NixOS
Note: This documentation is written assuming you are using Nix flakes. Using Nix with channels is not currently supported, though it should be possible.
Add flake input
Add the Hydrui flake to the Nix flake that contains your system configuration.
{
inputs = {
...
hydrui = {
url = "github:hydrui/hydrui";
inputs.nixpkgs.follows = "nixpkgs";
};
...
};
...
}
Add NixOS module
Where your NixOS system configuration is defined, add the NixOS module.
{
outputs =
{
...
hydrui,
...
}:
{
nixosConfiguration = {
default = nixpkgs.lib.nixosSystem {
...
modules = [
...
hydrui.nixosModules.hydrui
...
];
};
};
};
}
Configure the NixOS module
Within your system configuration, you can now use the Hydrui options.
{ config, ... }: {
services.hydrui = {
enable = true;
# Enables "server mode". Check the documentation for more information.
# https://hydrui.dev/en/docs/server-mode/
serverMode = true;
# The rest of the options are only allowed when using server mode.
# Hydrus URL to connect to.
hydrusUrl = "http://localhost:45869";
# You can also insecurely pass API credentials using builtins.toFile,
# but this will be *world-readable* in your Nix store. Tread carefully.
hydrusApiKeyFile = config.sops.secrets.hydrus-api-key.path;
# Provide an htpasswd file with login credentials.
# Compatible with Apache .htpasswd, but only bcrypt is supported.
# A simple HTML utility for editing htpasswd files is available here:
# https://hydrui.dev/tools/htpasswd/
htpasswdFile = ./htpasswd.txt;
# Disable sending issue reports.
allowReport = false;
};
}
Secret files will be passed in via systemd credentials, so you do not need to make them accessible to any user except for root.
NixOS module options
services.hydrui.enable
| Description | Whether to enable Hydrui Server. |
|---|---|
| Type | boolean |
| Example | true |
services.hydrui.package
| Description | The hydrui-server package to use. |
|---|---|
| Type | package |
| Default | pkgs.hydrui-server |
services.hydrui.openFirewall
| Description | Whether to automatically open the necessary ports in the firewall. |
|---|---|
| Type | boolean |
| Default | true |
| Example | true |
services.hydrui.serverMode
| Description | Enable Hydrui's server mode, as opposed to the default client-only mode. When enabled, Hydrui Server will act as a proxy to the upstream hydrus client. The API credentials will need to be specified directly to Hydrui Server. When this value is set, hydrusUrl and hydrusApiKeyFile must be set. |
|---|---|
| Type | boolean |
| Example | true |
services.hydrui.acme
| Description | Whether to enable automatic TLS with ACME. |
|---|---|
| Type | boolean |
| Example | true |
services.hydrui.bindAddress
| Description | Address to listen on; empty string for all interfaces. |
|---|---|
| Type | string |
| Default | "" |
| Example | 127.0.0.1 |
services.hydrui.port
| Description | Port to listen on, or null to disable listening on TCP. |
|---|---|
| Type | null or 16 bit unsigned integer; between 0 and 65535 (both inclusive) |
| Default | 8080 |
services.hydrui.socket
| Description | UNIX domain socket path to bind, or null to disable listening on a UNIX domain socket. |
|---|---|
| Type | null or absolute path |
| Example | /var/run/hydrui.sock |
services.hydrui.hydrusUrl
| Description | Hydrus client API server to connect to. (server mode only) |
|---|---|
| Type | null or string |
| Example | http://localhost:45869 |
services.hydrui.hydrusApiKeyFile
| Description | Path to a file that contains the hydrus client API access key. (server mode only) |
|---|---|
| Type | null or absolute path |
services.hydrui.htpasswdFile
| Description | Path to a file that contains an htpasswd file for authentication. (server mode only) |
|---|---|
| Type | null or absolute path |
services.hydrui.allowReport
| Description | Allow users to submit issue reports to the Hydrui Mothership. You can disable this to improve privacy if you don't think you will ever use the issue reporting functionality within Hydrui. (server mode only) |
|---|---|
| Type | null or boolean |
| Default | true |
services.hydrui.secretFile
| Description | Secret keymatter used for session validation. If not specified, it will be generated and stored locally in /var/lib. |
|---|---|
| Type | null or absolute path |