encode42.dev / nixos
Personal-use NixOS configuration
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Minor server package cleanup

encode42 25747701 fc723fc6

+69 -53
+2
hardware/gpu/amd.nix
··· 12 12 programs.obs-studio.plugins = with pkgs.obs-studio-plugins; [ 13 13 obs-vaapi 14 14 ]; 15 + 16 + services.immich.settings.ffmpeg.accel = "vaapi"; 15 17 }
+2
hardware/gpu/nvidia.nix
··· 31 31 cudaSupport = true; 32 32 } 33 33 ); 34 + 35 + services.immich.settings.ffmpeg.accel = "nvenc"; 34 36 }
+1
packages/server/groupware/autoconfig.nix
··· 26 26 }; 27 27 }; 28 28 29 + # Caddy reverse proxy configuration 29 30 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 30 31 reverse_proxy ${config.services.go-autoconfig.settings.service_addr} 31 32 '';
+1
packages/server/groupware/cells.nix
··· 13 13 enable = true; 14 14 }; 15 15 16 + # Caddy reverse proxy configuration 16 17 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 17 18 reverse_proxy :${toString config.services.cells.port} { 18 19 transport http {
+23 -21
packages/server/groupware/maddy.nix
··· 32 32 autoconfigModule 33 33 ]; 34 34 35 - services.postgresql = { 36 - ensureUsers = [ 37 - { 38 - name = "maddy"; 39 - ensureDBOwnership = true; 40 - } 41 - ]; 42 - 43 - ensureDatabases = [ "maddy" ]; 44 - }; 45 - 46 - services.rspamd = { 47 - locals."dkim_signing.conf".text = '' 48 - selector = "default"; 49 - domain = "${subdomain}"; 50 - path = "/var/lib/maddy/dkim_keys/$domain_$selector.key"; 51 - ''; 52 - }; 53 - 54 - systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ]; 55 - 56 35 services.maddy = { 57 36 enable = true; 58 37 ··· 231 210 143 232 211 993 233 212 ]; 213 + 214 + # Ensure creation of PostgreSQL database 215 + services.postgresql = { 216 + ensureUsers = [ 217 + { 218 + name = "maddy"; 219 + ensureDBOwnership = true; 220 + } 221 + ]; 222 + 223 + ensureDatabases = [ "maddy" ]; 224 + }; 225 + 226 + # Configure rspamd 227 + services.rspamd = { 228 + locals."dkim_signing.conf".text = '' 229 + selector = "default"; 230 + domain = "${subdomain}"; 231 + path = "/var/lib/maddy/dkim_keys/$domain_$selector.key"; 232 + ''; 233 + }; 234 + 235 + systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ]; 234 236 }
+1
packages/server/groupware/radicale.nix
··· 24 24 }; 25 25 }; 26 26 27 + # Caddy reverse proxy configuration 27 28 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 28 29 reverse_proxy :5232 29 30 '';
+9 -8
packages/server/groupware/rspamd.nix
··· 5 5 ../databases/redis.nix 6 6 ]; 7 7 8 - services.redis.servers.rspamd = { 9 - enable = true; 10 - 11 - port = 0; 12 - 13 - user = config.services.rspamd.user; 14 - }; 15 - 16 8 services.rspamd = { 17 9 enable = true; 18 10 ··· 26 18 autolearn = true; 27 19 ''; 28 20 }; 21 + }; 22 + 23 + # Ensure creation of Redis database 24 + services.redis.servers.rspamd = { 25 + enable = true; 26 + 27 + port = 0; 28 + 29 + user = config.services.rspamd.user; 29 30 }; 30 31 }
+2 -3
packages/server/language/languagetool.nix
··· 30 30 jrePackage = pkgs.temurin-jre-bin; 31 31 }; 32 32 33 - systemd.services.languagetool.environment = { 34 - LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib"; # Fix for Hunspell bindings 35 - }; 33 + # Fix for Hunspell bindings 34 + systemd.services.languagetool.environment.LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib"; 36 35 }
+1
packages/server/language/libretranslate.nix
··· 18 18 }; 19 19 }; 20 20 21 + # Caddy reverse proxy configuration 21 22 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 22 23 reverse_proxy :${config.services.libretranslate.port} 23 24 '';
+1
packages/server/language/omnipoly.nix
··· 11 11 enable = true; 12 12 }; 13 13 14 + # Caddy reverse proxy configuration 14 15 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 15 16 reverse_proxy :${toString config.services.omnipoly.port} 16 17 '';
+3 -2
packages/server/media/audiobookshelf.nix
··· 12 12 }; 13 13 14 14 systemd.services.audiobookshelf.serviceConfig = { 15 - RuntimeDirectory = "audiobookshelf"; 15 + RuntimeDirectory = config.services.audiobookshelf.user; 16 16 RuntimeDirectoryMode = "0750"; 17 17 UMask = "0007"; 18 18 }; 19 19 20 - users.users.caddy.extraGroups = [ "audiobookshelf" ]; 20 + # Caddy reverse proxy configuration 21 + users.users.caddy.extraGroups = [ config.services.audiobookshelf.group ]; 21 22 22 23 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 23 24 reverse_proxy ${config.services.audiobookshelf.host}
+3 -2
packages/server/media/navidrome.nix
··· 67 67 package = pkgs-unstable.navidrome; # TODO: Switch back to stable once BFR is ready 68 68 }; 69 69 70 + # Caddy reverse proxy configuration 71 + users.users.caddy.extraGroups = [ config.users.users.navidrome.group ]; 72 + 70 73 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 71 74 reverse_proxy unix/${socket} 72 75 ''; 73 - 74 - users.users.caddy.extraGroups = [ config.users.users.navidrome.group ]; 75 76 }
+3 -3
packages/server/sharing/flood.nix
··· 16 16 socket = "/run/flood/flood.sock"; 17 17 in 18 18 { 19 - 20 19 services.flood = { 21 20 enable = true; 22 21 ··· 45 44 RuntimeDirectoryMode = "0750"; 46 45 UMask = "0007"; 47 46 48 - Group = "flood-proxy"; 47 + Group = config.users.groups.flood-proxy.name; 49 48 }; 50 49 51 50 users.groups.flood-proxy = { }; 52 51 53 - users.users.caddy.extraGroups = [ "flood-proxy" ]; 52 + # Caddy reverse proxy configuration 53 + users.users.caddy.extraGroups = [ config.users.groups.flood-proxy.name ]; 54 54 55 55 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 56 56 reverse_proxy unix/${socket}
+2 -3
packages/server/sharing/prowlarr.nix
··· 13 13 prowlarrModulePath = "services/misc/servarr/prowlarr.nix"; 14 14 in 15 15 { 16 + # Unstable to use dataDir option, roll back to stable once 25.11 releases 16 17 disabledModules = [ prowlarrModulePath ]; 17 18 imports = [ "${pkgs-unstable.path}/nixos/modules/${prowlarrModulePath}" ]; 18 19 19 20 services.prowlarr = { 20 21 enable = true; 21 - 22 - # https://wiki.servarr.com/useful-tools#using-environment-variables-for-config 23 - settings = { }; 24 22 }; 25 23 24 + # Caddy reverse proxy configuration 26 25 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 27 26 reverse_proxy :${toString config.services.prowlarr.settings.server.port} 28 27 '';
+6 -4
packages/server/sharing/soulseek.nix
··· 94 94 "^(\.?pdf|\.?docx|\.?xlsx)$" 95 95 ]; 96 96 97 - # Numbers are measured in hours 98 97 retention = { 99 - search = 5; # Users go offline often, invalidating search 98 + # Users go offline often, invalidating search 99 + search = 5; 100 100 101 + # The following numbers are measured in hours 101 102 transfers = { 102 103 upload = { 103 104 succeeded = 10080; ··· 122 123 }; 123 124 124 125 systemd.services.slskd.serviceConfig = { 125 - RuntimeDirectory = "slskd"; 126 + RuntimeDirectory = config.services.slskd.user; 126 127 RuntimeDirectoryMode = "0750"; 127 128 UMask = "0007"; 128 129 }; 129 130 130 - users.users.caddy.extraGroups = [ "slskd" ]; 131 + # Caddy reverse proxy configuration 132 + users.users.caddy.extraGroups = [ config.services.slskd.group ]; 131 133 132 134 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 133 135 reverse_proxy unix/${toString config.services.slskd.settings.web.socket} {
+2
packages/server/web/forgejo.nix
··· 89 89 }; 90 90 }; 91 91 92 + # Required override for linux-hardened kernel 92 93 systemd.services.forgejo.serviceConfig = { 93 94 Type = lib.mkForce "exec"; 94 95 95 96 PrivateDevices = lib.mkForce false; 96 97 }; 97 98 99 + # Caddy reverse proxy configuration 98 100 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 99 101 reverse_proxy unix/${config.services.forgejo.settings.server.HTTP_ADDR} { 100 102 transport fastcgi
+1 -3
packages/server/web/immich.nix
··· 58 58 targetAudioCodec = "libopus"; 59 59 60 60 crf = 31; 61 - #maxBitrate = 2600; 62 61 twoPass = true; 63 62 64 - # assumes AMD GPU, to modularize 65 - accel = "vaapi"; 66 63 preferredHwDevice = videoDevice; 67 64 accelDecode = true; 68 65 }; ··· 91 88 "render" 92 89 ]; 93 90 91 + # Caddy reverse proxy configuration 94 92 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 95 93 reverse_proxy :${toString config.services.immich.port} 96 94 '';
+1
packages/server/web/miniflux.nix
··· 30 30 }; 31 31 }; 32 32 33 + # Caddy reverse proxy configuration 33 34 systemd.services.miniflux.serviceConfig.RuntimeDirectoryMode = lib.mkForce "0755"; 34 35 35 36 services.caddy.virtualHosts = flakeLib.mkProxies hosts ''
+3 -2
packages/server/web/searx.nix
··· 501 501 }; 502 502 }; 503 503 504 + # Caddy reverse proxy configuration 505 + users.users.caddy.extraGroups = [ config.users.users.searx.group ]; 506 + 504 507 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 505 508 reverse_proxy unix/${config.services.searx.uwsgiConfig.socket} { 506 509 transport uwsgi ··· 509 512 header_up X-Real-IP {http.request.header.CF-Connecting-IP} 510 513 } 511 514 ''; 512 - 513 - users.users.caddy.extraGroups = [ config.users.users.searx.group ]; 514 515 }
+1 -2
packages/server/web/vaultwarden.nix
··· 58 58 ROCKET_ADDRESS = "127.0.0.1"; # "unix:${socket}"; Supposedly, this is supported. However, it is not. 59 59 DATABASE_URL = "postgresql:///vaultwarden?host=/run/postgresql"; 60 60 }; 61 - 62 - package = pkgs-unstable.vaultwarden; # TODO: just use stable? 63 61 }; 64 62 63 + # Caddy reverse proxy configuration 65 64 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 66 65 reverse_proxy :8000 # unix/${socket} 67 66 '';
+1
packages/server/web/wakapi.nix
··· 60 60 }; 61 61 }; 62 62 63 + # Caddy reverse proxy configuration 63 64 services.caddy.virtualHosts = flakeLib.mkProxies hosts '' 64 65 reverse_proxy unix/${config.services.wakapi.settings.server.listen_socket} 65 66 '';