kavita: moved to native

2024-06-14 12:21:05 +07:00 · 2024-06-14 12:21:05 +07:00 · dab8841e4d
parent 69fa74b1d5
commit dab8841e4d
6 changed files with 59 additions and 8 deletions
--- a/options/podman.nix
+++ b/options/podman.nix
@ -2,10 +2,7 @@
 {
  options.profile.podman = {
    enable = lib.mkEnableOption "podman";
-    caddy.enable = lib.mkOption {
-      type = lib.types.bool;
-      default = true;
-    };
-    kavita.enable = lib.mkEnableOption "kavita docker";
+    caddy.enable = lib.mkEnableOption "caddy podman";
+    kavita.enable = lib.mkEnableOption "kavita podman";
  };
 }
--- a/options/services.nix
+++ b/options/services.nix
@ -1,6 +1,6 @@
 { lib, ... }:
 let
-  inherit (lib) mkEnableOption mkOption types;
+  inherit (lib) mkEnableOption;
 in
 {
  options.profile.services = {
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@ -23,8 +23,6 @@
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    podman = {
      enable = true;
-      caddy.enable = false;
-      kavita.enable = true;
    };

    services = {
--- a/secrets/kavita.yaml
+++ b/secrets/kavita.yaml
@ -0,0 +1,24 @@
+kavita:
+    token: ENC[AES256_GCM,data:58jQJq5H/QA/yFlfZgHWrSgE3X+c1F96s+8jIGxzWRb91m4KJ8lGy6NHyZpev5l4XhV3ghhM2/0Gs7HNZn8jn5hdrMsvk0a1iG8Rw9PaF+bnERPOFDO9zQ==,iv:uwPYTIRFvCfMxYmHZOMRKkqi3J0MNiedvbVkqlh+hUs=,tag:cG/IwPO1qjQA/NgsRQhIFQ==,type:str]
+    api_key: ENC[AES256_GCM,data:SDfzZNTj5GJC6uzz7DP/k8s4Yzr8p/8pIBqvECndF4pxg0nD,iv:j1fw5Nm05PcbI8+wViQ4t/rd+BgflVnUNzbzVzmTmsY=,tag:TA6dvBw+fZpMhNeG9klRdg==,type:str]
+    opds_url: ENC[AES256_GCM,data:qgtncw2H/mrCKrdGJdjA2AtQp2lUZGFmT21u1RdMRjAyxxzEfC1kCwQHbhaIlxvKn1M/CqXpa/gXrZAM+TptCAoyN2Kn28DmbA==,iv:o5XJl35EZumAcPiK9NmnPV65YSu8Y4fgIgHmXzoGdqA=,tag:ZQvnWdfAofAfA8EWr7jA0g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSa0c1VlR4V1RUWE1vNUg2
+            bXpuNStTRWozRGhaTGZtcGtMWDBUbm1OREZZClJDQm1uRytFRFNyenY1RUloVXNv
+            Q0F6bFNjMFZZUFUxT1JQTHJnd0Z1QUUKLS0tIEpOaUw4OEdRVUhvYmNoYTRaL2Zy
+            SjFCNUtDbWticUs3d05PS3NuVW00TFkKlqV1V+/Eb5gMj/5NMprAElkBWrO/8tkl
+            /exWXMOie/WCKiwryoyLe6yms+aOl6x5csbyJtpO2piRs7Xp1sso7g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-14T04:52:39Z"
+    mac: ENC[AES256_GCM,data:WJrCCdEEaxm/b7KurXl3KUjgnT7sLKkqeu8MhYhKTOajcqTYeLcHZDNu0XZpuB1xJowP8aS9v8aTFkJIexvT44Fqf23qzzYSjSqTyR+0yjGXwJxImB3/noHtYiDMXd/TGhdyLhzPnicoOFy8qsNGy2wvFGhEKxwGT0dQf2Wuvr0=,iv:KVhNsFHkW1cLEeMjxEpyhguFp8LMhw0yF6qkPqh8238=,tag:oMXDVoIGUIRPJEfKpY+7vA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/system/services/default.nix
+++ b/system/services/default.nix
@ -7,5 +7,6 @@
    ./samba.nix
    ./nextcloud.nix
    ./syncthing.nix
+    ./kavita.nix
  ];
 }
--- a/system/services/kavita.nix
+++ b/system/services/kavita.nix
@ -0,0 +1,31 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.services.kavita;
+  user = config.profile.user;
+  inherit (lib) mkIf;
+in
+{
+  config = mkIf cfg.enable {
+    fileSystems."/nas/kavita" = {
+      device = "/var/lib/kavita";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+    users.groups.kavita.members = [ user.name ];
+    users.groups.${user.name}.members = [ "kavita" ]; # Allow kavita to read users's files copied to /var/lib/kavita via NAS
+    sops.secrets."kavita/token" = {
+      owner = "kavita";
+      sopsFile = ../../secrets/kavita.yaml;
+    };
+    services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
+      reverse_proxy 0.0.0.0:${toString config.services.kavita.settings.Port}
+    '';
+    services.kavita = {
+      enable = true;
+      tokenKeyFile = config.sops.secrets."kavita/token".path;
+      settings = {
+        Port = 40001;
+      };
+    };
+  };
+}