alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-25 13:51:54 -05:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

nixos/navidrome: configure secrets before running navidrome

Browse source
This commit is contained in:
Aly Raffauf 2024-07-05 13:01:09 -04:00
parent db40755c05
commit 4e150dd5c2
1 changed files with 45 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
nixosModules/services/navidrome/default.nix
View file

@ -5,12 +5,33 @@
... ...
}: { }: {
config = lib.mkIf config.ar.services.navidrome.enable { config = lib.mkIf config.ar.services.navidrome.enable {
age.secrets.lastFMApiKey.file = ../../../secrets/lastFM/apiKey.age; age.secrets = let
age.secrets.lastFMSecret.file = ../../../secrets/lastFM/secret.age; owner = "navidrome";
age.secrets.spotifyClientId.file = ../../../secrets/spotify/clientId.age; in {
age.secrets.spotifyClientSecret.file = ../../../secrets/spotify/clientSecret.age; lastFMApiKey = {
inherit owner;
file = ../../../secrets/lastFM/apiKey.age;
};
system.activationScripts."navidrome-secrets" = let lastFMSecret = {
inherit owner;
file = ../../../secrets/lastFM/secret.age;
};
spotifyClientId = {
inherit owner;
file = ../../../secrets/spotify/clientId.age;
};
spotifyClientSecret = {
inherit owner;
file = ../../../secrets/spotify/clientSecret.age;
};
};
services.navidrome.enable = true;
systemd.services.navidrome.serviceConfig = let
navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} { navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {
Address = "0.0.0.0"; Address = "0.0.0.0";
DefaultTheme = "Auto"; DefaultTheme = "Auto";
@ -25,26 +46,30 @@
"LastFM.Secret" = "@lastFMSecret@"; "LastFM.Secret" = "@lastFMSecret@";
"LastFM.Language" = "en"; "LastFM.Language" = "en";
}); });
in ''
lastFMApiKey=$(cat "${config.age.secrets.lastFMApiKey.path}")
lastFMSecret=$(cat "${config.age.secrets.lastFMSecret.path}")
spotifyClientId=$(cat "${config.age.secrets.spotifyClientId.path}")
spotifyClientSecret=$(cat "${config.age.secrets.spotifyClientSecret.path}")
${pkgs.gnused}/bin/sed -e "s/@lastFMApiKey@/$lastFMApiKey/" -e "s/@lastFMSecret@/$lastFMSecret/" \
-e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \
${navidromeConfig} > /var/lib/navidrome/navidrome.json
'';
systemd.services.navidrome.serviceConfig = { navidrome-secrets = pkgs.writeShellScript "navidrome-secrets" ''
BindReadOnlyPaths = "${config.ar.services.navidrome.musicDirectory}"; lastFMApiKey=$(cat "${config.age.secrets.lastFMApiKey.path}")
lastFMSecret=$(cat "${config.age.secrets.lastFMSecret.path}")
spotifyClientId=$(cat "${config.age.secrets.spotifyClientId.path}")
spotifyClientSecret=$(cat "${config.age.secrets.spotifyClientSecret.path}")
${pkgs.gnused}/bin/sed -e "s/@lastFMApiKey@/$lastFMApiKey/" -e "s/@lastFMSecret@/$lastFMSecret/" \
-e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \
${navidromeConfig} > /var/lib/navidrome/navidrome.json
'';
in {
BindReadOnlyPaths = [
config.age.secrets.lastFMApiKey.path
config.age.secrets.lastFMSecret.path
config.age.secrets.spotifyClientId.path
config.age.secrets.spotifyClientSecret.path
config.ar.services.navidrome.musicDirectory
];
ExecStartPre = navidrome-secrets;
ExecStart = lib.mkForce '' ExecStart = lib.mkForce ''
${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \ ${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \
--datafolder /var/lib/navidrome/ --datafolder /var/lib/navidrome/
''; '';
}; };
services.navidrome = {
enable = true;
};
}; };
} }