servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c2e4fbb59ffcc9104339b5f7c9f4a81a85ca37ce
dotfiles/nixos/tako/services/navidrome.nix
servius e718da413b
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
feat: Replace deprecated options from navidrome
2026-02-11 04:48:39 +05:30

73 lines
1.7 KiB
Nix
Raw Blame History

{
device,
config,
...
}: let
socket = "/run/navidrome/navidrome.sock";
in {
sops = {
secrets."lastfm/api_key" = {};
secrets."lastfm/shared_secret" = {};
templates."lastfm.env".content = ''
ND_LASTFM_APIKEY=${config.sops.placeholder."lastfm/api_key"}
ND_LASTFM_SECRET=${config.sops.placeholder."lastfm/shared_secret"}
'';
};
services = {
navidrome = {
enable = true;
settings = {
MusicFolder = "/media/music";
"ExtAuth.TrustedSources" = "@";
"ExtAuth.UserHeader" = "Remote-User";
Address = "unix:${socket}";
BaseUrl = "https://music.darksailor.dev";
};
environmentFile = config.sops.templates."lastfm.env".path;
};
caddy = {
virtualHosts."music.darksailor.dev".extraConfig = ''
import auth
reverse_proxy unix/${socket}
'';
};
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "music.darksailor.dev";
policy = "bypass";
resources = [
"^/(rest|share)([/?].*)?$"
];
}
{
domain = "music.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
};
systemd.services.navidrome.requires = ["systemd-tmpfiles-setup.service"];
systemd.tmpfiles.settings = {
navidromeDirs = {
"/run/navidrome".d = {
mode = "775";
user = "navidrome";
group = "navidrome";
};
};
};
users.users.${device.user} = {
extraGroups = ["navidrome"];
};
users.users.caddy = {
extraGroups = ["navidrome"];
};
}
Reference in New Issue View Git Blame Copy Permalink