dot013/nix
1
0
Fork 0
Code Issues Pull Requests Activity

chore(modules,nixos): remove unused modules

Browse Source
This commit is contained in:
Guz
2025-02-05 10:24:01 -03:00
parent d182f74520
commit bda700fb79
18 changed files with 0 additions and 1312 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/nixos/default.nix
View File

@@ -1,10 +0,0 @@
{...}: {
imports = [
./profiles
./services
./home-manager-helper.nix
./programs
];
options = {};
config = {};
}

257
modules/nixos/home-manager-helper.nix
View File

@@ -1,257 +0,0 @@
{
config,
inputs,
lib,
pkgs,
...
}:
with lib;
with lib.types; let
cfg = config.home-manager-helper;
subordinateUidRange = {
options = {
startUid = mkOption {
type = int;
};
count = mkOption {
type = int;
default = 1;
};
};
};
subordinateGidRange = {
options = {
startGid = mkOption {
type = int;
};
count = mkOption {
type = int;
default = 1;
};
};
};
in {
imports = [
inputs.home-manager.nixosModules.default
];
options.home-manager-helper = with lib;
with lib.types; {
enable = mkEnableOption "";
users = mkOption {
type =
attrsOf
(submodule
({
config,
name,
...
}: {
options = {
autoSubUidGidRange = mkOption {
type = bool;
default = false;
};
createHome = mkOption {
type = bool;
default = cfg.users.${name}.homeManager;
};
cryptHomeLuks = mkOption {
type = nullOr str;
default = null;
};
description = mkOption {
type = passwdEntry str;
default = "";
};
extraGroups = mkOption {
type = listOf str;
default = [];
};
group = mkOption {
type = str;
default = name;
};
hashedPassword = mkOption {
type = nullOr (passwdEntry str);
default = null;
};
hashedPasswordFile = mkOption {
type = nullOr str;
default = null;
};
home = mkOption {
type = anything;
default = {};
};
homeDirectory = mkOption {
type = passwdEntry path;
default =
if cfg.users.${name}.homeManager
then "/home/${name}"
else "/var/empty";
};
homeManager = mkOption {
type = bool;
default =
if cfg.users.${name}.isNormalUser
then true
else false;
};
homeMode = mkOption {
type = strMatching "[0-7]{1,5}";
default = "700";
};
ignoreShellProgramCheck = mkOption {
type = bool;
default = false;
};
initialHashedPassword = mkOption {
type = nullOr (passwdEntry str);
default = null;
};
initialPassword = mkOption {
type = nullOr (passwdEntry str);
default = null;
};
isNormalUser = mkOption {
type = bool;
default = false;
};
isSystemUser = mkOption {
type = bool;
default = false;
};
linger = mkOption {
type = bool;
default = false;
};
name = mkOption {
type = passwdEntry str;
};
openssh = mkOption {
type = anything;
default = {};
};
packages = mkOption {
type = listOf package;
default = [];
};
pamMount = mkOption {
type = attrsOf str;
default = {};
};
shell = mkOption {
type = nullOr (either shellPackage (passwdEntry path));
default = pkgs.shadow;
};
subGidRanges = mkOption {
type = listOf (submodule subordinateGidRange);
default = [];
};
subUidRanges = mkOption {
type = listOf (submodule subordinateUidRange);
default = [];
};
uid = mkOption {
type = nullOr int;
default = null;
};
useDefaultShell = mkOption {
type = bool;
default = false;
};
};
}));
default = {};
};
};
config = with lib;
with builtins;
mkIf cfg.enable {
users.users =
mapAttrs
(name: value: {
inherit
(value)
autoSubUidGidRange
createHome
cryptHomeLuks
description
extraGroups
group
hashedPassword
hashedPasswordFile
homeMode
ignoreShellProgramCheck
initialHashedPassword
initialPassword
isNormalUser
isSystemUser
linger
name
openssh
pamMount
shell
subGidRanges
subUidRanges
uid
useDefaultShell
;
home = value.homeDirectory;
packages =
if value.homeManager
then []
else value.packages;
})
cfg.users;
users.mutableUsers = true;
users.groups =
mapAttrs'
(name: value: {
name = name;
value =
mkDefault
{
name = name;
members = ["${name}"];
};
})
cfg.users;
home-manager.backupFileExtension = "backup";
home-manager.extraSpecialArgs = {inherit inputs;};
home-manager.users =
mapAttrs
(name: value: (mkMerge [
{
imports = [
inputs.nix-index-database.hmModules.nix-index
inputs.flatpaks.homeManagerModules.nix-flatpak
];
home.username = value.name;
home.homeDirectory = value.homeDirectory;
home.packages =
value.packages
++ (
if value ? home ? packages
then value.home.packages
else []
)
++ [
pkgs.nil
];
programs.home-manager.enable = true;
home.stateVersion = "23.11"; # DO NOT CHANGE
}
value.home
]))
(filterAttrs (n: v: v.homeManager) cfg.users);
};
}

9
modules/nixos/profiles/default.nix
View File

@@ -1,9 +0,0 @@
{...}: {
imports = [
./locale.nix
./media-server.nix
./minecraft-servers.nix
];
options = {};
config = {};
}

64
modules/nixos/profiles/locale.nix
View File

@@ -1,64 +0,0 @@
{
config,
lib,
...
}: let
cfg = config.profiles.locale;
in {
imports = [];
options.profiles.locale = with lib;
with lib.types; {
enable = mkEnableOption "";
locale = mkOption {
type = str;
default = "en_US.UTF-8";
};
extraLocales = mkOption {
type = attrsOf str;
default = rec {
LC_ADDRESS = "pt_BR.UTF-8";
LC_IDENTIFICATION = LC_ADDRESS;
LC_MEASUREMENT = LC_ADDRESS;
LC_MONETARY = LC_ADDRESS;
LC_NAME = LC_ADDRESS;
LC_NUMERIC = LC_ADDRESS;
LC_PAPER = LC_ADDRESS;
LC_TELEPHONE = LC_ADDRESS;
LC_TIME = LC_ADDRESS;
};
};
keymap.layout = mkOption {
type = str;
default = "br";
};
keymap.variant = mkOption {
type = str;
default = "";
};
keymap.console = mkOption {
type = str;
default = "br-abnt2";
};
timeZone = mkOption {
type = str;
default = "America/Sao_Paulo";
};
};
config = {
i18n = {
defaultLocale = cfg.locale;
extraLocaleSettings = cfg.extraLocales;
};
services.xserver = {
xkb.layout = cfg.keymap.layout;
xkb.variant = cfg.keymap.variant;
};
console.keyMap = cfg.keymap.console;
time = {
timeZone = cfg.timeZone;
};
};
}

81
modules/nixos/profiles/media-server.nix
View File

@@ -1,81 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.profiles.media-server;
in {
options.profiles.media-server = with lib;
with lib.types; {
enable = mkEnableOption "";
mediaDir = mkOption {
type = path;
default = "/data/media";
};
};
config = with lib;
mkIf cfg.enable {
services = {
jellyfin.enable = mkDefault true;
jellyfin.openFirewall = true;
jellyseerr.enable = mkDefault true;
prowlarr.enable = mkDefault true;
radarr.enable = mkDefault true;
sonarr.enable = mkDefault true;
qbittorrent.enable = mkDefault true;
};
systemd.services.media-server-setup = {
script = let
services = config.services;
in ''
function setfacl() { ${pkgs.acl}/bin/setfacl "$@"; }
echo 'Creating ${toString cfg.mediaDir} folder'
mkdir -p ${toString cfg.mediaDir}
mkdir -p ${toString cfg.mediaDir + "/Downloads"}
mkdir -p ${toString cfg.mediaDir + "/Movies"}
mkdir -p ${toString cfg.mediaDir + "/Shows"}
${
if services.jellyfin.enable
then ''
echo 'Giving read-write permission to ${services.jellyfin.user} on ${toString cfg.mediaDir}'
setfacl -R -m u:${services.jellyfin.user}:rwx ${toString cfg.mediaDir}
''
else ""
}
${
if services.radarr.enable
then ''
echo 'Giving read-write permission to ${services.radarr.user} on ${toString cfg.mediaDir}'
setfacl -R -m u:${services.radarr.user}:rwx ${toString cfg.mediaDir}
''
else ""
}
${
if services.sonarr.enable
then ''
echo 'Giving read-write permission to ${services.sonarr.user} on ${toString cfg.mediaDir}'
setfacl -R -m u:${services.sonarr.user}:rwx ${toString cfg.mediaDir}
''
else ""
}
${
if services.qbittorrent.enable
then ''
echo 'Giving read-write permission to ${services.qbittorrent.user} on ${toString cfg.mediaDir}'
setfacl -R -m u:${services.qbittorrent.user}:rwx ${toString cfg.mediaDir}
''
else ""
}
'';
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "oneshot";
};
};
};
}

107
modules/nixos/profiles/minecraft-servers.nix
View File

@@ -1,107 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.profiles.minecraft-servers;
in {
imports = [../services/minecraft-servers.nix];
options.profiles.minecraft-servers = with lib; {
enable = mkEnableOption "";
};
config = let
optimizationMods = builtins.attrValues {
AlternateCurrent = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/r0v8vy1s/versions/CFNRLnDw/alternate-current-mc1.20-1.8.0-beta.3.jar";
sha256 = "130k9ay8hylbv2ijzj5n9951ww2lxyqrykazvr8l3yf1dbm0n56r";
};
/*
BetterMaps = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/JX1fvBwM/versions/SSxJn7Q3/bettermaps-mc1.20-0.5.2.jar";
sha256 = "0aps89kxx98xhmya4ljy3h3dhni88wv697vh7ipg3vzfxhqyfj9p";
};
*/
CCME = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/VSNURh3q/versions/1jjyJyVe/c2me-fabric-mc1.20.6-0.2.0+alpha.11.95.jar";
sha256 = "0ja97jv4x1xhm1nmpq661qf641zv314zzdp7q9d0wzfp712am0dc";
};
Chunky = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/fALzjamp/versions/ZrmnYk7q/Chunky-1.4.10.jar";
sha256 = "098gg5s02c5lnz9y85vja9z17cmkaidf8fr99drrym5z1n3d48jf";
};
DisablePortalChecks = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/uOzKOGGt/versions/zW17oIr0/disableportalchecks-1.0.0.jar";
sha256 = "1zq535nb6zv22plvz3p6ykh02skng6wjjzsalm1qmlidj22r8j40";
};
FabricApi = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/191HCCtF/fabric-api-0.98.0+1.20.6.jar";
sha256 = "09p29f4333mnwigs7v307xhli99n51qg7prkkp9yfm9pwnvv26q3";
};
FasterRandom = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/RfFxanNh/versions/I8jy69I9/fasterrandom-4.1.0.jar";
sha256 = "0hwxbkic4mwjl3sqm9hsl8xvf96qk87ah1njl7pnqpam720zl0i3";
};
Icterine = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/7RvRWn6p/versions/W7L89aQM/Icterine-fabric-1.20.3-4-1.3.0.jar";
sha256 = "15vv2xqd6gzvckr3wxgisz02x9d938cgg2ncc2gnd3m6k3l6l5w5";
};
Lithium = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/bAbb09VF/lithium-fabric-mc1.20.6-0.12.3.jar";
sha256 = "03fikawl6rw14gkzz74k7zv1cf9m0l9am12l2wmjf8mm0a9dmp9l";
};
MemoryLeakFix = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/NRjRiSSD/versions/5xvCCRjJ/memoryleakfix-fabric-1.17+-1.1.5.jar";
sha256 = "1pmdllflr2mjjh2r3v8lyz8rxg0ncq8m9r15vl89f09f4vbk7b5q";
};
Noisium = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/KuNKN7d2/versions/lT2Jvcwv/noisium-fabric-2.1.0+mc1.20.5-1.20.6.jar";
sha256 = "0bawxlrph66jladb9w1b20qn7av6az45nfn4bnggcygza35r0mrj";
};
NoKebab = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/y82xHklI/versions/t1haYknB/no-kebab-1.3.0+1.20.6.jar";
sha256 = "1xks224cls95jnfhk54plnsmb1x4bb0llr17w1rwbbn6rx66p6gi";
};
ModernFix = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/nmDcB62a/versions/xlt4bcjj/modernfix-fabric-5.17.3+mc1.20.6.jar";
sha256 = "1sdbv2a3zb1j481g2318vfaxd5hlx0h5fl7azl3j46095422yw93";
};
ServerCode = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/4WWQxlQP/versions/MiqvHRzE/servercore-fabric-1.5.1+1.20.5.jar";
sha256 = "1vhb3dik4vancgsgm0ldmgx6qlsw0iiqlcq8gy0ifxmjmm1sin6f";
};
Slumber = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/ksm6XRZ9/versions/mPf1P26X/slumber-1.2.0.jar";
sha256 = "1chp2wkjcmxi4apry1fkml3n7k4x2sjwc7dx9qjklqpcw4gbn7s7";
};
ThreadTweak = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/vSEH1ERy/versions/BtMMYDAh/threadtweak-fabric-1.20.6-0.1.3.jar";
sha256 = "12nyln487bsn4gvlynzw0samds8mxi02bkxb9jdl9x0yy16pbrfh";
};
VeryManyPlayer = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/wnEe9KBa/versions/83ET13o3/vmp-fabric-mc1.20.6-0.2.0+beta.7.155-all.jar";
sha256 = "039adzcpl9bx4h2gsl399b97vsi0h3b33421jbsl603rld6cgz88";
};
};
in
with lib;
mkIf cfg.enable {
services.minecraft-servers.enable = true;
services.minecraft-servers.eula = true;
services.minecraft-servers.openFirewall = true;
networking.firewall.allowedTCPPorts = [25565];
services.minecraft-servers.servers.survival = {
enable = true;
restart = "no";
serverProperties = {
server-port = 25565;
};
package = pkgs.fabricServers.fabric-1_20_6.override {};
symlinks = {
mods = pkgs.linkFarmFromDrvs "mods" optimizationMods;
};
};
};
}

9
modules/nixos/programs/default.nix
View File

@@ -1,9 +0,0 @@
{...}: {
imports = [
./nh
./hyprland.nix
./steam.nix
];
options = {};
config = {};
}

39
modules/nixos/programs/hyprland.nix
View File

@@ -1,39 +0,0 @@
{
config,
lib,
inputs,
pkgs,
...
}: let
cfg = config.programs.hyprland;
system = pkgs.stdenv.hostPlatform.system;
in {
imports = [];
options.programs.hyprland = with lib;
with lib.types; {
useFlakes = mkOption {
type = bool;
default = true;
};
};
config = with lib;
mkIf cfg.enable {
programs.hyprland = {
xwayland.enable = mkDefault true;
package = mkDefault (
if cfg.useFlakes
then inputs.hyprland.packages."${system}".hyprland
else pkgs.hyprland
);
portalPackage = mkDefault (
if cfg.useFlakes
then inputs.xdg-desktop-portal-hyprland.packages."${system}".xdg-desktop-portal-hyprland
else pkgs.xdg-desktop-portal-hyprland
);
};
xdg.portal.enable = true;
xdg.portal.extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
};
}

25
modules/nixos/programs/nh/default.nix
View File

@@ -1,25 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.programs.nh;
wrapper = pkgs.writeShellScriptBin "nh" ''
function alejandra() { ${pkgs.alejandra}/bin/alejandra "$@"; }
function git() { ${pkgs.git}/bin/git "$@"; }
function lazygit() { ${pkgs.lazygit}/bin/lazygit "$@"; }
function nh() { ${pkgs.nh}/bin/nh "$@"; }
function shellharden() { ${pkgs.shellharden}/bin/shellharden "$@"; }
FLAKE_DIR=${toString cfg.flake}
${builtins.readFile ./wrapper.sh}
'';
in {
options.programs.nh = with lib; with lib.types; {};
config = with lib;
mkIf cfg.enable {
programs.nh.package = wrapper;
};
}

154
modules/nixos/programs/nh/wrapper.sh
View File

@@ -1,154 +0,0 @@
function set_colors() {
COLOR_CYAN='\033[0;35m'
COLOR_RED='\033[0;31m'
COLOR_YELLOW='\033[1;33m'
COLOR_NC='\033[0m'
}
function set_labels() {
set_colors
function echo_info() {
if [ -t 1 ]; then
echo -e "${COLOR_CYAN}INFO:${COLOR_NC} $@";
else
echo -e "INFO: $@";
fi
}
function echo_warn() {
if [ -t 1 ]; then
echo -e "${COLOR_YELLOW}WARN:${COLOR_NC} $@";
else
echo -e "WARN: $@";
fi
}
function echo_error() {
if [ -t 1 ]; then
echo -e "${COLOR_RED}ERRO:${COLOR_NC} $@";
else
echo -e "ERRO: $@";
fi
}
}
set_labels
function decrypt_lesser_secrets() {
set -e
pushd "$FLAKE_DIR" > /dev/null
for f in ./secrets/*.lesser.*; do
local filename="$(basename -- "$f")"
local extension="${filename##*.}"
local filename="${filename%.*}"
local subextenstion="${filename##*.}"
if [[ "$subextenstion" == "decrypted" ]]; then
echo_warn "$PREFIX - File already decrypted! file=$f"
else
echo_info "$PREFIX - Decrypting lesser secret file. file=$f"
sops --output "./secrets/$filename.decrypted.$extension" -d "$f"
fi
done
echo_info "$PREFIX - Adding decrypted secret files"
git add ./secrets/*.decrypted.*
popd > /dev/null
}
function remove_decrypted_secrets() {
set -e
pushd "$FLAKE_DIR" > /dev/null
echo_info "$PREFIX - Removing descrypted files"
for f in "$FLAKE_DIR"/secrets/*.decrypted.*; do
echo_info "$PREFIX - Removing descrypted files. file=$f"
git reset "$f"
rm "$f"
done
popd > /dev/null
}
function format_files() {
set -e
pushd "$FLAKE_DIR" > /dev/null
echo_info "$PREFIX - Formatting *.nix files"
alejandra . &>/dev/null \
|| (alejandra . ; \
echo_error - "$PREFIX - Failed to format files" \
&& exit 1)
echo_info "$PREFIX - Formatting *.sh files"
find "$FLAKE_DIR" -type f -name "*.sh" -execdir shellharden --replace {} \;
popd > /dev/null
}
function build_os() {
set -e
pushd "$FLAKE_DIR" > /dev/null
echo_info "$PREFIX - Building NixOS"
nh os switch "$@" "$FLAKE_DIR" \
|| (echo_error "$PREFIX - Failed to build NixOS" \
&& remove_decrypted_secrets \
&& exit 1)
popd > /dev/null
}
case "$1" in
"os")
case "$2" in
"switch")
PREFIX="nh os switch"
decrypt_lesser_secrets
format_files
shift 2
build_os "$@"
remove_decrypted_secrets
;;
*) echo_error "\"$2\" subcommand does not exist"
;;
esac
;;
"edit")
pushd "$FLAKE_DIR" > /dev/null
"$EDITOR" .
popd > /dev/null
;;
"sync")
pushd "$FLAKE_DIR" > /dev/null
lazygit
popd > /dev/null
;;
"secrets")
PREFIX="nh secrets"
case "$2" in
"-d"|"--decrypt") decrypt_lesser_secrets
;;
"-r"|"--remove") remove_decrypted_secrets
;;
esac
;;
"format")
pushd "$FLAKE_DIR" > /dev/null
format_files
popd > /dev/null
;;
"--")
shift 1
nh "$@"
;;
*) echo_error "\"$1\" command does not exist"
;;
esac

34
modules/nixos/programs/steam.nix
View File

@@ -1,34 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.programs.steam;
in {
imports = [];
options.programs.steam = with lib;
with lib.types; {
wayland = mkOption {
type = bool;
default = config.programs.hyprland.enable;
};
};
config = with lib;
mkIf cfg.enable {
environment.systemPackages = with pkgs; [steam-run];
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-run"
];
programs.steam = {
gamescopeSession = mkIf cfg.wayland {
enable = true;
};
};
};
}

61
modules/nixos/services/adguardhome.nix
View File

@@ -1,61 +0,0 @@
{
config,
lib,
...
}: let
cfg = config.services.adguardhome;
in {
imports = [];
options.services.adguardhome = with lib;
with lib.types; {
dns.filters = mkOption {
type = attrsOf (submodule ({lib, ...}: {
options = {
name = mkOption {
type = nullOr str;
default = null;
};
url = mkOption {
type = str;
};
enabled = mkOption {
type = bool;
default = true;
};
};
}));
default = {};
};
dns.rewrites = mkOption {
type = attrsOf str;
default = {};
};
};
config = with lib;
mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53 51820];
services.adguardhome = {
settings = {
filtering.rewrites = builtins.attrValues (builtins.mapAttrs
(from: to: {
domain = from;
answer = to;
})
cfg.dns.rewrites);
filters = attrValues (mapAttrs
(id: list: {
name =
if isNull list.name
then id
else list.name;
ID = id;
url = list.url;
enabled = list.enabled;
})
cfg.dns.filters);
};
};
};
}

11
modules/nixos/services/default.nix
View File

@@ -1,11 +0,0 @@
{...}: {
imports = [
./adguardhome.nix
./forgejo
./minecraft-servers.nix
./qbittorrent.nix
./tailscale.nix
];
options = {};
config = {};
}

205
modules/nixos/services/forgejo/default.nix
View File

@@ -1,205 +0,0 @@
{
config,
lib,
pkgs,
utils,
...
}: let
cfg = config.services.forgejo;
yamlFormat = pkgs.formats.yaml {};
users = builtins.attrValues (builtins.mapAttrs
(username: info: {
name =
if isNull info.name
then username
else info.name;
email = info.email;
password = info.password;
admin = info.admin;
})
cfg.users);
initList = l: lib.strings.concatStringsSep "," l;
in {
imports = [];
options.services.forgejo = with lib;
with lib.types; {
handleUndeclaredUsers = mkOption {
type = bool;
default = false;
};
users = mkOption {
type = attrsOf (submodule ({
config,
lib,
...
}:
with lib;
with lib.types; {
options = {
name = mkOption {
type = nullOr (either str path);
default = null;
};
password = mkOption {
type = either str path;
};
email = mkOption {
type = either str path;
};
admin = mkOption {
type = bool;
default = false;
};
};
}));
default = {};
};
actions = {
enable = mkOption {
type = bool;
default = cfg.enable;
};
token = mkOption {
type = str;
};
url = mkOption {
type = str;
default = "http://localhost:${toString cfg.settings.server.HTTP_PORT}";
};
labels = mkOption {
type = listOf str;
default = [
/*
Remember to install git on these images so actions/checkout can work,
without it, the actions tries to use the /api/v3/repos/{user}/{repo}/tarball/{ref}
api endpoint, which Gitea/Forgejo doesn't has.
*/
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest-slim"
"ubuntu-latest-full:docker://gitea/runner-images:ubuntu-latest"
];
};
};
};
config = with lib;
mkIf cfg.enable {
networking.firewall.allowedTCPPorts = mkIf cfg.settings.actions.ENABLED [
cfg.settings.server.HTTP_PORT
];
networking.firewall.allowedUDPPorts = mkIf cfg.settings.actions.ENABLED [
cfg.settings.server.HTTP_PORT
];
users.users."${cfg.user}" = {
home = cfg.stateDir;
useDefaultShell = true;
group = cfg.group;
isSystemUser = true;
extraGroups = ["wheel" "networkmanager"];
};
users.groups."${cfg.group}" = {};
services.forgejo = {
user = mkDefault "git";
group = mkDefault cfg.user;
settings = {
DEFAULT = {
APP_NAME = mkDefault "Forgejo: Beyond coding. We forge.";
};
actions = {
ENABLED = mkDefault cfg.actions.enable;
DEFAULT_ACTIONS_URL = mkDefault "http://localhost:${toString cfg.settings.server.HTTP_PORT}";
};
repository = {
DEFAULT_REPO_UNITS = mkDefault (initList [
"repo.code"
]);
DISABLED_REPO_UNITS = mkIf (!cfg.actions.enable) (mkDefault (initList [
"repo.actions"
]));
};
service = {
# DISABLE_REGISTRARION = mkDefault true;
};
};
};
virtualisation.docker.enable = mkIf cfg.actions.enable (mkDefault true);
services.gitea-actions-runner = mkIf cfg.actions.enable {
package =
if config.services.gitea.enable
then pkgs.gitea-actions-runner
else pkgs.forgejo-actions-runner;
instances."forgejo${toString cfg.settings.server.HTTP_PORT}" = {
enable = mkDefault true;
token = mkDefault cfg.actions.token;
name = mkDefault "${cfg.settings.DEFAULT.APP_NAME} - Actions";
url = cfg.actions.url;
labels = mkDefault cfg.actions.labels;
settings = {
runner = {
insecure = true;
};
};
};
};
systemd.services."forgejo-users-setup" = with builtins; {
script = ''
function gum() { ${pkgs.gum}/bin/gum "$@"; }
function forgejo() {
# local config_file="${toString cfg.stateDir}/custom/conf/app.ini";
# touch $config_file
${cfg.package}/bin/gitea \
--work-path ${cfg.stateDir} \
"$@"
}
function fjuser() { forgejo admin user "$@"; }
function awk() { ${pkgs.gawk}/bin/awk "$@"; }
handle_undeclared_users="${
if cfg.handleUndeclaredUsers
then "true"
else "false"
}";
declared_users=(${toString (map (user: "${
if isPath user.name
then "$(cat ${toString user.name})"
else user.name
}")
users)});
${readFile ./user-handler.sh}
${toString (map (user: ''
set-user "${
if isPath user.name
then "$(cat ${toString user.name})"
else user.name
}" "${
if isPath user.email
then "$(cat ${toString user.email})"
else user.email
}" "${
if isPath user.password
then "$(cat ${toString user.password})"
else user.password
}" \
"${
if user.admin
then "true"
else "false"
}"
'')
users)}
'';
wantedBy = ["multi-user.target"];
after = ["forgejo.service"];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
};
};
};
}

90
modules/nixos/services/forgejo/user-handler.sh
View File

@@ -1,90 +0,0 @@
gum log --structured \
--time timeonly \
--level debug \
'Handling forgejo users'
fjuser list | awk '{print $2}' | tail -n +2 | while read username; do
if printf '%s\0' "${declared_users[@]}" | grep -Fxqz -- "$username"; then
gum log --structured \
--time timeonly \
--level info \
'Declared user already exists, ignoring' \
username "$username"
else
if [[ "$(fjuser list | tail -n +2 | awk '{print $2 " " $5}' | grep "$username" | awk '{print $2}')" == "true" ]]; then
gum log --structured \
--time timeonly \
--level warn \
'Undeclared user is an ADMIN, ignoring' \
username "$username"
elif [[ "$handle_undeclared_users" == "true" ]]; then
gum log --structured \
--time timeonly \
--level info \
'DELETING undeclared user' \
username "$username"
fjuser delete -u "$username"
else
gum log --structured \
--time timeonly \
--level warn \
'UNDECLARED user, please declare it to have a reproducible build' \
username "$username"
fi
fi
done
# this is used in the string inside ./default.nix
function set-user() {
local username=$1
local email=$2
local password=$3
local admin=$4
gum log --structured \
--time timeonly \
--level debug \
'Setting user' \
username "$username" \
email "$email"
if [[ "$(fjuser list | grep "$username" | awk '{print $2}')" ]]; then
gum log --structured \
--time timeonly \
--level error \
'User with username already exists' \
username "$username"
elif [[ "$(fjuser list | grep "$email" | awk '{print $3}')" ]]; then
gum log --structured \
--time timeonly \
--level error \
'User with username already exists' \
email "$email"
else
if [[ "$admin" == "true" ]]; then
gum log --structured \
--time timeonly \
--level debug \
'Creating ADMIN user' \
username "$username" \
email "$email"
fjuser create --username "$username" \
--email "$email" \
--password "$password" \
--admin
else
gum log --structured \
--time timeonly \
--level debug \
'Creating user' \
username "$username" \
email "$email"
fjuser create --username "$username" \
--email "$email" \
--password "$password"
fi
fi
}

17
modules/nixos/services/minecraft-servers.nix
View File

@@ -1,17 +0,0 @@
{
config,
lib,
inputs,
...
}: let
cfg = config.services.minecraft-servers;
in {
imports = [
inputs.nix-minecraft.nixosModules.minecraft-servers
];
options.services.minecraft-servers = with lib; with lib.types; {};
config = with lib;
mkIf cfg.enable {
nixpkgs.overlays = [inputs.nix-minecraft.overlay];
};
}

78
modules/nixos/services/qbittorrent.nix
View File

@@ -1,78 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.services.qbittorrent;
UID = 888;
GID = 888;
in {
options.services.qbittorrent = with lib;
with lib.types; {
enable = mkEnableOption "";
dataDir = mkOption {
type = path;
default = "/var/lib/qbittorrent";
};
user = mkOption {
type = str;
default = "qbittorrent";
};
group = mkOption {
type = str;
default = "qbittorrent";
};
port = mkOption {
type = port;
default = 8080;
};
openFirewall = mkOption {
type = bool;
default = false;
};
package = mkOption {
type = package;
default = pkgs.qbittorrent-nox;
};
};
config = with lib;
mkIf cfg.enable {
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
};
systemd.services.qbittorrent = {
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
ExecStartPre = let
preStartScript = pkgs.writeScript "qbittorrent-run-prestart" ''
#!${pkgs.bash}/bin/bash
if ! test -d "$QBT_PROFILE"; then
echo "Creating qBittorrent data directory in: $QBT_PROFILE"
install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$QBT_PROFILE"
fi
'';
in "!${preStartScript}";
ExecStart = "${cfg.package}/bin/qbittorrent-nox";
Restart = "on-success";
};
environment = {
QBT_PROFILE = cfg.dataDir;
QBT_WEBUI_PORT = toString cfg.port;
};
};
users.users."${cfg.user}" = {
group = cfg.group;
uid = UID;
};
users.groups."${cfg.group}" = {
gid = GID;
};
};
}

61
modules/nixos/services/tailscale.nix
View File

@@ -1,61 +0,0 @@
{
config,
lib,
...
}: let
cfg = config.services.tailscale;
in {
imports = [];
options.services.tailscale = with lib;
with lib.types; {
exitNode = mkOption {
type = bool;
default = false;
};
tailnetName = mkOption {
type = str;
};
tailnetUrl = mkOption {
type = str;
default = "${config.services.tailscale.tailnetName}.ts.net";
};
deviceUrl = mkOption {
type = str;
default = "${config.networking.hostName}.${config.services.tailscale.tailnetUrl}";
};
deviceIp = mkOption {
type = str;
};
};
config = with lib;
mkIf cfg.enable {
services.tailscale = {
extraUpFlags = [
(
if cfg.exitNode
then "--advertise-exit-node"
else null
)
(
if cfg.exitNode
then "--exit-node"
else null
)
];
useRoutingFeatures = mkDefault (
if cfg.exitNode
then "server"
else "client"
);
};
systemd.services."tailscaled" = mkIf config.services.caddy.enable (mkDefault {
serviceConfig = {
Environment = ["TS_PERMIT_CERT_UID=caddy"];
};
});
boot.kernel.sysctl."net.ipv4.ip_forward" = mkIf cfg.exitNode (mkDefault 1);
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = mkIf cfg.exitNode (mkDefault 1);
};
}