Compare commits
4 commits
f210c5b5ad
...
4624b0b0f7
| Author | SHA1 | Date | |
|---|---|---|---|
|
4624b0b0f7 | ||
|
|
6af9101a13 | ||
| f295f0fc48 | |||
| 03e8fea254 |
5 changed files with 83 additions and 37 deletions
|
|
@ -106,25 +106,5 @@ in {
|
|||
};
|
||||
|
||||
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
|
||||
|
||||
sops = {
|
||||
secrets = {
|
||||
# "qbittorrent/password" = {};
|
||||
"qbittorrent/password_hash" = {};
|
||||
};
|
||||
|
||||
templates = {
|
||||
"qbittorrent/password.conf" = {
|
||||
owner = cfg.user;
|
||||
group = cfg.group;
|
||||
restartUnits = ["qbittorrent.service"];
|
||||
path = "${config.services.qbittorrent.profileDir}/qBittorrent/config/password.conf";
|
||||
content = ''
|
||||
[Preferences]
|
||||
WebUI\Password_PBKDF2="${config.sops.placeholder."qbittorrent/password_hash"}"
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -72,10 +72,8 @@ in {
|
|||
group = "media";
|
||||
});
|
||||
}))
|
||||
|> lib.mkMerge
|
||||
|> (set:
|
||||
set
|
||||
// {
|
||||
|> lib.concat [
|
||||
{
|
||||
qbittorrent = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
|
|
@ -86,6 +84,7 @@ in {
|
|||
|
||||
Prefecences.WebUI = {
|
||||
Username = "admin";
|
||||
Password_PBKDF2 = "@ByteArray(JpfX3wSUcMolUFD+8AD67w==:fr5kmc6sK9xsCfGW6HkPX2K1lPYHL6g2ncLLwuOVmjphmxkwBJ8pi/XQDsDWzyM/MRh5zPhUld2Xqn8o7BWv3Q==)";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -97,7 +96,7 @@ in {
|
|||
sabnzbd = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
configFile = "${cfg.path}/sabnzbd/config.ini";
|
||||
configFile = config.sops.templates."sabnzbd/config.ini".path;
|
||||
|
||||
user = "sabnzbd";
|
||||
group = "media";
|
||||
|
|
@ -113,7 +112,9 @@ in {
|
|||
ensureDBOwnership = true;
|
||||
});
|
||||
};
|
||||
});
|
||||
}
|
||||
]
|
||||
|> lib.mkMerge;
|
||||
|
||||
systemd.services =
|
||||
cfg
|
||||
|
|
@ -125,6 +126,8 @@ in {
|
|||
...
|
||||
}: (mkIf enable {
|
||||
"${service}ApplyTerraform" = let
|
||||
config' = config;
|
||||
|
||||
terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
|
||||
inherit system;
|
||||
|
||||
|
|
@ -168,6 +171,30 @@ in {
|
|||
|> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;})
|
||||
|> lib.listToAttrs
|
||||
);
|
||||
|
||||
"${service}_download_client_qbittorrent" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) {
|
||||
"main" = {
|
||||
name = "qBittorrent";
|
||||
enable = true;
|
||||
priority = 1;
|
||||
host = "localhost";
|
||||
username = "admin";
|
||||
password = "poChieN5feeph0igeaCadeJ9Xux0ohmuy6ruH5ieThaPheib3iuzoo0ahw1aiceif1feegioh9Aimau0pai5thoh5ieH0aechohw";
|
||||
url_base = "/";
|
||||
port = 2008;
|
||||
};
|
||||
};
|
||||
|
||||
# "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) {
|
||||
# "main" = {
|
||||
# name = "SABnzbd";
|
||||
# enable = true;
|
||||
# priority = 1;
|
||||
# host = "localhost";
|
||||
# url_base = "/";
|
||||
# port = 8080;
|
||||
# };
|
||||
# };
|
||||
};
|
||||
};
|
||||
})
|
||||
|
|
@ -204,7 +231,7 @@ in {
|
|||
cp -f ${terraformConfiguration} config.tf.json
|
||||
|
||||
# Initialize OpenTofu
|
||||
${lib.getExe pkgs.opentofu} init -upgrade
|
||||
${lib.getExe pkgs.opentofu} init
|
||||
|
||||
# Run the infrastructure code
|
||||
${lib.getExe pkgs.opentofu} \
|
||||
|
|
@ -272,6 +299,19 @@ in {
|
|||
};
|
||||
};
|
||||
}))
|
||||
|> lib.concat [
|
||||
{
|
||||
templates = {
|
||||
"sabnzbd/config.ini" = {
|
||||
owner = "sabnzbd";
|
||||
group = "media";
|
||||
content = ''
|
||||
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
]
|
||||
|> lib.mkMerge;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,10 @@
|
|||
{ pkgs, config, lib, namespace, ... }:
|
||||
let
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
namespace,
|
||||
...
|
||||
}: let
|
||||
inherit (lib.modules) mkIf;
|
||||
inherit (lib.options) mkEnableOption;
|
||||
|
||||
|
|
@ -7,8 +12,7 @@ let
|
|||
|
||||
db_user = "grafana";
|
||||
db_name = "grafana";
|
||||
in
|
||||
{
|
||||
in {
|
||||
options.${namespace}.services.observability.grafana = {
|
||||
enable = mkEnableOption "enable Grafana";
|
||||
};
|
||||
|
|
@ -35,8 +39,8 @@ in
|
|||
"auth.generic_oauth" = {
|
||||
enable = true;
|
||||
name = "Zitadel";
|
||||
client_id = "334170712283611395";
|
||||
client_secret = "AFjypmURdladmQn1gz2Ke0Ta5LQXapnuKkALVZ43riCL4qWicgV2Z6RlwpoWBZg1";
|
||||
client_id = "$__file{${config.sops.secrets."grafana/oidc_id".path}}";
|
||||
client_secret = "$__file{${config.sops.secrets."grafana/oidc_secret".path}}";
|
||||
scopes = "openid email profile offline_access urn:zitadel:iam:org:project:roles";
|
||||
email_attribute_path = "email";
|
||||
login_attribute_path = "username";
|
||||
|
|
@ -126,5 +130,18 @@ in
|
|||
};
|
||||
|
||||
environment.etc."/grafana/dashboards/default.json".source = ./dashboards/default.json;
|
||||
|
||||
sops = {
|
||||
secrets = {
|
||||
"grafana/oidc_id" = {
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
};
|
||||
"grafana/oidc_secret" = {
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -118,6 +118,12 @@
|
|||
grantTypes = ["authorizationCode"];
|
||||
responseTypes = ["code"];
|
||||
};
|
||||
|
||||
grafana = {
|
||||
redirectUris = ["http://localhost:9001/login/generic_oauth"];
|
||||
grantTypes = ["authorizationCode"];
|
||||
responseTypes = ["code"];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -27,6 +27,9 @@ mydia:
|
|||
qbittorrent:
|
||||
password_hash: ENC[AES256_GCM,data:QWuQYmfBn9eLDYztH7TmQvw74MvmzCQ98OlBtyjm1Icr2c63epRuHWzQbm+Q+1jrCSiQreOB3ZyjLzkeV6SlLonryUSD71uBWVwctgPXO0XDrxE1Vi6dkiwC3TF65JTMDhyjDLEj1YkiMP25Fz5NidJTP/r9GlXTfM7gjWo=,iv:bpgL5IoAv+1PUtgNIjLcbzN8C9z55ndypz4LEELAhLc=,tag:VB+XTCwLeIEYKnOr/0f7zA==,type:str]
|
||||
password: ENC[AES256_GCM,data:UepYY6UjJV/jo2aXTOEnKRtsjSqOSYPQlKlrAa7rf9rdnt2UXGjCkvN+A72pICuIBCAmhXZBAUMvmWTV9trk6NREHe0cY1xTC7pNv3x9TM/ZQmH498pbT/95pYAKwouHp9heJQ==,iv:FzjF+xPoaOp+gplxpz940V2dkWSTWe8dWUxexCoxxHc=,tag:TDZsboq9fEmmBrwJN/HTpQ==,type:str]
|
||||
grafana:
|
||||
oidc_id: ENC[AES256_GCM,data:NVdIgCQ6nz4BSUDJYCKyILtK,iv:tcljy9PzC/yyd7TSdngyJt+uh60uXi2PKu47czErbaQ=,tag:zE4q3dD4UQaHIpGeZ1L48Q==,type:str]
|
||||
oidc_secret: ENC[AES256_GCM,data:b7qILK9ZHW2khtM1Hl/KdjCv3Wq6eOo2Ym/cbjcMB8/3Hn2UelpP4K4lFyiV3bn1/GF6Jl5Z7A0EwMybOx0InA==,iv:3HL/7BiyObwT8DmFxzNPI9CdmCH/4j/4oc9x7qBE1k0=,tag:dBhcq1zLKy6N+jp/v42R4A==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq
|
||||
|
|
@ -47,7 +50,7 @@ sops:
|
|||
TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb
|
||||
Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-12-04T11:24:52Z"
|
||||
mac: ENC[AES256_GCM,data:jIgkl1lcVDSlKqJs9fjaHUAZsGL+22T86/qqKyDziHl0+VU763Ezwm8P+la+55jIIT2zLhFcUjhn2BabBi90OeEPztAC4rGpZj6+ZZ0GDCj/JhjPAAo3LgAKOCG0Xgf8MZWr/rXd6bLhW7Qj36PMJnap26rjEiUZeSvpWS2dz8g=,iv:CDx8fBI9Dl1uwrbMD1fa7/h3C7haK3xZxJI59mtL1LA=,tag:2UDRFJoevGEBKZA/9eUiOw==,type:str]
|
||||
lastmodified: "2025-12-09T14:53:25Z"
|
||||
mac: ENC[AES256_GCM,data:bb6YXIClIRCEyvQEYQpuzjqSgAvcHr0Avb0t+HSIoIY69cnCojNxb1cN53b0HBV69qOiXgKlXcQrI4ry2qokfRbAAlp9w5g978+E3fnlefBxGY2wHEeJZL/27BXq7nEfvdepcLVM+o5PMn0iiYUR42OYJkXxAHXqhYNdt9kWjMM=,iv:QfIB9WckrxK2YXMTNVWgUjt6F+QG96KzUlwlYPM5WBc=,tag:X69yLpEsu//3HgtSuHoQig==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue