mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-12-14 02:20:53 -06:00
feat: services for nas all up and running
This commit is contained in:
Nick
parent
92088ed139
commit
8649008c93
9 changed files with 54 additions and 21 deletions
|
|
@ -103,6 +103,7 @@ in
|
|||
};
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
22
|
||||
80
|
||||
smtpCfg.ports.port1
|
||||
serviceCfg.ports.port0
|
||||
serviceCfg.ports.port1
|
||||
|
|
@ -138,7 +139,7 @@ in
|
|||
network = {
|
||||
enable = true;
|
||||
networks."20-lan" = {
|
||||
matchConfig.Name = "enp0s*";
|
||||
matchConfig.Name = "enp0s6";
|
||||
addresses = [
|
||||
{ Address = "${ip}/24"; }
|
||||
];
|
||||
|
|
|
|||
|
|
@ -91,7 +91,7 @@ in
|
|||
network = {
|
||||
enable = true;
|
||||
networks."20-lan" = {
|
||||
matchConfig.Name = "enp0s*";
|
||||
matchConfig.Name = "enp0s6";
|
||||
addresses = [
|
||||
{ Address = "${ip}/24"; }
|
||||
];
|
||||
|
|
|
|||
|
|
@ -34,11 +34,12 @@ in
|
|||
enable = true;
|
||||
settings = {
|
||||
PHOTOPRISM_SITE_URL = "https://${host}";
|
||||
PHOTOPRISM_DISABLE_TLS = "true";
|
||||
PHOTOPRISM_ADMIN_USER = user;
|
||||
PHOTOPRISM_DISABLE_TLS = "true";
|
||||
PHOTOPRISM_DEFAULT_LOCAL = "en";
|
||||
};
|
||||
passwordFile = "/run/secrets/${user}-pass";
|
||||
passwordFile = "/etc/photoprism-secrets/${user}-pass";
|
||||
# databasePasswordFile = "/etc/photoprism-secrets/${user}-pass";
|
||||
storagePath = "/var/lib/${serviceCfg.name}";
|
||||
originalsPath = "/var/lib/${serviceCfg.name}-media";
|
||||
address = "0.0.0.0";
|
||||
|
|
@ -61,17 +62,41 @@ in
|
|||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
22
|
||||
2342
|
||||
serviceCfg.ports.port0
|
||||
];
|
||||
|
||||
systemd = {
|
||||
services = {
|
||||
# fix-secrets-permissions = {
|
||||
# description = "Fix secrets permissions for photoprism";
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# before = [
|
||||
# "photoprism.service"
|
||||
# ];
|
||||
# serviceConfig = {
|
||||
# Type = "oneshot";
|
||||
# RemainAfterExit = true;
|
||||
# };
|
||||
# script = ''
|
||||
# mkdir -p /etc/photoprism-secrets
|
||||
# cp /run/secrets/${user}-pass /etc/photoprism-secrets/${user}-pass
|
||||
# chmod 755 /etc/photoprism-secrets
|
||||
# chmod 644 /etc/photoprism-secrets/*
|
||||
# '';
|
||||
# };
|
||||
photoprism = {
|
||||
serviceConfig = {
|
||||
DynamicUser = lib.mkForce false;
|
||||
User = serviceCfg.name;
|
||||
Group = serviceCfg.name;
|
||||
# Override LoadCredential to use our secrets path
|
||||
LoadCredential = lib.mkForce [
|
||||
"PHOTOPRISM_ADMIN_PASSWORD_FILE:/run/secrets/${user}-pass"
|
||||
];
|
||||
};
|
||||
# Make sure secrets are mounted before service starts
|
||||
after = [ "run-secrets.mount" ];
|
||||
requires = [ "run-secrets.mount" ];
|
||||
};
|
||||
systemd-networkd.wantedBy = [
|
||||
"multi-user.target"
|
||||
|
|
@ -80,7 +105,7 @@ in
|
|||
network = {
|
||||
enable = true;
|
||||
networks."20-lan" = {
|
||||
matchConfig.Name = "enp0s*";
|
||||
matchConfig.Name = "enp0s6";
|
||||
addresses = [
|
||||
{ Address = "${ip}/24"; }
|
||||
];
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ in
|
|||
syncthingVM =
|
||||
{
|
||||
user,
|
||||
pass,
|
||||
ip,
|
||||
mac,
|
||||
userMac,
|
||||
|
|
@ -38,14 +39,17 @@ in
|
|||
openDefaultPorts = true;
|
||||
systemService = true;
|
||||
guiAddress = "0.0.0.0:${toString serviceCfg.ports.port0}";
|
||||
guiPasswordFile = "/run/secrets/${user}-pass";
|
||||
# guiPasswordFile = "/run/secrets/${user}-pass";
|
||||
|
||||
settings = {
|
||||
gui = {
|
||||
user = user;
|
||||
password = pass;
|
||||
};
|
||||
folders = folders;
|
||||
devices = devices;
|
||||
options = {
|
||||
upAccepted = -1;
|
||||
user = user;
|
||||
authMode = "static";
|
||||
urAccepted = -1;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
@ -74,7 +78,7 @@ in
|
|||
network = {
|
||||
enable = true;
|
||||
networks."20-lan" = {
|
||||
matchConfig.Name = "enp0s*";
|
||||
matchConfig.Name = "enp0s8";
|
||||
addresses = [
|
||||
{ Address = "${ip}/24"; }
|
||||
];
|
||||
|
|
|
|||
|
|
@ -87,6 +87,7 @@ let
|
|||
in
|
||||
syncthingVM {
|
||||
user = user0;
|
||||
pass = "$2y$05$WoNmQOeBPM5GhxhgkUmZqOoyBU0Y34e9N7gLZ3Xwb2J8V0j5Uoy7u";
|
||||
ip = interface0Cfg.microvm.ip;
|
||||
mac = interface0Cfg.microvm.mac;
|
||||
userMac = interface0Cfg.microvm.macUser;
|
||||
|
|
|
|||
|
|
@ -59,7 +59,8 @@ in
|
|||
|
||||
# Rocket (Web Server) Settings
|
||||
ROCKET_ADDRESS = "0.0.0.0";
|
||||
ROCKET_PORT = serviceCfg.ports.port0;
|
||||
# ROCKET_PORT = serviceCfg.ports.port0;
|
||||
ENABLE_WEBSOCKET = true;
|
||||
};
|
||||
|
||||
# Environment file with secrets (mounted from host)
|
||||
|
|
@ -77,6 +78,7 @@ in
|
|||
networking.firewall.allowedTCPPorts = [
|
||||
22
|
||||
587
|
||||
serviceCfg.ports.port0
|
||||
];
|
||||
systemd = {
|
||||
services = {
|
||||
|
|
@ -85,7 +87,7 @@ in
|
|||
network = {
|
||||
enable = true;
|
||||
networks."20-lan" = {
|
||||
matchConfig.Name = "enp0s*";
|
||||
matchConfig.Name = "enp0s5";
|
||||
addresses = [
|
||||
{ Address = "${ip}/24"; }
|
||||
];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue