containers/emerald: init

2026-03-17 18:13:53 +11:00 · 2026-03-17 18:13:53 +11:00 · 0567313fa2
commit 0567313fa2
parent b7665d9bd5
5 changed files with 156 additions and 19 deletions
--- a/containers/emerald/configuration.nix
+++ b/containers/emerald/configuration.nix
@ -0,0 +1,21 @@
+{ fqdn, shareFqdn, ... }: {
+  system.stateVersion = "25.11";
+  systemd.tmpfiles.rules = [
+    "d /persist/music 755 navidrome navidrome"
+    "d /persist/navidrome 755 navidrome navidrome"
+  ];
+  networking.firewall.allowedTCPPorts = [ 4533 ];
+  networking.firewall.allowedUDPPorts = [ 4533 ];
+
+  services.navidrome = {
+    enable = true;
+    settings = {
+      Port = 4533;
+      Address = "[::]";
+      BaseUrl = "https://${fqdn}/";
+      ShareURL = shareFqdn;
+      DataFolder = "/persist/navidrome";
+      MusicFolder = "/persist/music";
+    };
+  };
+}
--- a/containers/emerald/flake.lock
+++ b/containers/emerald/flake.lock
@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/containers/emerald/flake.nix
+++ b/containers/emerald/flake.nix
@ -0,0 +1,57 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+  outputs = { nixpkgs, ... }:
+  let
+    name = "emerald";
+    fqdn = "navia.lava.moe";
+    shareFqdn = "share.navia.lava.moe";
+    subnetId = "5";
+
+    subnet = x: "fd0d:1::${subnetId}:${toString x}";
+    host = subnet 1;
+    client = subnet 2;
+
+    modules = [
+      ./configuration.nix
+    ];
+  in {
+    nixosConfigurations.container = nixpkgs.lib.nixosSystem {
+      inherit modules;
+    };
+    nixosModule = { ... }: {
+      services.nginx.virtualHosts."${fqdn}" = {
+        useACMEHost = "lava.moe";
+        forceSSL = true;
+        locations."/".proxyPass = "http://[${client}]:4533";
+        listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
+      };
+      services.nginx.virtualHosts."${shareFqdn}" = {
+        useACMEHost = "lava.moe";
+        forceSSL = true;
+        locations."/".proxyPass = "http://[${client}]:4533/share";
+      };
+
+      systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
+      containers.${name} = {
+        autoStart = true;
+        privateNetwork = true;
+        hostAddress6 = host;
+        localAddress6 = client;
+        # privateUsers = "pick";
+        nixpkgs = nixpkgs;
+        ephemeral = true;
+        config = { imports = modules; };
+        specialArgs = { inherit fqdn shareFqdn; };
+
+        bindMounts."persist" = {
+          hostPath = "/persist/containers/${name}";
+          mountPoint = "/persist";
+          isReadOnly = false;
+        };
+        # flake = "path:" + ./.;
+      };
+    };
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@ -100,6 +100,20 @@
      },
      "parent": []
    },
+    "c-emerald": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_8"
+      },
+      "locked": {
+        "path": "./containers/emerald",
+        "type": "path"
+      },
+      "original": {
+        "path": "./containers/emerald",
+        "type": "path"
+      },
+      "parent": []
+    },
    "catppuccin": {
      "inputs": {
        "nixpkgs": "nixpkgs_5"
@ -505,7 +519,7 @@
    "nix-gaming": {
      "inputs": {
        "flake-parts": "flake-parts_2",
-        "nixpkgs": "nixpkgs_8"
+        "nixpkgs": "nixpkgs_9"
      },
      "locked": {
        "lastModified": 1770778188,
@ -589,6 +603,22 @@
      }
    },
    "nixpkgs_10": {
+      "locked": {
+        "lastModified": 1770562336,
+        "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_11": {
      "locked": {
        "lastModified": 1770019141,
        "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
@ -701,6 +731,22 @@
      }
    },
    "nixpkgs_8": {
+      "locked": {
+        "lastModified": 1773282481,
+        "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_9": {
      "locked": {
        "lastModified": 1770537093,
        "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=",
@ -716,22 +762,6 @@
        "type": "github"
      }
    },
-    "nixpkgs_9": {
-      "locked": {
-        "lastModified": 1770562336,
-        "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "nuscht-search": {
      "inputs": {
        "flake-utils": "flake-utils",
@ -774,7 +804,7 @@
    "pastel": {
      "inputs": {
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_10",
+        "nixpkgs": "nixpkgs_11",
        "pnpm2nix": "pnpm2nix"
      },
      "locked": {
@ -838,6 +868,7 @@
        "c-beryllium": "c-beryllium",
        "c-citrine": "c-citrine",
        "c-diamond": "c-diamond",
+        "c-emerald": "c-emerald",
        "catppuccin": "catppuccin_2",
        "catppuccin-palette": "catppuccin-palette",
        "fast-syntax-highlighting": "fast-syntax-highlighting",
@ -846,7 +877,7 @@
        "neovim-nightly": "neovim-nightly",
        "nix-gaming": "nix-gaming",
        "nix-index-database": "nix-index-database",
-        "nixpkgs": "nixpkgs_9",
+        "nixpkgs": "nixpkgs_10",
        "nvim-treesitter": "nvim-treesitter",
        "pastel": "pastel",
        "pure": "pure",
--- a/flake.nix
+++ b/flake.nix
@ -42,6 +42,7 @@
    c-beryllium.url = "path:./containers/beryllium";
    c-citrine.url = "path:./containers/citrine";
    c-diamond.url = "path:./containers/diamond";
+    c-emerald.url = "path:./containers/emerald";
  };

  outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: