feat: add aiostreams

2025-12-15 14:50:05 +05:30 · 2025-11-14 12:36:34 +05:30
parent f033f3406a
commit abd2134a2a
4 changed files with 91 additions and 11 deletions
--- a/hosts/arcturus/default.nix
+++ b/hosts/arcturus/default.nix
@@ -35,6 +35,18 @@
  ];

  tux.services.openssh.enable = true;
+  tux.containers.aiostreams = {
+    enable = true;
+    port = 4567;
+    environment = {
+      ADDON_ID = "aiostreams.tux.rs";
+      BASE_URL = "https://aiostreams.tux.rs";
+    };
+
+    environmentFiles = [
+      config.sops.secrets."aiostreams".path
+    ];
+  };

  sops.secrets = {
    borg_encryption_key = {
@@ -81,6 +93,10 @@
    "cs2_secrets/CS2_PW" = {
      sopsFile = ./secrets.yaml;
    };
+
+    aiostreams = {
+      sopsFile = ./secrets.yaml;
+    };
  };

  nixpkgs = {
@@ -144,7 +160,13 @@

    firewall = {
      enable = true;
-      allowedTCPPorts = [80 443 22 3333 8081];
+      allowedTCPPorts = [
+        80
+        443
+        22
+        3333
+        8081
+      ];
    };
  };

@@ -207,7 +229,9 @@
    ];
  };

-  users.users.${username} = {linger = true;};
+  users.users.${username} = {
+    linger = true;
+  };
  home-manager.users.${username} = {
    imports = [
      ./home.nix
--- a/hosts/arcturus/secrets.yaml
+++ b/hosts/arcturus/secrets.yaml
@@ -11,11 +11,8 @@ cs2_secrets:
    SRCDS_TOKEN: ENC[AES256_GCM,data:SzPz4sHDgEoioX8ylLFM6AUUS60gWYpR3ifxUD8A8IQga24t6GM0dyGDryc=,iv:XefIn9yCLPLKVRA+rZiSGUH3l6ZANIJoGRuM/3vFLIw=,tag:flEjl9c7i3XBlHJaq41QYQ==,type:str]
    CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str]
    CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str]
+aiostreams: ENC[AES256_GCM,data:2U2EoRUsKr4OIkqrudmIUEp2bABNlSlNUTzR3vtvTfSJVemIGK31iu0SG8aR4tLSQFEZyhIP9M22zZJVWY5hX1UcMEJ1rmtXnaRjTiurRSpTj76pT9plnrjp0NWDcSWY+uhDrAsEko4oPPJEECTT3qMYLXipnzqpPeWsTrNYiuxmfDPcZw==,iv:tHKbtnLMNfY7B2ssE8x0dri9XhA2M6jIj2KOxOsmG2o=,tag:8hjqmniL/P+PfwfYiAdAwA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
    age:
        - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
          enc: |
@@ -35,8 +32,7 @@ sops:
            NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
            uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-24T12:59:25Z"
-    mac: ENC[AES256_GCM,data:WGWGvbqu07XZ5oU2HBGUbP/9oNCavPBXb2SIm10CG2s377QAWZmpdOC2AGAX8J3NfLtyWEHm8WUQSKjNKvKWARsXU24lNnY+BTSIkF8ymrAU/rRMX8VJi92IYjregAfVBIaYomxqJFhNuAhmsQ75ZYMpRBTusxiEFEdl/H9obiY=,iv:VXIVkpnOY2gZ/xDX/oFvZn08K5Gp49tpiJQGK20blro=,tag:Hkk92ZQWTRY9oQb3Mm6R3w==,type:str]
-    pgp: []
+    lastmodified: "2025-11-14T07:04:37Z"
+    mac: ENC[AES256_GCM,data:6fiO+dtyMqVH+KeZerAwjYpK1pwa9bLcSSinA6U/UZa5r8GsVlL2C3Z0edsuqgyC84rYZKF7rbV41earhds2i29RhrfiJUeGdTG04ce3ncWlqHWL8gtyw+wop3FYgC2UYi0IwhLxd8vYQe2XqD6Ml949SsqkKe/taIf7uJ9aDXA=,iv:IlgHvw5XB847ZhFFiy2Vmbm3/zQW6mvVv3VX6pSzh7o=,tag:nqDDq+jAjDP+/QbhOu9JNg==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.9.3
+    version: 3.11.0
--- a/hosts/common/default.nix
+++ b/hosts/common/default.nix
@@ -15,6 +15,7 @@
    ../../modules/nixos/selfhosted/upstream-proxy.nix
    ../../modules/nixos/selfhosted/tfolio.nix
    ../../modules/nixos/selfhosted/cyber-tux.nix
+    ../../modules/nixos/selfhosted/containers/aiostreams.nix
    ../../modules/nixos/networking/ssh.nix
  ];

@@ -48,7 +49,14 @@
  home-manager = {
    backupFileExtension = "hm-backup";
    useUserPackages = true;
-    extraSpecialArgs = {inherit inputs outputs username email;};
+    extraSpecialArgs = {
+      inherit
+        inputs
+        outputs
+        username
+        email
+        ;
+    };
    users.${username} = {
      imports = [
        ./home.nix
--- a/modules/nixos/selfhosted/containers/aiostreams.nix
+++ b/modules/nixos/selfhosted/containers/aiostreams.nix
@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.tux.containers.aiostreams;
+in {
+  options.tux.containers.aiostreams = {
+    enable = mkEnableOption "Enable AIOStreams";
+
+    port = mkOption {
+      type = types.int;
+      default = 3000;
+    };
+
+    environment = mkOption {
+      type = with types; attrsOf str;
+      default = {};
+    };
+
+    environmentFiles = mkOption {
+      type = with types; listOf path;
+      default = [];
+    };
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.oci-containers.containers.aiostreams = {
+      autoStart = true;
+      image = "ghcr.io/viren070/aiostreams:latest";
+      ports = [
+        "${toString cfg.port}:3000"
+      ];
+
+      environment = cfg.environment;
+      environmentFiles = cfg.environmentFiles;
+    };
+
+    services.nginx.virtualHosts = {
+      "${cfg.environment.ADDON_ID}" = {
+        forceSSL = true;
+        useACMEHost = "tux.rs";
+        locations = {
+          "/" = {
+            proxyPass = "http://localhost:${toString cfg.port}";
+          };
+        };
+      };
+    };
+  };
+}