# A Comics/Manga media server { config, lib, ... }: let cfg = config.my.services.komga; in { options.my.services.komga = with lib; { enable = mkEnableOption "Komga comics server"; port = mkOption { type = types.port; default = 4584; example = 8080; description = "Internal port for webui"; }; }; config = lib.mkIf cfg.enable { services.komga = { enable = true; inherit (cfg) port; group = "media"; }; systemd.services.komga.environment = { LOGGING_LEVEL_ORG_GOTSON_KOMGA = "DEBUG"; # Needed for fail2ban }; # Set-up media group users.groups.media = { }; my.services.nginx.virtualHosts = { komga = { inherit (cfg) port; }; }; my.system.persist.directories = [ config.services.komga.stateDir ]; services.fail2ban.jails = { komga = '' enabled = true filter = komga port = http,https ''; }; environment.etc = { "fail2ban/filter.d/komga.conf".text = '' [Definition] failregex = ^.* ip=,.*Bad credentials.*$ journalmatch = _SYSTEMD_UNIT=komga.service ''; }; }; }