Merge pull request #1466 from 2m/main

Add nix flake
2026-01-30 01:21:17 -05:00 · 2026-01-29 07:35:39 +11:00
parent c474d12cc0 0df9759606
commit 29a8cf0294
1 changed files with 94 additions and 0 deletions
--- a/install/nix/flake.nix
+++ b/install/nix/flake.nix
@@ -0,0 +1,94 @@
+{
+  description = "NixOS module for NetAlertX network monitoring";
+
+  outputs = { self }: {
+    nixosModules.default = { config, lib, ... }:
+      with lib;
+      let
+        cfg = config.services.netalertx;
+      in {
+        options.services.netalertx = {
+          enable = mkEnableOption "netalertx";
+          port = mkOption {
+            type = types.port;
+            default = 20211;
+            description = "Port to listen on for web gui";
+          };
+          graphqlPort = mkOption {
+            type = types.port;
+            default = 20212;
+            description = "Port to listen on for GraphQL requests";
+          };
+          puid = mkOption {
+            type = types.int;
+            default = 20211;
+            description = "PUID to run the app";
+          };
+          pgid = mkOption {
+            type = types.int;
+            default = 20211;
+            description = "PGID to run the app";
+          };
+          imageTag = mkOption {
+            type = types.str;
+            default = "26.1.17";
+            description = "Image tag to run";
+          };
+          backendApiUrl = mkOption {
+            type = types.str;
+            default = "http://localhost:${toString cfg.graphqlPort}";
+            description = "URL to use when accessing GraphQL server";
+          };
+        };
+        config = mkIf cfg.enable {
+          users.users.netalertx = {
+            isSystemUser = true;
+            group = "netalertx";
+            uid = cfg.puid;
+          };
+          users.groups.netalertx = {
+            gid = cfg.pgid;
+          };
+          systemd.tmpfiles.rules = [
+            "d /var/lib/netalertx 0755 ${toString cfg.puid} ${toString cfg.pgid} -"
+            "d /var/lib/netalertx/db 0755 ${toString cfg.puid} ${toString cfg.pgid} -"
+            "d /var/lib/netalertx/config 0755 ${toString cfg.puid} ${toString cfg.pgid} -"
+          ];
+          virtualisation.oci-containers = {
+            containers = {
+              netalertx = {
+                image = "ghcr.io/jokob-sk/netalertx:${cfg.imageTag}";
+                autoStart = true;
+                extraOptions = [
+                  "--network=host"
+                  "--cap-drop=ALL"
+                  "--cap-add=NET_ADMIN"
+                  "--cap-add=NET_RAW"
+                  "--cap-add=NET_BIND_SERVICE"
+                  "--cap-add=CHOWN"
+                  "--cap-add=SETUID"
+                  "--cap-add=SETGID"
+                  "--read-only"
+                  "--tmpfs=/tmp"
+                ];
+                volumes = [
+                  "/var/lib/netalertx:/data"
+                  "/etc/localtime:/etc/localtime:ro"
+                ];
+                environment = {
+                  PUID = toString cfg.puid;
+                  PGID = toString cfg.pgid;
+                  LISTEN_ADDR = "0.0.0.0";
+                  PORT = "${toString cfg.port}";
+                  GRAPHQL_PORT = "${toString cfg.graphqlPort}";
+                  APP_CONF_OVERRIDE = builtins.toJSON { BACKEND_API_URL = cfg.backendApiUrl; };
+                  ALWAYS_FRESH_INSTALL = "false";
+                  NETALERTX_DEBUG = "0";
+                };
+              };
+            };
+          };
+        };
+      };
+  };
+}