diff --git a/modules/navidrome/default.nix b/modules/navidrome/default.nix index 6963c6f..06f7b49 100644 --- a/modules/navidrome/default.nix +++ b/modules/navidrome/default.nix @@ -24,28 +24,6 @@ in }; - settings = mkOption rec { - type = settingsFormat.type; - apply = recursiveUpdate default; - default = { - Address = "127.0.0.1"; - Port = port; - MusicFolder = "/home/mediaserver/music"; - EnableGravatar = true; - ListenBrainz.Enabled = false; - LastFM.Language = "fr"; - Spotify.ID = "34b7b2f28ac0490bb320073ac3123cd0"; - Spotify.Secret = "4a5ee0a0f4524f25b8645018f8aee48e"; - DefaultTheme = "Spotify-ish"; - }; - example = { - MusicFolder = "/mnt/music"; - }; - description = '' - Configuration for Navidrome, see for supported values. - ''; - }; - nginx.enable = mkEnableOption "activate nginx"; nginx.subdomain = mkOption { type = types.str; @@ -55,20 +33,27 @@ in config = mkIf cfg.enable ( mkMerge [{ + sops.secrets."navidrome.json" = { + owner = cfg.user; + format = "binary"; + sopsFile = ../../secrets/navidrome-config; + }; + + + systemd.services.navidrome = { + description = "Navidrome Media Server"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { -# User = cfg.user; -# Group = cfg.group; + User = cfg.user; + Group = cfg.group; ExecStart = '' - ${pkgs.navidrome}/bin/navidrome --configfile ${settingsFormat.generate "navidrome.json" cfg.settings} + ${pkgs.navidrome}/bin/navidrome --configfile /run/secrets/navidrome.json ''; StateDirectory = "navidrome"; WorkingDirectory = "/var/lib/navidrome"; - #RuntimeDirectory = "navidrome"; - #RootDirectory = "/run/navidrome"; }; }; diff --git a/secrets/navidrome-config b/secrets/navidrome-config new file mode 100644 index 0000000..27e90d4 --- /dev/null +++ b/secrets/navidrome-config @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:AVLaQ8e++FuwZVLJi6lNxiFb51na2LGhO2Ei+JJENavwKelQtJltP90enRRsTcbKFymBGeD5DaMT0dzXZNy92W4LIlCXasUA5e8X/aJts6s5U7sxJTuf69ceiML1+iqC1Qf+Zxb13lFnCKAACH/87Sa0iC2IFDYuj7vMVa0yObkPP9zc3BWlUWZGu2isf3cCugYHCSmoX0ejoHTOINwoBXZtDMIS0tvF4nZJnQJMrteh/L4MCHje9gcNep/+hetvvIl8gFZ17QJ10YY2SKBTESN4n96Gf+ySkT3Cd7OAaJYdYitNK1ZWeNRbiV70y3GAa6N8HsDYOLJKZvCjDTf4UykQScZ1bEjbOlP+/LITfL5r8lzcX8j0MsdjRsSC+Zb6oUj9celMw4n5e316VdZyqifuJe28KaAmOvujdI44GKrkafqnNYtunp3ks9i/c61avwSbRsNnT4XkQcGmUw==,iv:ttNPe7iu8sauN+3l5xRpHuTQM3/H81kCML4bHmuA15s=,tag:G7M+9+KUy/EJQYmG3b7dOA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1ac9aek30209ppmxxxpfc65wet344u57pdy3zmk3whjlta38m6q9s9m666g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMnRRV3FHeUZiT0phcjVw\nZkY2SDQzQy8vVUlzZmZjQzM2VlhoL2FIWmk0ClBXZWRPVjZDaWlmMmdpR01vbDlV\nVEpPL0Q3WjJwUFBvNGk4eEdySXY5MFUKLS0tIGQ4QlUwSmExVEV3SE1aT3B1QWUv\nbGN3aG1FamdiNGR2QWVMdm5qUVBRQmsKcujlvoJn4BbcbFKlUfhonURjuEOllsr6\nRegLMdaBUikq1dyZYlsiF9rvtVVYPwVwFJm+lEYWawFh5Ppdbb46vA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age162v5365xrnzm9tlxy4w3e6fqds7k3h029qezvl73z6rs5skcn9hs7vml45", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQ3FnZE45ZFdPSUhjdkc3\nY1h1aVZ4VElvOGNiV2lremRZYXMxWExMYkJZCmVDUHNocnBXaFdVZlZONHdoNVJ2\nSnIzazN3V0ZGMmVhZW1jSmZJeXJWSjQKLS0tIGh6aGVlb0M3bGVJQ0Z1TjkvRUgr\nMEJUblRrcjNZQmIzVGhvU1JXbnFONU0KnfKGvmUScr6qdI4L5eM9IJ79L5mxrZKA\npTOy5eeoUFUv/vnJOR8SOlbFHUx2ZppANNIOCwJE6HsKjNdeFcXgyw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15uzmt3utvm3vvmy79yk754cvwdxl0gkhqhjfy05qed0nhrpqjf0q0yh5mj", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWVJsVUhkNDlMcllPMzZX\nVmg3c1ZncWhzVVVGdlIxbDNzak5wSU0wclZvClc0WTZ6U2dFeGMwT0xjaHBuMmhs\nU0FFY1Z6dk44d0tWYzhQM1JGYko5MVkKLS0tIC9seUdYelFoREhPZlNKYUZxbmRK\nREhzK21oNFFoOG1NYlh3TUttSHhxOWsKgP8OT1hrtqRY6Ep6F9E4h8gVVpjOXkcJ\nTGxD5ERdtn/0ctsNIkc27Gydi0R3+lLejMw+kOaShXh3RtgRCW6c8g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2022-02-19T22:11:23Z", + "mac": "ENC[AES256_GCM,data:L4DNRzwXQZesV8Bnkh69HtFc9JilwZ/Di2iW+cv7B5PPmztDvaFnNdHUt2xxJ0AASIOSk6zLd7wUjx91DzQ17z3aNfQZFuk172cgi2tJTtod/X8SrPFoELJtKjzDW0hTdPGZQZQepwqxBi17hJ5iOmWTZyh+B4trQHo3zxyVDng=,iv:BC+L+0lB/cuBokqLfbpUdM5p5JKGzLr47CSifJsE7j0=,tag:cRWla88EDwQhMyQRMiSRTg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index f7fb82c..7796059 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -42,8 +42,8 @@ sops: RHY4SzV0RlF2SEMySEF0S0VCYi9OVkEK9hFLmy8TbXwf5QFQJsYv2Fz+4xsda49W Q8ayRVYsKCJAhrw1qcwJ6mCbk0uHZXR2Dyp/utz7ELAmEynA6+N2aw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-02-01T12:21:08Z" - mac: ENC[AES256_GCM,data:I9fO2w1EDTfoirP/aqTt8Cg1H+JL7C0krdu/Fx5RobQ6xHU9UIUjpkNiCrSQZt3P1SUGmx6DLCj6niS5//hiijcuGgsLRnMJ72oQVzN4Ruzm86jrF2Ho70ZMUJK0NLDPiYhCpGJPE0XB4QTX7osn6UEDj9oYpjfa++bv1YDb+OU=,iv:/7AIt0wx7Q1AJh6nZpxn+FMzaVv9OI0HIpzk5FYfMeA=,tag:06aBjxAzrgwalU2/XSpRYw==,type:str] + lastmodified: "2022-02-19T22:11:38Z" + mac: ENC[AES256_GCM,data:3uq3k46aA3l3xPH8g5VWKmBqw+apB5Z+fk8/DNDKirfsZ9hJc0jbJwh8/8YmyVHGMr3oCH7goEJYyuOO1gv5B8AajQk1TnBVyxj6mxXaUmrvm7pv52FbuX9zxtsJoc1jzYJXFWgICEkhMXhDPmqI1EXA8VXGYb8/RPGASLV9nVo=,iv:0RFai6c7D14LN+0ygyfmootJGAUvz/m8blJIaH9cMdo=,tag:45NVeVixmqFpFkjniuiFlg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.1