ops/nixos: factor out various things from clouvider-fra01

2022-01-23 16:58:29 +00:00 · 2022-01-23 16:58:29 +00:00 · 3eb564f12b
commit 3eb564f12b
parent a8b1b57b85
5 changed files with 74 additions and 39 deletions
--- a/ops/nixos/clouvider-fra01/default.nix
+++ b/ops/nixos/clouvider-fra01/default.nix
@ -51,6 +51,7 @@ in {
    ../lib/bgp.nix
    ../lib/ts3spotifybot.nix
    ../lib/coredns/default.nix
+    ../lib/plex.nix
  ];

  boot.initrd.availableKernelModules = [
@ -134,19 +135,9 @@ in {
  # Define a user account.
  users.mutableUsers = false;
  users.users = {
-    lukegb.extraGroups = [ "wheel" "content" "deluge" ];
-    content = {
-      isSystemUser = true;
-      group = "content";
-    };
-    plex.extraGroups = [ "content" ];
-    deluge.extraGroups = [ "content" ];
    sonarr.extraGroups = [ "deluge" "content" ];
    radarr.extraGroups = [ "deluge" "content" ];
  } // (lib.setAttrByPath [ config.services.nginx.user "extraGroups" ] [ "acme" ]);
-  users.groups = {
-    content = {};
-  };

  services.openssh.hostKeys = [
    {
@ -160,32 +151,6 @@ in {
    }
  ];

-  services.plex = {
-    enable = true;
-    dataDir = "/store/plex";
-    openFirewall = true;
-    package = depot.nix.pkgs.plex-pass;
-  };
-
-  services.deluge = {
-    enable = true;
-    declarative = true;
-    openFirewall = true;
-    dataDir = "/store/deluge";
-    config = {
-      upnp = false;
-      natpmp = false;
-      max_active_seeding = 900;
-      max_active_downloading = 100;
-      max_active_limit = 1000;
-      move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ];
-      enabled_plugins = [ "Label" ];
-    };
-    authFile = machineSecrets.delugeAuthFile;
-
-    web.enable = true;
-    package = depot.pkgs.deluge;
-  };
  services.sonarr = {
    enable = true;
  };
@ -197,9 +162,6 @@ in {
    enable = true;
    virtualHosts = vhosts;
  };
-  systemd.services.nginx.serviceConfig = {
-    SupplementaryGroups = [ "content" ];
-  };

  services.ipfs = {
    enable = true;
--- a/ops/nixos/lib/content.nix
+++ b/ops/nixos/lib/content.nix
@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ ... }:
+{
+  users.users.content = {
+    isSystemUser = true;
+    group = "content";
+  };
+  users.groups.content = {};
+
+  users.users.lukegb.extraGroups = [ "content" ];
+
+  systemd.services.nginx.serviceConfig = {
+    SupplementaryGroups = [ "content" ];
+  };
+}
--- a/ops/nixos/lib/deluge.nix
+++ b/ops/nixos/lib/deluge.nix
@ -0,0 +1,35 @@
+# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ depot, lib, pkgs, rebuilder, config, ... }:
+let
+  inherit (depot.ops) secrets;
+in {
+  imports = [
+    ./content.nix
+  ];
+
+  users.users.deluge.extraGroups = [ "content" ];
+  users.users.lukegb.extraGroups = [ "deluge" ];
+
+  services.deluge = {
+    enable = true;
+    declarative = true;
+    openFirewall = true;
+    dataDir = "/store/deluge";
+    config = {
+      upnp = false;
+      natpmp = false;
+      max_active_seeding = 900;
+      max_active_downloading = 100;
+      max_active_limit = 1000;
+      move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ];
+      enabled_plugins = [ "Label" ];
+    };
+    authFile = secrets.deluge.authFile;
+
+    web.enable = true;
+    package = depot.pkgs.deluge;
+  };
+}
--- a/ops/nixos/lib/plex.nix
+++ b/ops/nixos/lib/plex.nix
@ -0,0 +1,19 @@
+# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ depot, ... }:
+{
+  imports = [
+    ./content.nix
+  ];
+
+  users.users.plex.extraGroups = [ "content" ];
+
+  services.plex = {
+    enable = true;
+    dataDir = "/store/plex";
+    openFirewall = true;
+    package = depot.nix.pkgs.plex-pass;
+  };
+}
--- a/ops/nixos/totoro/default.nix
+++ b/ops/nixos/totoro/default.nix
@ -13,6 +13,7 @@ in {
    ../lib/twitternuke.nix
    ../lib/quotes.bfob.gg.nix
    ../lib/baserow.nix
+    ../lib/plex.nix
    ./home-assistant.nix
  ];