diff --git a/modules/nixos/services/sunshine/default.nix b/modules/nixos/services/sunshine/default.nix new file mode 100644 index 0000000..3d73849 --- /dev/null +++ b/modules/nixos/services/sunshine/default.nix @@ -0,0 +1,52 @@ +{ + config, + lib, + namespace, + ... +}: +let + cfg = config."${namespace}".services.sunshine; +in +{ + options."${namespace}".services.sunshine = with lib; { + enable = mkEnableOption "sunshine"; + + acmeCertName = mkOption { + type = types.str; + default = ""; + description = '' + If set to a non-empty string, forces SSL with the supplied acme + certificate. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + # NOTE: Navigate to localhost:47990 for first time configuration + services.sunshine = { + enable = true; + openFirewall = true; + }; + + services.nginx = { + enable = true; + virtualHosts."sunshine.kilonull.com" = + { + locations."/" = { + recommendedProxySettings = true; + # NOTE: Sunshine is a little weird since it requires multiple + # ports. You configure it with a base port and the web UI +1 from + # the base port. + proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}"; + extraConfig = '' + proxy_ssl_verify off; + ''; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; + }; + }; +} diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix index 1278833..c82bc86 100644 --- a/systems/x86_64-linux/gospel/default.nix +++ b/systems/x86_64-linux/gospel/default.nix @@ -56,6 +56,10 @@ s3Bucket = "nix-store"; s3Endpoint = "minio.kilonull.com"; }; + services.sunshine = { + enable = true; + acmeCertName = "kilonull.com"; + }; hardware.audio.enable = true; hardware.bluetooth.enable = true; @@ -70,8 +74,6 @@ ]; }; - services.sunshine.enable = true; - services.udev.packages = [ (pkgs.writeTextFile { name = "microbit-udev-rules";