diff options
author | tzlil <tzlils@protonmail.com> | 2023-03-31 17:56:36 +0300 |
---|---|---|
committer | tzlil <tzlils@protonmail.com> | 2023-03-31 17:56:36 +0300 |
commit | 977e7c795ab2ca3d2a226bdbebf4d5e7b3dad96c (patch) | |
tree | 1af4ee17e8f907157cbf8eb0dd91bc1ee97c9a53 /hosts/vps | |
parent | fbbd1a6ee7cb8f4a221b9ec77f714778eb4ae7f4 (diff) |
completed hydrus setup, made ssh-agent autostart (wantedBy default.target)
Diffstat (limited to 'hosts/vps')
-rw-r--r-- | hosts/vps/cfg.nix | 3 | ||||
-rw-r--r-- | hosts/vps/hydrus.nix | 61 |
2 files changed, 64 insertions, 0 deletions
diff --git a/hosts/vps/cfg.nix b/hosts/vps/cfg.nix index 3c7787b..c902c53 100644 --- a/hosts/vps/cfg.nix +++ b/hosts/vps/cfg.nix @@ -12,6 +12,7 @@ ../../mixins/cli.nix ./website.nix ./git.nix + ./hydrus.nix ]; config = { @@ -74,5 +75,7 @@ enable = true; algorithm = "zstd"; }; + + networking.networkmanager.enable = lib.mkForce false; }; } diff --git a/hosts/vps/hydrus.nix b/hosts/vps/hydrus.nix new file mode 100644 index 0000000..2fe988e --- /dev/null +++ b/hosts/vps/hydrus.nix @@ -0,0 +1,61 @@ +{ + pkgs, + config, + lib, + ... +}: { + config = { + users.groups.hydrus = {}; + users.users.hydrus = { + isSystemUser = true; + description = "hydrus"; + group = "hydrus"; + home = "/home/hydrus"; + }; + + systemd.services.Xvnc = { + description = "Xvnc"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.turbovnc}/bin/Xvnc :30 -iglx -depth 24 -rfbwait 120000 -deferupdate 1 -localhost -verbose -securitytypes none"; + User = "hydrus"; + Group = "hydrus"; + Restart = "on-failure"; + RestartSec = "5s"; + }; + }; + + systemd.services.hydrus = { + description = "Hydrus"; + wantedBy = [ "multi-user.target" "Xvnc.service" ]; + wants = [ "podman-hydrus-web.service" ]; + + serviceConfig = { + Environment = "DISPLAY=:30"; + ExecStart = "${pkgs.hydrus}/bin/hydrus-client -d /home/hydrus"; + User = "hydrus"; + Group = "hydrus"; + Restart = "on-failure"; + RestartSec = "5s"; + }; + }; + + + security.lockKernelModules = lib.mkForce false; + virtualisation.oci-containers.containers.hydrus-web = { + ports = ["8080:80"]; + image = "ghcr.io/floogulinc/hydrus-web:dev"; + }; + + networking.firewall.allowedTCPPorts = [45869]; + + environment.persistence."/nix/persist".directories = [ + { + directory = "/home/hydrus"; + user = "hydrus"; + group = "hydrus"; + } + ]; + }; +} |