From dab8841e4d24960a6ab722bc342580340e86cf23 Mon Sep 17 00:00:00 2001
From: Tigor Hutasuhut <tigor.hutasuhut@gmail.com>
Date: Fri, 14 Jun 2024 12:21:05 +0700
Subject: [PATCH] kavita: moved to native

---
 options/podman.nix          |  7 ++-----
 options/services.nix        |  2 +-
 profiles/homeserver.nix     |  2 --
 secrets/kavita.yaml         | 24 ++++++++++++++++++++++++
 system/services/default.nix |  1 +
 system/services/kavita.nix  | 31 +++++++++++++++++++++++++++++++
 6 files changed, 59 insertions(+), 8 deletions(-)
 create mode 100644 secrets/kavita.yaml
 create mode 100644 system/services/kavita.nix

diff --git a/options/podman.nix b/options/podman.nix
index 4357c32..862e595 100644
--- a/options/podman.nix
+++ b/options/podman.nix
@@ -2,10 +2,7 @@
 {
   options.profile.podman = {
     enable = lib.mkEnableOption "podman";
-    caddy.enable = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-    };
-    kavita.enable = lib.mkEnableOption "kavita docker";
+    caddy.enable = lib.mkEnableOption "caddy podman";
+    kavita.enable = lib.mkEnableOption "kavita podman";
   };
 }
diff --git a/options/services.nix b/options/services.nix
index 41e260e..db8cab6 100644
--- a/options/services.nix
+++ b/options/services.nix
@@ -1,6 +1,6 @@
 { lib, ... }:
 let
-  inherit (lib) mkEnableOption mkOption types;
+  inherit (lib) mkEnableOption;
 in
 {
   options.profile.services = {
diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix
index 2336851..8604d7f 100644
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@@ -23,8 +23,6 @@
     networking.firewall.allowedTCPPorts = [ 80 443 ];
     podman = {
       enable = true;
-      caddy.enable = false;
-      kavita.enable = true;
     };
 
     services = {
diff --git a/secrets/kavita.yaml b/secrets/kavita.yaml
new file mode 100644
index 0000000..d44234b
--- /dev/null
+++ b/secrets/kavita.yaml
@@ -0,0 +1,24 @@
+kavita:
+    token: ENC[AES256_GCM,data:58jQJq5H/QA/yFlfZgHWrSgE3X+c1F96s+8jIGxzWRb91m4KJ8lGy6NHyZpev5l4XhV3ghhM2/0Gs7HNZn8jn5hdrMsvk0a1iG8Rw9PaF+bnERPOFDO9zQ==,iv:uwPYTIRFvCfMxYmHZOMRKkqi3J0MNiedvbVkqlh+hUs=,tag:cG/IwPO1qjQA/NgsRQhIFQ==,type:str]
+    api_key: ENC[AES256_GCM,data:SDfzZNTj5GJC6uzz7DP/k8s4Yzr8p/8pIBqvECndF4pxg0nD,iv:j1fw5Nm05PcbI8+wViQ4t/rd+BgflVnUNzbzVzmTmsY=,tag:TA6dvBw+fZpMhNeG9klRdg==,type:str]
+    opds_url: ENC[AES256_GCM,data:qgtncw2H/mrCKrdGJdjA2AtQp2lUZGFmT21u1RdMRjAyxxzEfC1kCwQHbhaIlxvKn1M/CqXpa/gXrZAM+TptCAoyN2Kn28DmbA==,iv:o5XJl35EZumAcPiK9NmnPV65YSu8Y4fgIgHmXzoGdqA=,tag:ZQvnWdfAofAfA8EWr7jA0g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSa0c1VlR4V1RUWE1vNUg2
+            bXpuNStTRWozRGhaTGZtcGtMWDBUbm1OREZZClJDQm1uRytFRFNyenY1RUloVXNv
+            Q0F6bFNjMFZZUFUxT1JQTHJnd0Z1QUUKLS0tIEpOaUw4OEdRVUhvYmNoYTRaL2Zy
+            SjFCNUtDbWticUs3d05PS3NuVW00TFkKlqV1V+/Eb5gMj/5NMprAElkBWrO/8tkl
+            /exWXMOie/WCKiwryoyLe6yms+aOl6x5csbyJtpO2piRs7Xp1sso7g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-14T04:52:39Z"
+    mac: ENC[AES256_GCM,data:WJrCCdEEaxm/b7KurXl3KUjgnT7sLKkqeu8MhYhKTOajcqTYeLcHZDNu0XZpuB1xJowP8aS9v8aTFkJIexvT44Fqf23qzzYSjSqTyR+0yjGXwJxImB3/noHtYiDMXd/TGhdyLhzPnicoOFy8qsNGy2wvFGhEKxwGT0dQf2Wuvr0=,iv:KVhNsFHkW1cLEeMjxEpyhguFp8LMhw0yF6qkPqh8238=,tag:oMXDVoIGUIRPJEfKpY+7vA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
diff --git a/system/services/default.nix b/system/services/default.nix
index d05793e..d4b9140 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -7,5 +7,6 @@
     ./samba.nix
     ./nextcloud.nix
     ./syncthing.nix
+    ./kavita.nix
   ];
 }
diff --git a/system/services/kavita.nix b/system/services/kavita.nix
new file mode 100644
index 0000000..ad76c21
--- /dev/null
+++ b/system/services/kavita.nix
@@ -0,0 +1,31 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.services.kavita;
+  user = config.profile.user;
+  inherit (lib) mkIf;
+in
+{
+  config = mkIf cfg.enable {
+    fileSystems."/nas/kavita" = {
+      device = "/var/lib/kavita";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+    users.groups.kavita.members = [ user.name ];
+    users.groups.${user.name}.members = [ "kavita" ]; # Allow kavita to read users's files copied to /var/lib/kavita via NAS
+    sops.secrets."kavita/token" = {
+      owner = "kavita";
+      sopsFile = ../../secrets/kavita.yaml;
+    };
+    services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
+      reverse_proxy 0.0.0.0:${toString config.services.kavita.settings.Port}
+    '';
+    services.kavita = {
+      enable = true;
+      tokenKeyFile = config.sops.secrets."kavita/token".path;
+      settings = {
+        Port = 40001;
+      };
+    };
+  };
+}