From 977e7c795ab2ca3d2a226bdbebf4d5e7b3dad96c Mon Sep 17 00:00:00 2001
From: tzlil <tzlils@protonmail.com>
Date: Fri, 31 Mar 2023 17:56:36 +0300
Subject: completed hydrus setup, made ssh-agent autostart (wantedBy
 default.target)

---
 hosts/vps/cfg.nix    |  3 +++
 hosts/vps/hydrus.nix | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 hosts/vps/hydrus.nix

(limited to 'hosts/vps')

diff --git a/hosts/vps/cfg.nix b/hosts/vps/cfg.nix
index 3c7787b..c902c53 100644
--- a/hosts/vps/cfg.nix
+++ b/hosts/vps/cfg.nix
@@ -12,6 +12,7 @@
     ../../mixins/cli.nix
     ./website.nix
     ./git.nix
+    ./hydrus.nix
   ];
 
   config = {
@@ -74,5 +75,7 @@
       enable = true;
       algorithm = "zstd";
     };
+
+    networking.networkmanager.enable = lib.mkForce false;
   };
 }
diff --git a/hosts/vps/hydrus.nix b/hosts/vps/hydrus.nix
new file mode 100644
index 0000000..2fe988e
--- /dev/null
+++ b/hosts/vps/hydrus.nix
@@ -0,0 +1,61 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
+  config = {
+    users.groups.hydrus = {};
+    users.users.hydrus = {
+      isSystemUser = true;
+      description = "hydrus";
+      group = "hydrus";
+      home = "/home/hydrus";
+    };
+
+    systemd.services.Xvnc = {
+      description = "Xvnc";
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        ExecStart = "${pkgs.turbovnc}/bin/Xvnc :30 -iglx -depth 24 -rfbwait 120000 -deferupdate 1 -localhost -verbose -securitytypes none";
+        User = "hydrus";
+        Group = "hydrus";
+        Restart = "on-failure";
+        RestartSec = "5s";
+      };
+    };
+
+    systemd.services.hydrus = {
+      description = "Hydrus";
+      wantedBy = [ "multi-user.target" "Xvnc.service" ];
+      wants = [ "podman-hydrus-web.service" ];
+
+      serviceConfig = {
+        Environment = "DISPLAY=:30"; 
+        ExecStart = "${pkgs.hydrus}/bin/hydrus-client -d /home/hydrus";
+        User = "hydrus";
+        Group = "hydrus";
+        Restart = "on-failure";
+        RestartSec = "5s";
+      };
+    };
+
+
+    security.lockKernelModules = lib.mkForce false;
+    virtualisation.oci-containers.containers.hydrus-web = {
+      ports = ["8080:80"];
+      image = "ghcr.io/floogulinc/hydrus-web:dev";
+    };
+
+    networking.firewall.allowedTCPPorts = [45869];
+
+    environment.persistence."/nix/persist".directories = [
+      {
+        directory = "/home/hydrus";
+        user = "hydrus";
+        group = "hydrus";
+      }
+    ];
+  };
+}
-- 
cgit 1.4.1