From 0df97596066f75945642daf97688661539f2a74f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martynas=20Mickevi=C4=8Dius?= <self@2m.lt>
Date: Sun, 25 Jan 2026 21:50:58 +0200
Subject: [PATCH] Add nix flake

---
 install/nix/flake.nix | 94 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 install/nix/flake.nix

diff --git a/install/nix/flake.nix b/install/nix/flake.nix
new file mode 100644
index 00000000..3e4dbb7c
--- /dev/null
+++ b/install/nix/flake.nix
@@ -0,0 +1,94 @@
+{
+  description = "NixOS module for NetAlertX network monitoring";
+
+  outputs = { self }: {
+    nixosModules.default = { config, lib, ... }:
+      with lib;
+      let
+        cfg = config.services.netalertx;
+      in {
+        options.services.netalertx = {
+          enable = mkEnableOption "netalertx";
+          port = mkOption {
+            type = types.port;
+            default = 20211;
+            description = "Port to listen on for web gui";
+          };
+          graphqlPort = mkOption {
+            type = types.port;
+            default = 20212;
+            description = "Port to listen on for GraphQL requests";
+          };
+          puid = mkOption {
+            type = types.int;
+            default = 20211;
+            description = "PUID to run the app";
+          };
+          pgid = mkOption {
+            type = types.int;
+            default = 20211;
+            description = "PGID to run the app";
+          };
+          imageTag = mkOption {
+            type = types.str;
+            default = "26.1.17";
+            description = "Image tag to run";
+          };
+          backendApiUrl = mkOption {
+            type = types.str;
+            default = "http://localhost:${toString cfg.graphqlPort}";
+            description = "URL to use when accessing GraphQL server";
+          };
+        };
+        config = mkIf cfg.enable {
+          users.users.netalertx = {
+            isSystemUser = true;
+            group = "netalertx";
+            uid = cfg.puid;
+          };
+          users.groups.netalertx = {
+            gid = cfg.pgid;
+          };
+          systemd.tmpfiles.rules = [
+            "d /var/lib/netalertx 0755 ${toString cfg.puid} ${toString cfg.pgid} -"
+            "d /var/lib/netalertx/db 0755 ${toString cfg.puid} ${toString cfg.pgid} -"
+            "d /var/lib/netalertx/config 0755 ${toString cfg.puid} ${toString cfg.pgid} -"
+          ];
+          virtualisation.oci-containers = {
+            containers = {
+              netalertx = {
+                image = "ghcr.io/jokob-sk/netalertx:${cfg.imageTag}";
+                autoStart = true;
+                extraOptions = [
+                  "--network=host"
+                  "--cap-drop=ALL"
+                  "--cap-add=NET_ADMIN"
+                  "--cap-add=NET_RAW"
+                  "--cap-add=NET_BIND_SERVICE"
+                  "--cap-add=CHOWN"
+                  "--cap-add=SETUID"
+                  "--cap-add=SETGID"
+                  "--read-only"
+                  "--tmpfs=/tmp"
+                ];
+                volumes = [
+                  "/var/lib/netalertx:/data"
+                  "/etc/localtime:/etc/localtime:ro"
+                ];
+                environment = {
+                  PUID = toString cfg.puid;
+                  PGID = toString cfg.pgid;
+                  LISTEN_ADDR = "0.0.0.0";
+                  PORT = "${toString cfg.port}";
+                  GRAPHQL_PORT = "${toString cfg.graphqlPort}";
+                  APP_CONF_OVERRIDE = builtins.toJSON { BACKEND_API_URL = cfg.backendApiUrl; };
+                  ALWAYS_FRESH_INSTALL = "false";
+                  NETALERTX_DEBUG = "0";
+                };
+              };
+            };
+          };
+        };
+      };
+  };
+}