nas: add mealie

LorenzBischof · Jan 28, 2025 · 09c2777 · 09c2777
1 parent b4861d3
commit 09c2777
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -21,6 +21,10 @@ switch-override: add
 deploy: add
 	nixos-rebuild switch --flake .#nas --target-host nas --use-remote-sudo
 
+.PHONY: deploy-override
+deploy-override: add
+	nixos-rebuild switch --flake .#nas --override-input nix-secrets ../nix-secrets --target-host nas --use-remote-sudo
+
 .PHONY: dry-build-nas
 dry-build-nas: add
 	NIXPKGS_ALLOW_INSECURE=1 nixos-rebuild dry-build --flake .#nas --impure
diff --git a/flake.lock b/flake.lock
diff --git a/hosts/nas/authelia.nix b/hosts/nas/authelia.nix
@@ -139,6 +139,15 @@ in
               ];
               consent_mode = "implicit";
             }
+            {
+              client_id = "mealie";
+              client_secret = secrets.authelia-clients-mealie;
+              authorization_policy = "one_factor";
+              redirect_uris = [
+                "https://mealie.${domain}/login"
+              ];
+              consent_mode = "implicit";
+            }
           ];
         };
       };

diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix
@@ -26,6 +26,7 @@ in
     ./scrutiny.nix
     ./open-webui.nix
     ./homeassistant.nix
+    ./mealie.nix
   ];
 
   homelab.domain = lib.mkDefault secrets.prod-domain;

diff --git a/hosts/nas/mealie.nix b/hosts/nas/mealie.nix
@@ -0,0 +1,31 @@
+{
+  config,
+  pkgs,
+  lib,
+  secrets,
+  ...
+}:
+{
+  services.mealie = {
+    enable = true;
+    settings = {
+      OIDC_AUTH_ENABLED = "true";
+      OIDC_SIGNUP_ENABLED = "true";
+      OIDC_CONFIGURATION_URL = "https://auth.${config.homelab.domain}/.well-known/openid-configuration";
+      OIDC_CLIENT_ID = "mealie";
+      OIDC_AUTO_REDIRECT = "true"; # WARNING: a default local admin user is created by default!
+    };
+    credentialsFile = config.age.secrets.mealie-credentials.path;
+  };
+  services.nginx.virtualHosts."mealie.${config.homelab.domain}" = {
+    forceSSL = true;
+    useACMEHost = config.homelab.domain;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString config.services.mealie.port}";
+      proxyWebsockets = true;
+      recommendedProxySettings = true;
+    };
+  };
+
+  homelab.dashboard.Services.Mealie.href = "https://mealie.${config.homelab.domain}";
+}