kaas

2025-12-01 14:14:32 +01:00 · 2025-12-01 14:14:32 +01:00 · afbf168c35
commit afbf168c35
parent e6829d99ce
16 changed files with 541 additions and 467 deletions
--- a/modules/nixos/services/media/mydia/default.nix
+++ b/modules/nixos/services/media/mydia/default.nix
@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  namespace,
+  inputs,
+  system,
+  ...
+}: let
+  inherit (lib) mkIf mkEnableOption;
+
+  cfg = config.${namespace}.services.media.mydia;
+in {
+  imports = [
+    inputs.mydia.nixosModules.default
+  ];
+
+  options.${namespace}.services.media.mydia = {
+    enable = mkEnableOption "Enable Mydia";
+  };
+
+  config = mkIf cfg.enable {
+    services.mydia = {
+      enable = true;
+      package = inputs.mydia.packages.${system}.default;
+
+      port = 2010;
+      openFirewall = true;
+
+      secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path;
+      guardianSecretKeyFile = config.sops.secrets."mydia/guardian_secret".path;
+
+      oidc = {
+        enable = true;
+        issuer = "https://auth.kruining.eu";
+        clientIdFile = config.sops.secrets."mydia/oidc_id".path;
+        clientSecretFile = config.sops.secrets."mydia/oidc_secret".path;
+        scopes = ["openid" "profile" "email"];
+      };
+    };
+
+    sops.secrets =
+      ["secret_key_base" "guardian_secret" "oidc_id" "oidc_secret"]
+      |> lib.map (name:
+        lib.nameValuePair "mydia/${name}" {
+          owner = config.services.mydia.user;
+          group = config.services.mydia.group;
+          restartUnits = ["mydia.service"];
+        })
+      |> lib.listToAttrs;
+  };
+}