";
"browseable" = "no";
"follow symlinks" = "yes";
"force user" = config.custom.username;
"hostname lookups" = "yes";
"hosts allow" = "192.168.111.";
"inherit owner" = "unix only";
"inherit permissions" = "yes";
"logging" = "systemd";
"map to guest" = "bad password";
"wide links" = "yes";
"writeable" = "yes";
};
};
};
};
}
else {};
};
}

1
options/custom/settings/default.nix
View file

@ -25,7 +25,6 @@ with lib; {
(mkIf config.custom.full {
accounts.enable = true;
containers.enable = true;
vm.enable = true;
waydroid.enable = true;
})

12
profiles/sbc/default.nix
View file

@ -3,6 +3,12 @@
profile = "sbc";
programs.fastfetch.greet = true;
containers = {
enable = true;
boot = true;
homeassistant.enable = true;
};
services = {
tailscale.cert = true;
@ -27,12 +33,6 @@
settings = {
boot.u-boot = true;
networking.wifi = true;
containers = {
enable = true;
boot = true;
homeassistant.enable = true;
};
};
};
}

29
profiles/server/default.nix
View file

@ -3,6 +3,21 @@
profile = "server";
programs.fastfetch.greet = true;
containers = {
enable = true;
boot = true;
actualbudget.enable = true;
coturn.enable = true;
forgejo.enable = true;
foundryvtt.enable = true;
#// headscale.enable = true;
mastodon.enable = true;
netbox.enable = true;
nextcloud.enable = true;
redlib.enable = true;
searxng.enable = true;
};
services = {
caddy.enable = true;
matrix-conduit.enable = true;
@ -47,20 +62,6 @@
boot.systemd-boot = true;
mounts.enable = true;
users.myned.linger = true;
containers = {
enable = true;
boot = true;
actualbudget.enable = true;
coturn.enable = true;
forgejo.enable = true;
foundryvtt.enable = true;
#// headscale.enable = true;
mastodon.enable = true;
nextcloud.enable = true;
redlib.enable = true;
searxng.enable = true;
};
};
};
}