From bce2cb54f20ed1af888c9d1bbbcf7f57d208caf2 Mon Sep 17 00:00:00 2001
From: Louis Pearson <opensource@louispearson.work>
Date: Tue, 30 Jan 2024 03:40:56 -0700
Subject: [PATCH] feat: add komga service

Komga does not appear to be picking up the application.yml
configuration file. Maybe it's a permissions issue?
---
 configuration.nix  |  39 ++++++++++++++--
 flake.nix          |   1 +
 services/komga.nix | 111 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 148 insertions(+), 3 deletions(-)
 create mode 100644 services/komga.nix

diff --git a/configuration.nix b/configuration.nix
index c3ed403..efba068 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -106,7 +106,7 @@
   users.users.radarr.extraGroups = [ "aria2" ];
   users.users.readarr.extraGroups = [ "aria2" ];
   users.users.sonarr.extraGroups = [ "aria2" ];
-  users.users.bazarr.extraGroups = [ "aria2" ];
+  users.users.bazarr.extraGroups = [ "multimedia" "aria2" ];
   systemd.tmpfiles.rules = [
     "d /zroot/media 0770 - multimedia - -"
   ];
@@ -116,9 +116,32 @@
   services.radarr   = { enable = true; group = "multimedia"; };
   services.readarr  = { enable = true; group = "multimedia"; };
   services.sonarr   = { enable = true; group = "multimedia"; };
-  services.bazarr   = { enable = true; group = "multimedia"; };
+  services.bazarr   = { enable = true; user = "bazarr"; group = "multimedia"; };
   services.prowlarr = { enable = true; };
 
+  users.users.komga.extraGroups = [ "multimedia" ];
+  services.komgaCustom = {
+    enable = true;
+    group = "multimedia";
+    settings = {
+      spring.security.oauth2.client = {
+        registration.dex = {
+          provider = "dex";
+          client-id = "komga";
+          client-secret = "insecure_secret";
+          client-name = "Komga";
+          scope = "openid,email";
+          authorization-grant-type = "authorization_code";
+          redirect-uri = "{baseUrl}/{action}/oauth2/code/{registrationId}";
+        };
+        provider.dex = {
+          user-name-attribute = "sub";
+          issuer-uri = "https://dex.samsehu.perli.casa";
+        };
+      };
+    };
+  };
+
   systemd.services."netns@" = {
     description = "%I network namespace";
     before = [ "network.target" ];
@@ -134,7 +157,7 @@
     description = "wg network interface";
     bindsTo = [ "netns@wg.service" ];
     requires = [ "network-online.target" ];
-    after = [ "netns@wg.service" ];
+  after = [ "netns@wg.service" ];
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
@@ -235,6 +258,12 @@
           name = "Jellyfin";
           redirectURIs = [ "https://jellyfin.samsehu.perli.casa/sso/OID/redirect/dex" ];
         }
+        {
+          id = "komga";
+          secret = "insecure_secret";
+          name = "Komga";
+          redirectURIs = [ "https://komga.samsehu.perli.casa/login/oauth2/code/dex" ];
+        }
       ];
 
       # authentication sources
@@ -556,6 +585,9 @@
       }
       respond 403
     '';
+    virtualHosts."komga.samsehu.perli.casa".extraConfig = ''
+      reverse_proxy localhost:25600
+    '';
   };
 
   # Headscale for access to the network while away from home
@@ -597,6 +629,7 @@
           { name = "son.arr.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
           { name = "baz.arr.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
           { name = "prowl.arr.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
+          { name = "komga.samsehu.perli.casa"; type = "A"; value = "100.64.0.3"; }
         ];
       };
 
diff --git a/flake.nix b/flake.nix
index dd50bad..5fd19e8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,6 +41,7 @@
           ./agenix-config-module.nix
           ./configuration.nix
           ./services/glauth.nix
+          ./services/komga.nix
           agenix.nixosModules.default
         ];
       };
diff --git a/services/komga.nix b/services/komga.nix
new file mode 100644
index 0000000..4ad6b6b
--- /dev/null
+++ b/services/komga.nix
@@ -0,0 +1,111 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.services.komgaCustom;
+  settingsFormat = pkgs.formats.yaml {};
+in  
+{
+  options = {
+    services.komgaCustom = {
+      enable = mkEnableOption (lib.mdDoc "Komga, a free and open source comics/mangas media server");
+
+      port = mkOption {
+        type = types.port;
+        default = 25600;
+        description = lib.mdDoc ''
+          The port that Komga will listen on.
+        '';
+      };
+
+      user = mkOption {
+        type = types.str;
+        default = "komga";
+        description = lib.mdDoc ''
+          User account under which Komga runs.
+        '';
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "komga";
+        description = lib.mdDoc ''
+          Group under which Komga runs.
+        '';
+      };
+
+      stateDir = mkOption {
+        type = types.str;
+        default = "/var/lib/komga";
+        description = lib.mdDoc ''
+          State and configuration directory Komga will use.
+        '';
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = lib.mdDoc ''
+          Whether to open the firewall for the port in {option}`services.komga.port`.
+        '';
+      };
+
+      settings = mkOption {
+        type = settingsFormat.type;
+        default = {};
+        description = lib.mdDoc ''
+          Configuration for application.yaml, see
+          <link xlink:href="https://komga.org/docs/installation/configuration"
+          for supported settings.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
+
+    users.groups = mkIf (cfg.group == "komga") {
+      komga = {};
+    };
+
+    users.users = mkIf (cfg.user == "komga") {
+      komga = {
+        group = cfg.group;
+        home = cfg.stateDir;
+        description = "Komga Daemon user";
+        isSystemUser = true;
+      };
+    };
+
+    systemd.services.komgaCustom = {
+      environment = {
+        SERVER_PORT = builtins.toString cfg.port;
+        KOMGA_CONFIGDIR = cfg.stateDir;
+      };
+
+      description = "Komga is a free and open source comics/mangas media server";
+
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "network-online.target" ];
+      after = [ "network-online.target" ];
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+
+        Type = "simple";
+        Restart = "on-failure";
+        ExecStartPre = pkgs.writeShellScript "komga-config-setup" ''
+          ln -sf ${settingsFormat.generate "application.yml" cfg.settings} ${cfg.stateDir}/application.yml
+        '';
+        ExecStart = "${pkgs.komga}/bin/komga";
+
+        StateDirectory = mkIf (cfg.stateDir == "/var/lib/komga") "komga";
+      };
+
+    };
+  };
+}