nixcfg/hosts/mauville/raffauflabs.nix

{
  config,
  lib,
  pkgs,
  ...
}: let
  audiobookshelf.port = 13378;
  domain = "raffauflabs.com";
  mediaDirectory = "/mnt/Media";
  musicDirectory = "${mediaDirectory}/Music";

  navidrome = {
    port = 4533;

    lastfm = {
      idFile = config.age.secrets.lastfmId.path;
      secretFile = config.age.secrets.lastfmSecret.path;
    };

    spotify = {
      idFile = config.age.secrets.spotifyId.path;
      secretFile = config.age.secrets.spotifySecret.path;
    };
  };

  transmission = {
    port = 9091;
    bitTorrentPort = 5143;
  };
in {
  networking = {
    firewall.allowedTCPPorts = [80 443 3000];
  };

  services = {
    audiobookshelf = {
      enable = true;
      host = "0.0.0.0";
      openFirewall = true;
      port = audiobookshelf.port;
    };

    forgejo = {
      enable = true;
      lfs.enable = true;

      settings = {
        actions = {
          ENABLED = true;
          DEFAULT_ACTIONS_URL = "https://github.com";
        };

        cron = {
          ENABLED = true;
          RUN_AT_START = false;
        };

        DEFAULT.APP_NAME = "Forĝejo";

        repository = {
          DEFAULT_BRANCH = "master";
          ENABLE_PUSH_CREATE_ORG = true;
          ENABLE_PUSH_CREATE_USER = true;
          PREFERRED_LICENSES = "GPL-3.0";
        };

        federation.ENABLED = true;
        picture.ENABLE_FEDERATED_AVATAR = true;
        security.PASSWORD_CHECK_PWN = true;

        server = {
          LANDING_PAGE = "explore";
          ROOT_URL = "https://git.${domain}/";
        };

        service = {
          ALLOW_ONLY_INTERNAL_REGISTRATION = true;
          DISABLE_REGISTRATION = true;
          ENABLE_NOTIFY_MAIL = true;
        };

        session.COOKIE_SECURE = true;

        ui.DEFAULT_THEME = "forgejo-auto";
        "ui.meta" = {
          AUTHOR = "Forĝejo @ ${domain}";
          DESCRIPTION = "Self-hosted git forge for projects + toys.";
          KEYWORDS = "git,source code,forge,forĝejo,aly raffauf";
        };
      };
    };

    navidrome = {
      enable = true;
      openFirewall = true;
    };

    plex = {
      enable = true;
      openFirewall = true;
    };

    transmission = {
      enable = true;
      credentialsFile = config.age.secrets.transmission.path;
      openFirewall = true;
      openRPCPort = true;

      settings = {
        download-dir = mediaDirectory;
        peer-port = transmission.bitTorrentPort;
        rpc-bind-address = "0.0.0.0";
        rpc-port = transmission.port;
      };
    };
  };

  systemd.services.navidrome.serviceConfig = let
    navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {
      Address = "0.0.0.0";
      DefaultTheme = "Auto";
      MusicFolder = musicDirectory;
      Port = navidrome.port;
      SubsonicArtistParticipations = true;
      UIWelcomeMessage = "Welcome to Navidrome @ ${domain}";
      "Spotify.ID" = "@spotifyClientId@";
      "Spotify.Secret" = "@spotifyClientSecret@";
      "LastFM.Enabled" = true;
      "LastFM.ApiKey" = "@lastFMApiKey@";
      "LastFM.Secret" = "@lastFMSecret@";
      "LastFM.Language" = "en";
    });

    navidrome-secrets = pkgs.writeShellScript "navidrome-secrets" ''
      lastFMApiKey=$(cat "${navidrome.lastfm.idFile}")
      lastFMSecret=$(cat "${navidrome.lastfm.secretFile}")
      spotifyClientId=$(cat "${navidrome.spotify.idFile}")
      spotifyClientSecret=$(cat "${navidrome.spotify.secretFile}")
      ${pkgs.gnused}/bin/sed -e "s/@lastFMApiKey@/$lastFMApiKey/" -e "s/@lastFMSecret@/$lastFMSecret/" \
        -e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \
        ${navidromeConfig} > /var/lib/navidrome/navidrome.json
    '';
  in {
    BindReadOnlyPaths = [
      navidrome.lastfm.idFile
      navidrome.lastfm.secretFile
      navidrome.spotify.idFile
      navidrome.spotify.secretFile
      musicDirectory
    ];

    ExecStartPre = navidrome-secrets;
    ExecStart = lib.mkForce ''
      ${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \
        --datafolder /var/lib/navidrome/
    '';
  };
}
migrate from raffauflabs flake and drop dependency (#102) * migrate from raffauflabs and drop dependency * slateport/nginx: fix forĝejo url 2024-08-26 18:35:57 -04:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}: let`
			`audiobookshelf.port = 13378;`
			`domain = "raffauflabs.com";`
			`mediaDirectory = "/mnt/Media";`
			`musicDirectory = "${mediaDirectory}/Music";`

			`navidrome = {`
			`port = 4533;`

			`lastfm = {`
			`idFile = config.age.secrets.lastfmId.path;`
			`secretFile = config.age.secrets.lastfmSecret.path;`
			`};`

			`spotify = {`
			`idFile = config.age.secrets.spotifyId.path;`
			`secretFile = config.age.secrets.spotifySecret.path;`
			`};`
			`};`

			`transmission = {`
			`port = 9091;`
			`bitTorrentPort = 5143;`
			`};`
			`in {`
mauville: open firewall for abs, forĝejo, and navidrome 2024-08-26 21:17:30 -04:00			`networking = {`
			`firewall.allowedTCPPorts = [80 443 3000];`
			`};`

migrate from raffauflabs flake and drop dependency (#102) * migrate from raffauflabs and drop dependency * slateport/nginx: fix forĝejo url 2024-08-26 18:35:57 -04:00			`services = {`
			`audiobookshelf = {`
			`enable = true;`
mauville: swap host and enable navidrome 2024-08-26 20:53:11 -04:00			`host = "0.0.0.0";`
mauville: open firewall for abs, forĝejo, and navidrome 2024-08-26 21:17:30 -04:00			`openFirewall = true;`
migrate from raffauflabs flake and drop dependency (#102) * migrate from raffauflabs and drop dependency * slateport/nginx: fix forĝejo url 2024-08-26 18:35:57 -04:00			`port = audiobookshelf.port;`
			`};`

			`forgejo = {`
			`enable = true;`
			`lfs.enable = true;`

			`settings = {`
			`actions = {`
			`ENABLED = true;`
			`DEFAULT_ACTIONS_URL = "https://github.com";`
			`};`

			`cron = {`
			`ENABLED = true;`
			`RUN_AT_START = false;`
			`};`

			`DEFAULT.APP_NAME = "Forĝejo";`

			`repository = {`
			`DEFAULT_BRANCH = "master";`
			`ENABLE_PUSH_CREATE_ORG = true;`
			`ENABLE_PUSH_CREATE_USER = true;`
			`PREFERRED_LICENSES = "GPL-3.0";`
			`};`

			`federation.ENABLED = true;`
			`picture.ENABLE_FEDERATED_AVATAR = true;`
			`security.PASSWORD_CHECK_PWN = true;`

			`server = {`
			`LANDING_PAGE = "explore";`
			`ROOT_URL = "https://git.${domain}/";`
			`};`

			`service = {`
			`ALLOW_ONLY_INTERNAL_REGISTRATION = true;`
			`DISABLE_REGISTRATION = true;`
			`ENABLE_NOTIFY_MAIL = true;`
			`};`

			`session.COOKIE_SECURE = true;`

			`ui.DEFAULT_THEME = "forgejo-auto";`
			`"ui.meta" = {`
			`AUTHOR = "Forĝejo @ ${domain}";`
			`DESCRIPTION = "Self-hosted git forge for projects + toys.";`
			`KEYWORDS = "git,source code,forge,forĝejo,aly raffauf";`
			`};`
			`};`
			`};`

mauville: open firewall for abs, forĝejo, and navidrome 2024-08-26 21:17:30 -04:00			`navidrome = {`
			`enable = true;`
			`openFirewall = true;`
			`};`
mauville: swap host and enable navidrome 2024-08-26 20:53:11 -04:00
migrate from raffauflabs flake and drop dependency (#102) * migrate from raffauflabs and drop dependency * slateport/nginx: fix forĝejo url 2024-08-26 18:35:57 -04:00			`plex = {`
			`enable = true;`
			`openFirewall = true;`
			`};`

			`transmission = {`
			`enable = true;`
			`credentialsFile = config.age.secrets.transmission.path;`
			`openFirewall = true;`
			`openRPCPort = true;`

			`settings = {`
			`download-dir = mediaDirectory;`
			`peer-port = transmission.bitTorrentPort;`
			`rpc-bind-address = "0.0.0.0";`
			`rpc-port = transmission.port;`
			`};`
			`};`
			`};`

			`systemd.services.navidrome.serviceConfig = let`
			`navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {`
			`Address = "0.0.0.0";`
			`DefaultTheme = "Auto";`
			`MusicFolder = musicDirectory;`
			`Port = navidrome.port;`
			`SubsonicArtistParticipations = true;`
			`UIWelcomeMessage = "Welcome to Navidrome @ ${domain}";`
			`"Spotify.ID" = "@spotifyClientId@";`
			`"Spotify.Secret" = "@spotifyClientSecret@";`
			`"LastFM.Enabled" = true;`
			`"LastFM.ApiKey" = "@lastFMApiKey@";`
			`"LastFM.Secret" = "@lastFMSecret@";`
			`"LastFM.Language" = "en";`
			`});`

			`navidrome-secrets = pkgs.writeShellScript "navidrome-secrets" ''`
			`lastFMApiKey=$(cat "${navidrome.lastfm.idFile}")`
			`lastFMSecret=$(cat "${navidrome.lastfm.secretFile}")`
			`spotifyClientId=$(cat "${navidrome.spotify.idFile}")`
			`spotifyClientSecret=$(cat "${navidrome.spotify.secretFile}")`
			`${pkgs.gnused}/bin/sed -e "s/@lastFMApiKey@/$lastFMApiKey/" -e "s/@lastFMSecret@/$lastFMSecret/" \`
			`-e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \`
			`${navidromeConfig} > /var/lib/navidrome/navidrome.json`
			`'';`
			`in {`
			`BindReadOnlyPaths = [`
			`navidrome.lastfm.idFile`
			`navidrome.lastfm.secretFile`
			`navidrome.spotify.idFile`
			`navidrome.spotify.secretFile`
			`musicDirectory`
			`];`

			`ExecStartPre = navidrome-secrets;`
			`ExecStart = lib.mkForce ''`
			`${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \`
			`--datafolder /var/lib/navidrome/`
			`'';`
			`};`
			`}`