myned/nixos
myned/nixos
1
1
Fork 0
Code Issues Activity

nix: move settings.containers to top-level custom

Browse source 
Signed-off-by: Myned <dev@bjork.tech>
This commit is contained in:
Myned 2024-10-06 10:16:52 -05:00
parent 3e787c2cba
commit 0fe3308ef6
Signed by: myned
GPG key ID: C7224454F7881A34
19 changed files with 90 additions and 87 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
options/custom/settings/containers/actualbudget.nix → options/custom/containers/actualbudget.nix
View file

@ -4,9 +4,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers.actualbudget; cfg = config.custom.containers.actualbudget;
in { in {
options.custom.settings.containers.actualbudget.enable = mkOption {default = false;}; options.custom.containers.actualbudget.enable = mkOption {default = false;};
config = mkIf cfg.enable { config = mkIf cfg.enable {
#?? arion-actualbudget pull #?? arion-actualbudget pull
@ -21,7 +21,7 @@ in {
image = "actualbudget/actual-server:24.9.0"; image = "actualbudget/actual-server:24.9.0";
ports = ["5006:5006"]; ports = ["5006:5006"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/actualbudget/data:/data"]; volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"];
# TODO: Set up trusted proxies # TODO: Set up trusted proxies
}; };
}; };

8
options/custom/settings/containers/coturn.nix → options/custom/containers/coturn.nix
View file

@ -5,9 +5,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers.coturn; cfg = config.custom.containers.coturn;
in { in {
options.custom.settings.containers.coturn.enable = mkOption {default = false;}; options.custom.containers.coturn.enable = mkOption {default = false;};
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = let age.secrets = let
@ -33,7 +33,7 @@ in {
restart = "unless-stopped"; restart = "unless-stopped";
volumes = [ volumes = [
"${config.custom.settings.containers.directory}/coturn/coturn.conf:/etc/coturn/turnserver.conf" "${config.custom.containers.directory}/coturn/coturn.conf:/etc/coturn/turnserver.conf"
]; ];
}; };
}; };
@ -43,7 +43,7 @@ in {
# HACK: Copy with global read-only permissions in container directory which is assumed to be locked down # HACK: Copy with global read-only permissions in container directory which is assumed to be locked down
# https://github.com/moby/moby/issues/2259 # https://github.com/moby/moby/issues/2259
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"C ${config.custom.settings.containers.directory}/coturn/coturn.conf 0444 - - - ${ "C ${config.custom.containers.directory}/coturn/coturn.conf 0444 - - - ${
config.age.secrets."${config.custom.profile}/coturn/coturn.conf".path config.age.secrets."${config.custom.profile}/coturn/coturn.conf".path
}" }"
]; ];

6
options/custom/settings/containers/default.nix → options/custom/containers/default.nix
View file

@ -6,10 +6,10 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers; cfg = config.custom.containers;
in { in {
options.custom.settings.containers = { options.custom.containers = {
enable = mkOption {default = false;}; enable = mkOption {default = config.custom.full;};
boot = mkOption {default = false;}; boot = mkOption {default = false;};
directory = mkOption {default = "/containers";}; directory = mkOption {default = "/containers";};
docker = mkOption {default = true;}; docker = mkOption {default = true;};

8
options/custom/settings/containers/forgejo.nix → options/custom/containers/forgejo.nix
View file

@ -5,9 +5,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers.forgejo; cfg = config.custom.containers.forgejo;
in { in {
options.custom.settings.containers.forgejo.enable = mkOption {default = false;}; options.custom.containers.forgejo.enable = mkOption {default = false;};
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = let age.secrets = let
@ -38,7 +38,7 @@ in {
env_file = [config.age.secrets."${config.custom.profile}/forgejo/.env".path]; env_file = [config.age.secrets."${config.custom.profile}/forgejo/.env".path];
image = "codeberg.org/forgejo/forgejo:8"; image = "codeberg.org/forgejo/forgejo:8";
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/forgejo/data:/data"]; volumes = ["${config.custom.containers.directory}/forgejo/data:/data"];
ports = [ ports = [
"127.0.0.1:3333:3000" "127.0.0.1:3333:3000"
@ -51,7 +51,7 @@ in {
env_file = [config.age.secrets."${config.custom.profile}/forgejo/db.env".path]; env_file = [config.age.secrets."${config.custom.profile}/forgejo/db.env".path];
image = "postgres:15"; image = "postgres:15";
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/forgejo/db:/var/lib/postgresql/data"]; volumes = ["${config.custom.containers.directory}/forgejo/db:/var/lib/postgresql/data"];
}; };
}; };
}; };

6
options/custom/settings/containers/foundryvtt.nix → options/custom/containers/foundryvtt.nix
View file

@ -5,9 +5,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers.foundryvtt; cfg = config.custom.containers.foundryvtt;
in { in {
options.custom.settings.containers.foundryvtt.enable = mkOption {default = false;}; options.custom.containers.foundryvtt.enable = mkOption {default = false;};
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = let age.secrets = let
@ -31,7 +31,7 @@ in {
image = "felddy/foundryvtt:12"; image = "felddy/foundryvtt:12";
ports = ["127.0.0.1:30000:30000"]; ports = ["127.0.0.1:30000:30000"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/foundryvtt/data:/data"]; volumes = ["${config.custom.containers.directory}/foundryvtt/data:/data"];
}; };
}; };
}; };

8
options/custom/settings/containers/headscale.nix → options/custom/containers/headscale.nix
View file

@ -6,9 +6,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers.headscale; cfg = config.custom.containers.headscale;
in { in {
options.custom.settings.containers.headscale.enable = mkOption {default = false;}; options.custom.containers.headscale.enable = mkOption {default = false;};
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = let age.secrets = let
@ -43,8 +43,8 @@ in {
]; ];
volumes = [ volumes = [
"${config.custom.settings.containers.directory}/headscale/config:/etc/headscale" "${config.custom.containers.directory}/headscale/config:/etc/headscale"
"${config.custom.settings.containers.directory}/headscale/data:/var/lib/headscale" "${config.custom.containers.directory}/headscale/data:/var/lib/headscale"
# Minimum config.yaml # Minimum config.yaml
# https://github.com/juanfont/headscale/blob/main/config-example.yaml # https://github.com/juanfont/headscale/blob/main/config-example.yaml

6
options/custom/settings/containers/homeassistant.nix → options/custom/containers/homeassistant.nix
View file

@ -4,9 +4,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers.homeassistant; cfg = config.custom.containers.homeassistant;
in { in {
options.custom.settings.containers.homeassistant.enable = mkOption {default = false;}; options.custom.containers.homeassistant.enable = mkOption {default = false;};
config = mkIf cfg.enable { config = mkIf cfg.enable {
#?? arion-homeassistant pull #?? arion-homeassistant pull
@ -21,7 +21,7 @@ in {
image = "homeassistant/home-assistant:2024.9.1"; image = "homeassistant/home-assistant:2024.9.1";
ports = ["8123:8123"]; ports = ["8123:8123"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/homeassistant/config:/config"]; volumes = ["${config.custom.containers.directory}/homeassistant/config:/config"];
}; };
}; };
}; };

10
options/custom/settings/containers/mastodon.nix → options/custom/containers/mastodon.nix
View file

@ -5,9 +5,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers.mastodon; cfg = config.custom.containers.mastodon;
in { in {
options.custom.settings.containers.mastodon.enable = mkOption {default = false;}; options.custom.containers.mastodon.enable = mkOption {default = false;};
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = let age.secrets = let
@ -34,7 +34,7 @@ in {
image = "lscr.io/linuxserver/mastodon:4.2.12"; image = "lscr.io/linuxserver/mastodon:4.2.12";
ports = ["3000:443"]; ports = ["3000:443"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/mastodon/config:/config"]; volumes = ["${config.custom.containers.directory}/mastodon/config:/config"];
depends_on = [ depends_on = [
"cache" "cache"
@ -46,7 +46,7 @@ in {
container_name = "mastodon-cache"; container_name = "mastodon-cache";
image = "redis:latest"; image = "redis:latest";
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/mastodon/cache:/data"]; volumes = ["${config.custom.containers.directory}/mastodon/cache:/data"];
}; };
db.service = { db.service = {
@ -54,7 +54,7 @@ in {
env_file = [config.age.secrets."${config.custom.profile}/mastodon/db.env".path]; env_file = [config.age.secrets."${config.custom.profile}/mastodon/db.env".path];
image = "postgres:15"; image = "postgres:15";
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/mastodon/db:/var/lib/postgresql/data"]; volumes = ["${config.custom.containers.directory}/mastodon/db:/var/lib/postgresql/data"];
}; };
}; };
}; };

12
options/custom/settings/containers/nextcloud.nix → options/custom/containers/nextcloud.nix
View file

@ -5,9 +5,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers.nextcloud; cfg = config.custom.containers.nextcloud;
in { in {
options.custom.settings.containers.nextcloud.enable = mkOption {default = false;}; options.custom.containers.nextcloud.enable = mkOption {default = false;};
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = let age.secrets = let
@ -35,8 +35,8 @@ in {
restart = "unless-stopped"; restart = "unless-stopped";
volumes = [ volumes = [
"${config.custom.settings.containers.directory}/nextcloud/app:/var/www/html" "${config.custom.containers.directory}/nextcloud/app:/var/www/html"
"${config.custom.settings.containers.directory}/nextcloud/data:/var/www/html/data" "${config.custom.containers.directory}/nextcloud/data:/var/www/html/data"
]; ];
depends_on = [ depends_on = [
@ -63,7 +63,7 @@ in {
container_name = "nextcloud-cache"; container_name = "nextcloud-cache";
image = "redis:latest"; image = "redis:latest";
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.settings.containers.directory}/nextcloud/cache:/data"]; volumes = ["${config.custom.containers.directory}/nextcloud/cache:/data"];
}; };
db.service = { db.service = {
@ -73,7 +73,7 @@ in {
restart = "unless-stopped"; restart = "unless-stopped";
volumes = [ volumes = [
"${config.custom.settings.containers.directory}/nextcloud/db:/var/lib/postgresql/data" "${config.custom.containers.directory}/nextcloud/db:/var/lib/postgresql/data"
]; ];
}; };
}; };

4
options/custom/settings/containers/redlib.nix → options/custom/containers/redlib.nix
View file

@ -4,9 +4,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers.redlib; cfg = config.custom.containers.redlib;
in { in {
options.custom.settings.containers.redlib.enable = mkOption {default = false;}; options.custom.containers.redlib.enable = mkOption {default = false;};
config = mkIf cfg.enable { config = mkIf cfg.enable {
#?? arion-redlib pull #?? arion-redlib pull

4
options/custom/settings/containers/searxng/default.nix → options/custom/containers/searxng/default.nix
View file

@ -5,9 +5,9 @@
... ...
}: }:
with lib; let with lib; let
cfg = config.custom.settings.containers.searxng; cfg = config.custom.containers.searxng;
in { in {
options.custom.settings.containers.searxng.enable = mkOption {default = false;}; options.custom.containers.searxng.enable = mkOption {default = false;};
config = mkIf cfg.enable { config = mkIf cfg.enable {
age.secrets = let age.secrets = let

0
options/custom/settings/containers/searxng/limiter.toml → options/custom/containers/searxng/limiter.toml
View file

0
options/custom/settings/containers/searxng/settings.yml → options/custom/containers/searxng/settings.yml
View file

2
options/custom/desktops/hyprland/binds.nix
View file

@ -191,7 +191,7 @@ in {
(key "Up" "Super" "movewindow" "u") (key "Up" "Super" "movewindow" "u")
(key "Up" "Super+Shift" "movewindoworgroup" "u") (key "Up" "Super+Shift" "movewindoworgroup" "u")
(key "0" "Super" "exec" "${audio} --bypass") (key "0" "Super" "exec" "${audio}")
(key "0" "Super+Shift" "exec" "${zoom}") (key "0" "Super+Shift" "exec" "${zoom}")
(key "1" "Ctrl+Alt" "exec" "lifx state --brightness 0.01") (key "1" "Ctrl+Alt" "exec" "lifx state --brightness 0.01")
(key "1" "Super" "workspace" "1") (key "1" "Super" "workspace" "1")

4
options/custom/programs/vscode.nix
View file

@ -62,7 +62,6 @@ in {
ms-python.black-formatter ms-python.black-formatter
ms-python.debugpy ms-python.debugpy
ms-python.isort ms-python.isort
ms-python.python
natizyskunk.sftp natizyskunk.sftp
pkief.material-icon-theme pkief.material-icon-theme
pkief.material-product-icons pkief.material-product-icons
@ -72,10 +71,11 @@ in {
vincaslt.highlight-matching-tag vincaslt.highlight-matching-tag
] ]
++ (with (repo "vscode-marketplace"); [ ++ (with (repo "vscode-marketplace"); [
# Some extensions go missing from open-vsx, so use official marketplace as fallback #!! Some extensions go missing from open-vsx, so use official marketplace as fallback
# https://github.com/nix-community/nix-vscode-extensions?tab=readme-ov-file#note # https://github.com/nix-community/nix-vscode-extensions?tab=readme-ov-file#note
bodil.blueprint-gtk bodil.blueprint-gtk
cormoran.disable-default-keybinding cormoran.disable-default-keybinding
ms-python.python
sirmspencer.vscode-autohide sirmspencer.vscode-autohide
]); ]);
}; };

51
options/custom/services/samba.nix
View file

@ -13,32 +13,35 @@ in {
# https://gitlab.com/samba-team/samba # https://gitlab.com/samba-team/samba
#!! User configuration is imperative #!! User configuration is imperative
#?? sudo smbpasswd -a $USER #?? sudo smbpasswd -a $USER
services.samba = { services.samba =
enable = true; if (versionAtLeast version "24.11")
openFirewall = true; then {
nmbd.enable = false; enable = true;
nsswins = false; nmbd.enable = false;
nsswins = false;
openFirewall = true;
# https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html # https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html
settings = { settings = {
Public.path = "/home/${config.custom.username}/Public"; Public.path = "/home/${config.custom.username}/Public";
SYNC.path = "/home/${config.custom.username}/SYNC"; SYNC.path = "/home/${config.custom.username}/SYNC";
global = { global = {
"allow insecure wide links" = "yes"; "allow insecure wide links" = "yes";
"browseable" = "no"; "browseable" = "no";
"follow symlinks" = "yes"; "follow symlinks" = "yes";
"force user" = config.custom.username; "force user" = config.custom.username;
"hostname lookups" = "yes"; "hostname lookups" = "yes";
"hosts allow" = "192.168.111."; "hosts allow" = "192.168.111.";
"inherit owner" = "unix only"; "inherit owner" = "unix only";
"inherit permissions" = "yes"; "inherit permissions" = "yes";
"logging" = "systemd"; "logging" = "systemd";
"map to guest" = "bad password"; "map to guest" = "bad password";
"wide links" = "yes"; "wide links" = "yes";
"writeable" = "yes"; "writeable" = "yes";
};
}; };
}; }
}; else {};
}; };
} }

1
options/custom/settings/default.nix
View file

@ -25,7 +25,6 @@ with lib; {
(mkIf config.custom.full { (mkIf config.custom.full {
accounts.enable = true; accounts.enable = true;
containers.enable = true;
vm.enable = true; vm.enable = true;
waydroid.enable = true; waydroid.enable = true;
}) })

12
profiles/sbc/default.nix
View file

@ -3,6 +3,12 @@
profile = "sbc"; profile = "sbc";
programs.fastfetch.greet = true; programs.fastfetch.greet = true;
containers = {
enable = true;
boot = true;
homeassistant.enable = true;
};
services = { services = {
tailscale.cert = true; tailscale.cert = true;
@ -27,12 +33,6 @@
settings = { settings = {
boot.u-boot = true; boot.u-boot = true;
networking.wifi = true; networking.wifi = true;
containers = {
enable = true;
boot = true;
homeassistant.enable = true;
};
}; };
}; };
} }

29
profiles/server/default.nix
View file

@ -3,6 +3,21 @@
profile = "server"; profile = "server";
programs.fastfetch.greet = true; programs.fastfetch.greet = true;
containers = {
enable = true;
boot = true;
actualbudget.enable = true;
coturn.enable = true;
forgejo.enable = true;
foundryvtt.enable = true;
#// headscale.enable = true;
mastodon.enable = true;
netbox.enable = true;
nextcloud.enable = true;
redlib.enable = true;
searxng.enable = true;
};
services = { services = {
caddy.enable = true; caddy.enable = true;
matrix-conduit.enable = true; matrix-conduit.enable = true;
@ -47,20 +62,6 @@
boot.systemd-boot = true; boot.systemd-boot = true;
mounts.enable = true; mounts.enable = true;
users.myned.linger = true; users.myned.linger = true;
containers = {
enable = true;
boot = true;
actualbudget.enable = true;
coturn.enable = true;
forgejo.enable = true;
foundryvtt.enable = true;
#// headscale.enable = true;
mastodon.enable = true;
nextcloud.enable = true;
redlib.enable = true;
searxng.enable = true;
};
}; };
}; };
} }