From c519f8d83e6e2e33be35a58d37760089b35034a9 Mon Sep 17 00:00:00 2001 From: Joakim Repomaa Date: Wed, 12 Feb 2025 20:58:42 +0200 Subject: [PATCH] refactor --- hosts/apu/configuration.nix | 2 +- hosts/freun.dev/services.nix | 135 ++++++++++++++------------- modules/services/donetick.nix | 2 +- modules/services/gotosocial.nix | 78 +++++++--------- modules/services/grafana.nix | 23 +---- modules/services/gtrackmap.nix | 16 +--- modules/services/hastebin.nix | 2 +- modules/services/immich.nix | 2 +- modules/services/invidious.nix | 13 +-- modules/services/owncast.nix | 14 +-- modules/services/readeck.nix | 26 +++--- modules/services/syncthing.nix | 12 +-- modules/services/tailscale.nix | 13 +-- modules/services/vaultwarden.nix | 63 ++++++------- modules/services/webserver.nix | 4 +- modules/services/workout-sync.nix | 8 +- modules/services/workout-tracker.nix | 21 +---- 17 files changed, 182 insertions(+), 252 deletions(-) diff --git a/hosts/apu/configuration.nix b/hosts/apu/configuration.nix index 970f1f2..c622d5d 100644 --- a/hosts/apu/configuration.nix +++ b/hosts/apu/configuration.nix @@ -218,7 +218,7 @@ }; }; - modules.services.webserver = { + services.webserver = { enable = true; acme.dnsChallenge = true; vHosts."koti.repomaa.com" = { diff --git a/hosts/freun.dev/services.nix b/hosts/freun.dev/services.nix index 4c5abdf..b4490b4 100644 --- a/hosts/freun.dev/services.nix +++ b/hosts/freun.dev/services.nix @@ -28,20 +28,6 @@ in }; modules.services = { - vaultwarden = { - enable = true; - subdomain = "pw"; - config = { - YUBICO_CLIENT_ID = 86799; - SMTP_HOST = smtp.host; - SMTP_FROM = smtp.from; - SMTP_FROM_NAME = "Vaultwarden"; - SMTP_USERNAME = smtp.username; - SMTP_PORT = smtp.port; - HELO_NAME = smtp.heloName; - }; - }; - immich = { enable = true; subdomain = "img"; @@ -49,55 +35,6 @@ in storageDirs = [ syncthingDataDir ]; version = "v1.125.7"; }; - - syncthing = { - enable = true; - subdomain = "sync"; - dataDir = syncthingDataDir; - }; - - gotosocial = { - enable = true; - subdomain = "social"; - settings = { - smtp-host = smtp.host; - smtp-port = smtp.port; - smtp-username = smtp.username; - smtp-from = smtp.from; - }; - }; - - workout-tracker = { - enable = true; - subdomain = "fit"; - }; - - workout-sync = { - enable = true; - subdomain = "ws"; - }; - - invidious = { - enable = true; - subdomain = "vid"; - }; - - grafana = { - enable = true; - subdomain = "graph"; - }; - - gtrackmap = { - enable = true; - subdomain = "trackmap"; - }; - - owncast = { - enable = true; - subdomain = "stream"; - }; - - tailscale.enable = true; }; services = { @@ -130,5 +67,77 @@ in }; }; }; + + grafana = { + enable = true; + subdomain = "graph"; + settings.smtp = { + enabled = true; + host = smtp.host; + port = smtp.port; + user = smtp.username; + from_address = smtp.from; + }; + }; + + owncast = { + enable = true; + subdomain = "stream"; + }; + + gtrackmap = { + enable = true; + subdomain = "trackmap"; + port = 3001; + }; + + invidious = { + enable = true; + subdomain = "vid"; + }; + + syncthing = { + enable = true; + subdomain = "sync"; + dataDir = syncthingDataDir; + }; + + tailscale.enable = true; + + gotosocial = { + enable = true; + subdomain = "social"; + settings = { + smtp-host = smtp.host; + smtp-port = smtp.port; + smtp-username = smtp.username; + smtp-from = smtp.from; + instance-languages = [ "de" "fi" "en" ]; + }; + }; + + vaultwarden = { + enable = true; + subdomain = "pw"; + config = { + YUBICO_CLIENT_ID = 86799; + SMTP_HOST = smtp.host; + SMTP_FROM = smtp.from; + SMTP_FROM_NAME = "Vaultwarden"; + SMTP_USERNAME = smtp.username; + SMTP_PORT = smtp.port; + HELO_NAME = smtp.heloName; + }; + }; + + workout-tracker = { + enable = true; + subdomain = "fit"; + }; + + workout-sync = { + enable = true; + subdomain = "ws"; + }; }; } diff --git a/modules/services/donetick.nix b/modules/services/donetick.nix index 548957c..6ca981f 100644 --- a/modules/services/donetick.nix +++ b/modules/services/donetick.nix @@ -204,7 +204,7 @@ in confinement.enable = true; }; - modules.services.webserver = { + services.webserver = { enable = lib.mkDefault true; vHosts.${fqdn}.locations."/" .proxyPort = cfg.settings.server.port; }; diff --git a/modules/services/gotosocial.nix b/modules/services/gotosocial.nix index 3f003a4..9683add 100644 --- a/modules/services/gotosocial.nix +++ b/modules/services/gotosocial.nix @@ -1,62 +1,52 @@ { config, lib, ... }: let - cfg = config.modules.services.gotosocial; + cfg = config.services.gotosocial; secrets = config.age.secrets; domain = config.networking.domain; fqdn = "${cfg.subdomain}.${domain}"; - port = cfg.port; + port = cfg.settings.port; in { - options.modules.services.gotosocial = { - enable = lib.mkEnableOption "Enable Gotosocial"; + options.services.gotosocial = { subdomain = lib.mkOption { type = lib.types.str; }; - port = lib.mkOption { - type = lib.types.int; - default = 3500; - }; - settings = lib.mkOption { - type = lib.types.attrs; - default = { }; - }; }; config = lib.mkIf cfg.enable { - services.gotosocial = { - enable = true; - environmentFile = secrets.gotosocial.path; - settings = { - host = fqdn; - account-domain = domain; - protocol = "https"; - bind-address = "localhost"; - instance-languages = [ "de" "fi" "en" ]; - instance-inject-mastodon-version = true; - accounts-registration-open = true; - instance-expose-public-timeline = true; - letsencrypt-enabled = false; - inherit port; - } // cfg.settings; - setupPostgresqlDB = true; - }; + services = { + gotosocial = { + environmentFile = secrets.gotosocial.path; + settings = { + host = fqdn; + account-domain = domain; + protocol = "https"; + bind-address = "localhost"; + instance-inject-mastodon-version = true; + accounts-registration-open = true; + instance-expose-public-timeline = true; + letsencrypt-enabled = false; + }; + setupPostgresqlDB = true; + }; - modules.services.webserver.vHosts = { - ${domain}.locations = lib.listToAttrs ( - lib.map - (path: { - name = "/.well-known/${path}"; - value.extraConfig = '' - rewrite ^.*$ https://${fqdn}/.well-known/${path} permanent; - ''; - }) [ - "host-meta" - "webfinger" - "nodeinfo" - ] - ); + webserver.vHosts = { + ${domain}.locations = lib.listToAttrs ( + lib.map + (path: { + name = "/.well-known/${path}"; + value.extraConfig = '' + rewrite ^.*$ https://${fqdn}/.well-known/${path} permanent; + ''; + }) [ + "host-meta" + "webfinger" + "nodeinfo" + ] + ); - "${fqdn}".locations."/".proxyPort = port; + "${fqdn}".locations."/".proxyPort = port; + }; }; }; } diff --git a/modules/services/grafana.nix b/modules/services/grafana.nix index 844a7e1..c04a149 100644 --- a/modules/services/grafana.nix +++ b/modules/services/grafana.nix @@ -1,32 +1,21 @@ { lib, config, ... }: let - cfg = config.modules.services.grafana; + cfg = config.services.grafana; secrets = config.age.secrets; fqdn = "${cfg.subdomain}.${config.networking.domain}"; in { - options.modules.services.grafana = { - enable = lib.mkEnableOption "Enable Grafana"; + options.services.grafana = { subdomain = lib.mkOption { type = lib.types.str; }; - config = lib.mkOption { - type = lib.types.attrs; - }; - port = lib.mkOption { - type = lib.types.int; - default = 3300; - }; }; config = lib.mkIf cfg.enable { services.grafana = { - enable = true; - settings = { server = { root_url = "https://${fqdn}"; - http_port = cfg.port; }; database = { @@ -36,11 +25,7 @@ in }; smtp = { - enabled = true; - host = "horologium.uberspace.de"; - from_address = "noreply@freun.dev"; - from_name = "Vaultwarden"; - user = "noreply@freun.dev"; + from_name = "Grafana"; password = "$__file{${secrets.smtp-password.path}}"; }; }; @@ -59,7 +44,7 @@ in ]; }; - modules.services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port; + services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.settings.server.http_port; services.postgresql = { enable = lib.mkDefault true; diff --git a/modules/services/gtrackmap.nix b/modules/services/gtrackmap.nix index 2666e84..b1211a1 100644 --- a/modules/services/gtrackmap.nix +++ b/modules/services/gtrackmap.nix @@ -1,6 +1,6 @@ { lib, config, inputs, ... }: let - cfg = config.modules.services.gtrackmap; + cfg = config.services.gtrackmap; fqdn = "${cfg.subdomain}.${config.networking.domain}"; in { @@ -8,23 +8,13 @@ in inputs.gtrackmap.nixosModules.default ]; - options.modules.services.gtrackmap = { - enable = lib.mkEnableOption "Enable GTrackmap"; + options.services.gtrackmap = { subdomain = lib.mkOption { type = lib.types.str; }; - port = lib.mkOption { - type = lib.types.int; - default = 3200; - }; }; config = lib.mkIf cfg.enable { - services.gtrackmap = { - enable = true; - inherit (cfg) port; - }; - - modules.services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port; + services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port; }; } diff --git a/modules/services/hastebin.nix b/modules/services/hastebin.nix index d419152..e03b0d2 100644 --- a/modules/services/hastebin.nix +++ b/modules/services/hastebin.nix @@ -37,7 +37,7 @@ in auth_tokens_file = secrets.hastebin-tokens.path; }; - modules.services.webserver = { + services.webserver = { enable = lib.mkDefault true; vHosts.${fqdn} = { proxyBuffering = false; diff --git a/modules/services/immich.nix b/modules/services/immich.nix index 9f98dd5..2090a27 100644 --- a/modules/services/immich.nix +++ b/modules/services/immich.nix @@ -215,7 +215,7 @@ in wantedBy = [ "multi-user.target" ]; }; - modules.services.webserver = { + services.webserver = { enable = lib.mkDefault true; vHosts.${fqdn}.locations."/".proxyPort = cfg.port; }; diff --git a/modules/services/invidious.nix b/modules/services/invidious.nix index a64aa2f..de3e3f0 100644 --- a/modules/services/invidious.nix +++ b/modules/services/invidious.nix @@ -1,26 +1,19 @@ { config, lib, ... }: let - cfg = config.modules.services.invidious; + cfg = config.services.invidious; fqdn = "${cfg.subdomain}.${config.networking.domain}"; in { - options.modules.services.invidious = { - enable = lib.mkEnableOption "Enable Invidious"; + options.services.invidious = { subdomain = lib.mkOption { type = lib.types.str; }; - port = lib.mkOption { - type = lib.types.int; - default = 3000; - }; }; config = lib.mkIf cfg.enable { services.invidious = { - enable = true; domain = fqdn; address = "127.0.0.1"; - inherit (cfg) port; settings = { external_port = 443; @@ -33,7 +26,7 @@ in services.postgresql.enable = lib.mkDefault true; - modules.services.webserver = { + services.webserver = { enable = lib.mkDefault true; vHosts.${fqdn}.locations."/".proxyPort = cfg.port; }; diff --git a/modules/services/owncast.nix b/modules/services/owncast.nix index 2ac1a0b..51489c6 100644 --- a/modules/services/owncast.nix +++ b/modules/services/owncast.nix @@ -1,26 +1,20 @@ { lib, config, ... }: let - cfg = config.modules.services.owncast; + cfg = config.services.owncast; fqdn = "${cfg.subdomain}.${config.networking.domain}"; in { - options.modules.services.owncast = { - enable = lib.mkEnableOption "Enable Owncast"; + options.services.owncast = { subdomain = lib.mkOption { type = lib.types.str; }; - port = lib.mkOption { - type = lib.types.int; - default = 8080; - }; }; config = lib.mkIf cfg.enable { services.owncast = { - enable = true; openFirewall = true; - inherit (cfg) port; }; - modules.services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port; + + services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port; }; } diff --git a/modules/services/readeck.nix b/modules/services/readeck.nix index 5103a18..5ddabe1 100644 --- a/modules/services/readeck.nix +++ b/modules/services/readeck.nix @@ -17,20 +17,22 @@ in }; config = lib.mkIf cfg.enable { - services.readeck = { - package = pkgsUnstable.readeck; - environmentFile = secrets.readeck.path; - settings = { - server.port = lib.mkDefault 8090; + services = { + readeck = { + package = pkgsUnstable.readeck; + environmentFile = secrets.readeck.path; + settings = { + server.port = lib.mkDefault 8090; + }; }; - }; - modules.services.webserver = { - enable = lib.mkDefault true; - vHosts.${fqdn} = { - proxyBuffering = false; - locations."/" = { - proxyPort = cfg.settings.server.port; + webserver = { + enable = lib.mkDefault true; + vHosts.${fqdn} = { + proxyBuffering = false; + locations."/" = { + proxyPort = cfg.settings.server.port; + }; }; }; }; diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index ae04b15..1a757e7 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -1,14 +1,10 @@ { config, lib, ... }: let - cfg = config.modules.services.syncthing; + cfg = config.services.syncthing; fqdn = "${cfg.subdomain}.${config.networking.domain}"; in { - options.modules.services.syncthing = { - enable = lib.mkEnableOption "Enable Syncthing"; - dataDir = lib.mkOption { - type = lib.types.str; - }; + options.services.syncthing = { subdomain = lib.mkOption { type = lib.types.str; }; @@ -20,14 +16,12 @@ in config = lib.mkIf cfg.enable { services.syncthing = { - enable = true; - dataDir = cfg.dataDir; openDefaultPorts = true; guiAddress = "[::1]:${toString cfg.port}"; settings.gui.insecureSkipHostCheck = true; }; - modules.services.webserver = { + services.webserver = { enable = lib.mkDefault true; vHosts.${fqdn}.locations."/".proxyPort = cfg.port; }; diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix index 713f5d6..8839f53 100644 --- a/modules/services/tailscale.nix +++ b/modules/services/tailscale.nix @@ -1,18 +1,9 @@ { lib, config, ... }: let - cfg = config.modules.services.tailscale; + cfg = config.services.tailscale; in { - options = { - modules.services.tailscale = { - enable = lib.mkEnableOption "Enable Tailscale"; - }; - }; - config = lib.mkIf cfg.enable { - services.tailscale = { - enable = true; - useRoutingFeatures = "server"; - }; + services.tailscale.useRoutingFeatures = "server"; }; } diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix index 6c1adcc..a95fbdf 100644 --- a/modules/services/vaultwarden.nix +++ b/modules/services/vaultwarden.nix @@ -1,53 +1,46 @@ { lib, config, ... }: let - cfg = config.modules.services.vaultwarden; + cfg = config.services.vaultwarden; secrets = config.age.secrets; fqdn = "${cfg.subdomain}.${config.networking.domain}"; port = config.services.vaultwarden.config.ROCKET_PORT; in { - options.modules.services.vaultwarden = { - enable = lib.mkEnableOption "Enable Vaultwarden"; + options.services.vaultwarden = { subdomain = lib.mkOption { type = lib.types.str; }; - secrets = lib.mkOption { - type = lib.types.str; - }; - config = lib.mkOption { - type = lib.types.attrs; - default = { }; - }; }; config = lib.mkIf cfg.enable { - services.vaultwarden = { - enable = true; - dbBackend = "postgresql"; - environmentFile = secrets.vaultwarden.path; - config = { - DOMAIN = "https://${fqdn}"; - DATABASE_URL = "postgres://%2Fvar%2Frun%2Fpostgresql/vaultwarden"; - WEBSOCKET_ENABLED = true; - SIGNUPS_VERIFY = true; - PASSWORD_ITERATIONS = 600000; - ROCKET_LIMITS = "{json=10485760}"; - ROCKET_PORT = 8000; - } // cfg.config; - }; + services = { + vaultwarden = { + dbBackend = "postgresql"; + environmentFile = secrets.vaultwarden.path; + config = { + DOMAIN = "https://${fqdn}"; + DATABASE_URL = "postgres://%2Fvar%2Frun%2Fpostgresql/vaultwarden"; + WEBSOCKET_ENABLED = true; + SIGNUPS_VERIFY = true; + PASSWORD_ITERATIONS = 600000; + ROCKET_LIMITS = "{json=10485760}"; + ROCKET_PORT = 8000; + }; + }; - modules.services.webserver = { - enable = lib.mkDefault true; - vHosts.${fqdn}.locations."/".proxyPort = port; - }; + webserver = { + enable = lib.mkDefault true; + vHosts.${fqdn}.locations."/".proxyPort = port; + }; - services.postgresql = { - enable = lib.mkDefault true; - ensureDatabases = [ "vaultwarden" ]; - ensureUsers = [{ - name = "vaultwarden"; - ensureDBOwnership = true; - }]; + postgresql = { + enable = lib.mkDefault true; + ensureDatabases = [ "vaultwarden" ]; + ensureUsers = [{ + name = "vaultwarden"; + ensureDBOwnership = true; + }]; + }; }; }; } diff --git a/modules/services/webserver.nix b/modules/services/webserver.nix index 9d84096..4cd93ec 100644 --- a/modules/services/webserver.nix +++ b/modules/services/webserver.nix @@ -1,6 +1,6 @@ { lib, config, ... }: let - cfg = config.modules.services.webserver; + cfg = config.services.webserver; types = { location = lib.types.submodule { @@ -30,7 +30,7 @@ let }; in { - options.modules.services.webserver = { + options.services.webserver = { enable = lib.mkEnableOption "Enable nginx"; acme = { dnsChallenge = lib.mkEnableOption "Enable DNS challenge"; diff --git a/modules/services/workout-sync.nix b/modules/services/workout-sync.nix index 84aa2b7..01c89c1 100644 --- a/modules/services/workout-sync.nix +++ b/modules/services/workout-sync.nix @@ -1,12 +1,12 @@ { pkgs, inputs, config, lib, ... }: let - cfg = config.modules.services.workout-sync; + cfg = config.services.workout-sync; fqdn = "${cfg.subdomain}.${config.networking.domain}"; port = cfg.port; workout-sync = inputs.workout-sync.packages.${pkgs.system}.default; in { - options.modules.services.workout-sync = { + options.services.workout-sync = { enable = lib.mkEnableOption "Enable Workout Sync"; subdomain = lib.mkOption { type = lib.types.str; @@ -18,7 +18,7 @@ in }; config = lib.mkIf cfg.enable { - modules.services.workout-tracker.enable = lib.mkDefault true; + services.workout-tracker.enable = lib.mkDefault true; systemd.services.workout-sync = { enable = true; @@ -46,7 +46,7 @@ in confinement.enable = true; }; - modules.services.webserver = { + services.webserver = { enable = lib.mkDefault true; vHosts.${fqdn}.locations."/" = { proxyPort = port; diff --git a/modules/services/workout-tracker.nix b/modules/services/workout-tracker.nix index 31a5c7e..b93facf 100644 --- a/modules/services/workout-tracker.nix +++ b/modules/services/workout-tracker.nix @@ -1,32 +1,21 @@ { pkgs, config, lib, inputs, ... }: let - cfg = config.modules.services.workout-tracker; + cfg = config.services.workout-tracker; fqdn = "${cfg.subdomain}.${config.networking.domain}"; port = cfg.port; + package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.workout-tracker; in { - options.modules.services.workout-tracker = { - enable = lib.mkEnableOption "Enable Workout Tracker"; - version = lib.mkOption { - type = lib.types.str; - }; + options.services.workout-tracker = { subdomain = lib.mkOption { type = lib.types.str; }; - port = lib.mkOption { - type = lib.types.int; - default = 3322; - }; }; config = lib.mkIf cfg.enable { - services.workout-tracker = { - enable = true; - inherit port; - package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.workout-tracker; - }; + services.workout-tracker = { inherit package; }; - modules.services.webserver = { + services.webserver = { enable = lib.mkDefault true; vHosts.${fqdn}.locations."/".proxyPort = port; };