alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

manatee: Add romm module

Browse Source
This commit is contained in:
Alexander Heldt
2026-05-17 13:24:29 +00:00
parent d72a4ebb61
commit f8907ccd05
8 changed files with 239 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/manatee/modules/certs/default.nix
+13
View File
@@ -33,6 +33,19 @@
"--http-timeout=60"
];
};
"romm.ppp.pm" = {
dnsProvider = "hetzner";
environmentFile = config.age.secrets.hetzner-dns.path;
group = "nginx";
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s"
"--dns-timeout=60"
"--http-timeout=60"
];
};
};
};
hosts/manatee/modules/default.nix
+1
View File
@@ -21,6 +21,7 @@ in
immich.enable = false;
navidrome.enable = true;
komga.enable = true;
romm.enable = true;
homepage.enable = true;
};
};
hosts/manatee/modules/home-assistant/default.nix
+1 -1
View File
@@ -195,7 +195,7 @@ in
];
script = ''
SUBDOMAINS="ha komga"
SUBDOMAINS="ha komga romm"
INTERFACE="enp3s0"
CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me)
hosts/manatee/modules/romm/default.nix
+213
View File
@@ -0,0 +1,213 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.romm.enable;
nginxEnabled = config.mod.nginx.enable;
configFile = pkgs.writeText "romm-config.yml" ''
filesystem:
skip_hash_calculation: false
exclude:
roms:
single_file:
extensions:
- xml
- txt
- nfo
- dat
- jpg
- png
names:
- '._*'
- 'Thumbs.db'
- '.DS_Store'
'';
in
{
options = {
mod.romm = {
enable = lib.mkEnableOption "Enable romm module";
};
};
config = lib.mkIf enabled {
mod.homepage.services = [
{
name = "RomM";
port = 8085;
description = "ROM library manager";
}
];
systemd.tmpfiles.rules = [
"d /var/lib/romm 0755 root root -"
"d /var/lib/romm/db 0755 root root -"
"d /var/lib/romm/redis 0755 999 1000 -"
"d /var/lib/romm/resources 0755 root root -"
"d /var/lib/romm/assets 0755 root root -"
];
systemd.services.romm-net = {
description = "Create Podman network for RomM";
after = [ "podman.service" ];
requires = [ "podman.service" ];
before = [
"podman-romm.service"
"podman-romm-db.service"
"podman-romm-redis.service"
];
requiredBy = [
"podman-romm.service"
"podman-romm-db.service"
"podman-romm-redis.service"
];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "/run/current-system/sw/bin/podman network create romm-net";
ExecStop = "/run/current-system/sw/bin/podman network rm -f romm-net";
};
};
virtualisation.oci-containers = {
backend = "podman";
containers.romm-db = {
image = "mariadb:latest";
environment = {
MARIADB_DATABASE = "romm";
MARIADB_USER = "romm";
};
environmentFiles = [
config.age.secrets.romm-db-password.path
];
volumes = [
"/var/lib/romm/db:/var/lib/mysql"
];
extraOptions = [
"--network=romm-net"
];
};
containers.romm-redis = {
image = "redis:alpine";
volumes = [
"/var/lib/romm/redis:/data"
];
extraOptions = [
"--network=romm-net"
"--user=root"
];
};
containers.romm = {
image = "rommapp/romm:latest";
dependsOn = [
"romm-db"
"romm-redis"
];
environment = {
DB_HOST = "romm-db";
DB_PORT = "3306";
DB_NAME = "romm";
DB_USER = "romm";
REDIS_HOST = "romm-redis";
REDIS_PORT = "6379";
ROMM_AUTH_ENABLED = "true";
};
environmentFiles = [
config.age.secrets.romm-auth-secret-key.path
config.age.secrets.romm-db-password.path
config.age.secrets.romm-metadata-api-keys.path
];
ports = [
"127.0.0.1:8086:8080"
];
volumes = [
"${configFile}:/romm/config/config.yml:ro"
"/mnt/media/public/games:/romm/library"
"/var/lib/romm/resources:/romm/resources"
"/var/lib/romm/assets:/romm/assets"
];
extraOptions = [
"--network=romm-net"
];
};
};
services.nginx = lib.mkIf nginxEnabled {
virtualHosts."romm-local" = {
listen = [
{
addr = "0.0.0.0";
port = 8085;
}
];
extraConfig = ''
client_max_body_size 0;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8086";
proxyWebsockets = true;
};
};
virtualHosts."romm.ppp.pm" = {
forceSSL = true;
useACMEHost = "romm.ppp.pm";
extraConfig = ''
client_max_body_size 0;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8086";
proxyWebsockets = true;
};
};
};
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.firewall.allowedTCPPorts = [ 8085 ];
age.secrets = {
"romm-auth-secret-key" = {
file = ../../../../secrets/manatee/romm-auth-secret-key.age;
owner = "root";
group = "root";
};
"romm-db-password" = {
file = ../../../../secrets/manatee/romm-db-password.age;
owner = "root";
group = "root";
};
"romm-metadata-api-keys" = {
file = ../../../../secrets/manatee/romm-metadata-api-keys.age;
owner = "root";
group = "root";
};
};
};
}
secrets/manatee/romm-auth-secret-key.age
BIN
View File
Binary file not shown.
secrets/manatee/romm-db-password.age
BIN
View File
Binary file not shown.
secrets/manatee/romm-metadata-api-keys.age
+8
View File
@@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA 5d22LU+2Mn6fq8SHOCwDht/ebnI2uOk6WKf+t1kwwCM
hCGnLoCy1PX5PJx2IjQnyESmtKM6wVQmyS6aHNhkb1g
-> ssh-ed25519 +oNaHQ gPUMsavbGVPOuvTtNgoDuzrT+q0I7Wbkd6QK5z4oUGc
M3HhrugFlNQkL7WxF1qrW+ocGRqOXid32AVVYLSSxPI
--- TGURCDEIuSFCfXBHxzFHA2svHES7Ubagy1uYjbWCO7g
gá¿Ó†Ò™±£Qâö
oF[H:t aÆr3úZ0ßx @:˜0Ó´¡µÂI[Õ\í=º@eâPíW€Ã†§rX,¶âÈÇ*sš$c:FlÎÙ ±z|B#
secrets/secrets.nix
+3
View File
@@ -39,6 +39,9 @@ in {
"manatee/komga-bookmanager-credentials.age".publicKeys = [ manatee alex];
"manatee/komga-reading-stats-claude-api-key.age".publicKeys = [ manatee alex];
"manatee/komga-reading-stats-komga-api-key.age".publicKeys = [ manatee alex];
"manatee/romm-auth-secret-key.age".publicKeys = [ manatee alex ];
"manatee/romm-db-password.age".publicKeys = [ manatee alex ];
"manatee/romm-metadata-api-keys.age".publicKeys = [ manatee alex ];
"backwards/root.backwards.age".publicKeys = [ backwards alex ];
"backwards/root.backwards.pub.age".publicKeys = [ backwards alex ];