From f76c6862ba155b4e187f295cf03412e553943289 Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Sun, 12 Oct 2025 16:41:29 -0500
Subject: [PATCH] add suwayomi

---
 flake.nix                                     |   2 +-
 .../homelab/services/arr/suwayomi/default.nix | 100 ++++++++++++++++++
 modules/homelab/services/glance/default.nix   |  10 ++
 modules/system/backups.nix                    |   2 +-
 4 files changed, 112 insertions(+), 2 deletions(-)
 create mode 100644 modules/homelab/services/arr/suwayomi/default.nix

diff --git a/flake.nix b/flake.nix
index 37cc8fb..cb5c8d4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 368, timestamp: 2025-10-12 16:09:13
+# generation: 369, timestamp: 2025-10-12 16:39:52
 {
   description = "blakes nix config";
   inputs = {
diff --git a/modules/homelab/services/arr/suwayomi/default.nix b/modules/homelab/services/arr/suwayomi/default.nix
new file mode 100644
index 0000000..bde0ddc
--- /dev/null
+++ b/modules/homelab/services/arr/suwayomi/default.nix
@@ -0,0 +1,100 @@
+{ pkgs, config, lib, ... }:
+
+let
+  service = "suwayomi-server";
+  cfg = config.modules.services.${service};
+  sec = config.sops.secrets;
+  homelab = config.modules.homelab;
+in
+{
+  options.modules.services.${service} = {
+    enable = lib.mkEnableOption "enables ${service}";
+
+    # set port options
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 7108;
+      description = "set port for ${service} (default: ${toString cfg.port}";
+    };
+    url = lib.mkOption {
+      type = lib.types.str;
+      default = "syi.${homelab.base_domain}";
+      description = "set domain for ${service}";
+    };
+    data_dir = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/lib/${service}";
+      description = "set data directory for ${service}";
+    };
+    ids = lib.mkOption {
+      type = lib.types.int;
+      default = cfg.port;
+      description = "set uid and pid of ${service} user (matches port by default)";
+    };
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable backups for ${service}";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    
+    # declare ${service} group
+    users.groups.${service} = { gid = lib.mkForce cfg.ids; };
+
+    # declare ${service} user
+    users.users.${service} = {
+      description = "${service} server user";
+      uid = lib.mkForce cfg.ids;
+      isSystemUser = true;
+      home = cfg.data_dir;
+      createHome = true;
+      group = "${service}";
+      extraGroups = [ "media" ];
+    };
+
+    # enable the ${service} service
+    services.${service} = {
+      enable = true;
+      openFirewall = true;
+      user = service;
+      group = service;
+      settings = {
+        server = {
+        port = cfg.port;
+        downloadAsCbz = true;
+        localSourcePath = cfg.data_dir;
+        };
+      };
+    };
+
+    # override umask to make permissions work out
+    systemd.services.${service}.serviceConfig = {
+      UMask = lib.mkForce "0007";
+    };
+
+#    # open firewall
+#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+    # add to glance local service
+    modules.services.glance.links.mediastack = [{
+      title = service;
+      url = "https://${cfg.url}";
+      error-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
+      icon = "di:${service}"; }];
+
+#    sops.secrets = {
+#      "${service}_" = {
+#        owner = "${service}";
+#        group = "${service}";
+#      };
+#    };
+
+    # add to backups
+    modules.system.backups.baks = {
+      ${service} = { paths = [ cfg.data_dir ]; };
+    };
+  };
+}
diff --git a/modules/homelab/services/glance/default.nix b/modules/homelab/services/glance/default.nix
index ca5941d..c60e368 100644
--- a/modules/homelab/services/glance/default.nix
+++ b/modules/homelab/services/glance/default.nix
@@ -98,7 +98,17 @@ in
         server = {
           host = "0.0.0.0";
           port = cfg.port;
+          assets-path = "${cfg.data_dir}/assets";
         };
+#        theme = {custom-css-file = "/assets/user.css";};
+        auth = {
+          secret-key = "+mYVAc1uO85hUUz5Ij6Lpelv1RqiLlneYqZD5Jv45buoF2+LZtIt2okRrbFCppiRQbqXkGoRMtSI0bROg4uFUw==";
+          users = {blake = {password-hash = "$2a$10$RwPCkcto35DCp4vNTDpH6.G3TpecPJ/zUL1jI93uzr.lg6v233Sie";};};
+        };
+#        branding = {
+#          logo-url = "/assets/icons/holocron_logo.png";
+#          favicon-url = "/assets/icons/holocron_favicon.ico";
+#        };
        pages = [
           {
             name = "snowbelle";
diff --git a/modules/system/backups.nix b/modules/system/backups.nix
index 3675f47..922ac44 100644
--- a/modules/system/backups.nix
+++ b/modules/system/backups.nix
@@ -56,7 +56,7 @@ in
           export BORG_PASSPHRASE="$(cat ${cfg.passwd_file})"
           export BORG_REPO="${cfg.repo}"
           timestamp="$(date +'%Y-%m-%d_%H:%M:%S')"
-          mode=sep
+          mode=all
 
           # init repo in needed
           if ! borg info "$BORG_REPO" >/dev/null 2>&1; then