nixcfg/hosts/mauville/raffauflabs.nix

159 lines
4 KiB
Nix

{
config,
lib,
pkgs,
...
}: let
audiobookshelf.port = 13378;
domain = "raffauflabs.com";
mediaDirectory = "/mnt/Media";
musicDirectory = "${mediaDirectory}/Music";
navidrome = {
port = 4533;
lastfm = {
idFile = config.age.secrets.lastfmId.path;
secretFile = config.age.secrets.lastfmSecret.path;
};
spotify = {
idFile = config.age.secrets.spotifyId.path;
secretFile = config.age.secrets.spotifySecret.path;
};
};
transmission = {
port = 9091;
bitTorrentPort = 5143;
};
in {
networking = {
firewall.allowedTCPPorts = [80 443 3000];
};
services = {
audiobookshelf = {
enable = true;
host = "0.0.0.0";
openFirewall = true;
port = audiobookshelf.port;
};
forgejo = {
enable = true;
lfs.enable = true;
settings = {
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://github.com";
};
cron = {
ENABLED = true;
RUN_AT_START = false;
};
DEFAULT.APP_NAME = "Forĝejo";
repository = {
DEFAULT_BRANCH = "master";
ENABLE_PUSH_CREATE_ORG = true;
ENABLE_PUSH_CREATE_USER = true;
PREFERRED_LICENSES = "GPL-3.0";
};
federation.ENABLED = true;
picture.ENABLE_FEDERATED_AVATAR = true;
security.PASSWORD_CHECK_PWN = true;
server = {
LANDING_PAGE = "explore";
ROOT_URL = "https://git.${domain}/";
};
service = {
ALLOW_ONLY_INTERNAL_REGISTRATION = true;
DISABLE_REGISTRATION = true;
ENABLE_NOTIFY_MAIL = true;
};
session.COOKIE_SECURE = true;
ui.DEFAULT_THEME = "forgejo-auto";
"ui.meta" = {
AUTHOR = "Forĝejo @ ${domain}";
DESCRIPTION = "Self-hosted git forge for projects + toys.";
KEYWORDS = "git,source code,forge,forĝejo,aly raffauf";
};
};
};
navidrome = {
enable = true;
openFirewall = true;
};
plex = {
enable = true;
openFirewall = true;
};
transmission = {
enable = true;
credentialsFile = config.age.secrets.transmission.path;
openFirewall = true;
openRPCPort = true;
settings = {
download-dir = mediaDirectory;
peer-port = transmission.bitTorrentPort;
rpc-bind-address = "0.0.0.0";
rpc-port = transmission.port;
};
};
};
systemd.services.navidrome.serviceConfig = let
navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {
Address = "0.0.0.0";
DefaultTheme = "Auto";
MusicFolder = musicDirectory;
Port = navidrome.port;
SubsonicArtistParticipations = true;
UIWelcomeMessage = "Welcome to Navidrome @ ${domain}";
"Spotify.ID" = "@spotifyClientId@";
"Spotify.Secret" = "@spotifyClientSecret@";
"LastFM.Enabled" = true;
"LastFM.ApiKey" = "@lastFMApiKey@";
"LastFM.Secret" = "@lastFMSecret@";
"LastFM.Language" = "en";
});
navidrome-secrets = pkgs.writeShellScript "navidrome-secrets" ''
lastFMApiKey=$(cat "${navidrome.lastfm.idFile}")
lastFMSecret=$(cat "${navidrome.lastfm.secretFile}")
spotifyClientId=$(cat "${navidrome.spotify.idFile}")
spotifyClientSecret=$(cat "${navidrome.spotify.secretFile}")
${pkgs.gnused}/bin/sed -e "s/@lastFMApiKey@/$lastFMApiKey/" -e "s/@lastFMSecret@/$lastFMSecret/" \
-e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \
${navidromeConfig} > /var/lib/navidrome/navidrome.json
'';
in {
BindReadOnlyPaths = [
navidrome.lastfm.idFile
navidrome.lastfm.secretFile
navidrome.spotify.idFile
navidrome.spotify.secretFile
musicDirectory
];
ExecStartPre = navidrome-secrets;
ExecStart = lib.mkForce ''
${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \
--datafolder /var/lib/navidrome/
'';
};
}