ops/nixos: factor out various things from clouvider-fra01

This commit is contained in:
Luke Granger-Brown 2022-01-23 16:58:29 +00:00
parent a8b1b57b85
commit 3eb564f12b
5 changed files with 74 additions and 39 deletions

View file

@ -51,6 +51,7 @@ in {
../lib/bgp.nix ../lib/bgp.nix
../lib/ts3spotifybot.nix ../lib/ts3spotifybot.nix
../lib/coredns/default.nix ../lib/coredns/default.nix
../lib/plex.nix
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
@ -134,19 +135,9 @@ in {
# Define a user account. # Define a user account.
users.mutableUsers = false; users.mutableUsers = false;
users.users = { users.users = {
lukegb.extraGroups = [ "wheel" "content" "deluge" ];
content = {
isSystemUser = true;
group = "content";
};
plex.extraGroups = [ "content" ];
deluge.extraGroups = [ "content" ];
sonarr.extraGroups = [ "deluge" "content" ]; sonarr.extraGroups = [ "deluge" "content" ];
radarr.extraGroups = [ "deluge" "content" ]; radarr.extraGroups = [ "deluge" "content" ];
} // (lib.setAttrByPath [ config.services.nginx.user "extraGroups" ] [ "acme" ]); } // (lib.setAttrByPath [ config.services.nginx.user "extraGroups" ] [ "acme" ]);
users.groups = {
content = {};
};
services.openssh.hostKeys = [ services.openssh.hostKeys = [
{ {
@ -160,32 +151,6 @@ in {
} }
]; ];
services.plex = {
enable = true;
dataDir = "/store/plex";
openFirewall = true;
package = depot.nix.pkgs.plex-pass;
};
services.deluge = {
enable = true;
declarative = true;
openFirewall = true;
dataDir = "/store/deluge";
config = {
upnp = false;
natpmp = false;
max_active_seeding = 900;
max_active_downloading = 100;
max_active_limit = 1000;
move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ];
enabled_plugins = [ "Label" ];
};
authFile = machineSecrets.delugeAuthFile;
web.enable = true;
package = depot.pkgs.deluge;
};
services.sonarr = { services.sonarr = {
enable = true; enable = true;
}; };
@ -197,9 +162,6 @@ in {
enable = true; enable = true;
virtualHosts = vhosts; virtualHosts = vhosts;
}; };
systemd.services.nginx.serviceConfig = {
SupplementaryGroups = [ "content" ];
};
services.ipfs = { services.ipfs = {
enable = true; enable = true;

18
ops/nixos/lib/content.nix Normal file
View file

@ -0,0 +1,18 @@
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ ... }:
{
users.users.content = {
isSystemUser = true;
group = "content";
};
users.groups.content = {};
users.users.lukegb.extraGroups = [ "content" ];
systemd.services.nginx.serviceConfig = {
SupplementaryGroups = [ "content" ];
};
}

35
ops/nixos/lib/deluge.nix Normal file
View file

@ -0,0 +1,35 @@
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, lib, pkgs, rebuilder, config, ... }:
let
inherit (depot.ops) secrets;
in {
imports = [
./content.nix
];
users.users.deluge.extraGroups = [ "content" ];
users.users.lukegb.extraGroups = [ "deluge" ];
services.deluge = {
enable = true;
declarative = true;
openFirewall = true;
dataDir = "/store/deluge";
config = {
upnp = false;
natpmp = false;
max_active_seeding = 900;
max_active_downloading = 100;
max_active_limit = 1000;
move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ];
enabled_plugins = [ "Label" ];
};
authFile = secrets.deluge.authFile;
web.enable = true;
package = depot.pkgs.deluge;
};
}

19
ops/nixos/lib/plex.nix Normal file
View file

@ -0,0 +1,19 @@
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ depot, ... }:
{
imports = [
./content.nix
];
users.users.plex.extraGroups = [ "content" ];
services.plex = {
enable = true;
dataDir = "/store/plex";
openFirewall = true;
package = depot.nix.pkgs.plex-pass;
};
}

View file

@ -13,6 +13,7 @@ in {
../lib/twitternuke.nix ../lib/twitternuke.nix
../lib/quotes.bfob.gg.nix ../lib/quotes.bfob.gg.nix
../lib/baserow.nix ../lib/baserow.nix
../lib/plex.nix
./home-assistant.nix ./home-assistant.nix
]; ];