christoph/flake-nixinator
1
Fork 0
Code Activity

System: Rename system/modules to system/systemmodules

Browse Source
This commit is contained in:
Christoph Urlacher
2026-01-18 15:34:46 +01:00
parent d12b247368
commit 25ae0f4b85
27 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
system/systemmodules/1_deprecated/agenix/default.nix Normal file
View File

@ -0,0 +1,52 @@
{
config,
lib,
mylib,
pkgs,
username,
publicKeys,
...
}: let
inherit (config.modules) agenix;
in {
options.modules.agenix = import ./options.nix {inherit lib mylib;};
config = {
# NOTE: Add below snippet to home/christoph/default.nix to generate the secrets.nix file
# The user will be able to decrypt .age files using agenix.
# On each user/machine, this should generate a corresponding secrets.nix
# "${config.paths.nixflake}/system/modules/agenix/secrets.nix".text = let
# mkSecret = key: name: "\"${name}.age\".publicKeys = [\"${key}\"];";
# in ''
# # This file will contain keys depending on the host/by which user it was built on.
# {
# ${lib.optionalString
# # If this user defined any secrets...
# (builtins.hasAttr "${username}" nixosConfig.modules.agenix.secrets)
# # ...we will add them to the current secrets.nix,
# # s.t. agenix can be used to encrypt/access them.
# (builtins.concatStringsSep "\n"
# (builtins.map
# (mkSecret publicKeys.${username}.ssh)
# nixosConfig.modules.agenix.secrets.${username}))}
# }
# '';
# Register generated secrets to the age system module
age.secrets = let
mkSecretIfExists = name:
# If this user has already encrypted the secret...
if builtins.pathExists ./${name}.age
# ...we will register it with age...
then {${name}.file = ./${name}.age;}
# ...otherwise we link to a bogus file.
else {${name}.file = ./void.age;};
in
lib.mkIf
# If this user defined any secrets...
(builtins.hasAttr "${username}" agenix.secrets)
# ...we will register all secrets files that have already been generated.
(lib.mkMerge (builtins.map mkSecretIfExists agenix.secrets.${username}));
};
}

22
system/systemmodules/1_deprecated/agenix/options.nix Normal file
View File

@ -0,0 +1,22 @@
{
lib,
mylib,
...
}: {
secrets = lib.mkOption {
type = lib.types.attrs;
description = "The secret files managed by agenix (encrypted by SSH key)";
example = ''
{
christoph = [
"heidi-discord-token"
"kopia-password"
"kopia-server-username"
"kopia-server-password"
];
}
'';
default = {};
};
}

1
system/systemmodules/1_deprecated/agenix/void.age Normal file
View File

@ -0,0 +1 @@
This secret has not been generated.

76
system/systemmodules/1_deprecated/containers/default.nix Normal file
View File

@ -0,0 +1,76 @@
# TODO: Generate file with names for rofi
{
config,
nixosConfig,
lib,
mylib,
pkgs,
...
}:
with lib;
with mylib.virtualisation;
with mylib.modules; let
cfg = config.modules.containers;
in {
options.modules.containers = import ./options.nix {inherit lib mylib;};
# TODO: These need config options exposed through the module,
# e.g. to set paths/volumes/binds differently per system...
config = mkIf cfg.enable rec {
virtualisation.oci-containers.containers = {
# Examples how to use the mkOciContainer function:
# stablediffusion = mkIf cfg.stablediffusion.enable (mkOciContainer {
# image = "rocm/pytorch:rocm5.5_ubuntu20.04_py3.8_pytorch_1.13.1";
# vols = [
# "/home/christoph/NoSync/StableDiffusionWebUI:/webui-data"
# ];
# opts = [
# "--network=host"
# "--device=/dev/kfd"
# "--device=/dev/dri"
# "--group-add=video"
# "--ipc=host"
# "--cap-add=SYS_PTRACE"
# "--security-opt=seccomp=unconfined"
# ];
# extraConfig = {
# entrypoint = "/webui-data/launch.sh";
# };
# });
# sonarr = mkIf cfg.sonarr.enable (mkOciContainer {
# image = "linuxserver/sonarr:3.0.10";
# id-ports = [8989];
# vols = [
# "sonarr-config:/config:Z"
# "/media/Shows:/media/Shows"
# "/media/Usenet:/media/Usenet"
# ];
# netns = "wg0-de-115";
# netdns = "10.2.0.1";
# });
};
# Allow start/stop containers without root password
modules.polkit.allowedSystemServices = let
container-services =
virtualisation.oci-containers.containers
|> builtins.attrNames
|> builtins.filter (c: cfg.${c}.enable)
|> builtins.map (c: "podman-${c}.service");
in
container-services;
# Generate list of containers for rofi menu
environment.etc."rofi-containers".text = let
containers =
virtualisation.oci-containers.containers
|> builtins.attrNames
|> builtins.filter (c: cfg.${c}.enable)
|> builtins.concatStringsSep "\n";
in
containers;
};
}

50
system/systemmodules/1_deprecated/containers/options.nix Normal file
View File

@ -0,0 +1,50 @@
# TODO: Rofi Integration
# - Hotkey through hyprland module
# - Menu through rofi module
# - Permissions through polkit module
{
lib,
mylib,
...
}:
with lib;
with mylib.modules; {
enable = mkEnableOption "Enable OCI Containers";
homeassistant = {
enable = mkEnableOption "Enable HomeAssistant Container";
};
stablediffusion = {
enable = mkEnableOption "Enable StableDiffusion Container with Automatic1111 WebUI";
};
jellyfin = {
enable = mkEnableOption "Enable Jellyfin Container";
};
fileflows = {
enable = mkEnableOption "Enable FileFlows Container";
};
sonarr = {
enable = mkEnableOption "Enable Sonarr Container";
};
radarr = {
enable = mkEnableOption "Enable Radarr Container";
};
hydra = {
enable = mkEnableOption "Enable Hydra Container";
};
sabnzbd = {
enable = mkEnableOption "Enable SabNzbd Container";
};
rofiIntegration = {
enable = mkEnableOption "Enable Rofi Menu for Container Servicing";
hotkey = mkOption {
type = types.str;
example = ''
"$mainMod, D"
'';
default = "$mainMod, D";
description = "What Key should trigger the Menu";
};
};
}