repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
Joakim Repomaa
2025-02-12 20:58:42 +02:00
parent dd4e5c63e3
commit c519f8d83e
17 changed files with 182 additions and 252 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/services/donetick.nix
View File

@@ -204,7 +204,7 @@ in
confinement.enable = true;
};
modules.services.webserver = {
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/" .proxyPort = cfg.settings.server.port;
};

78
modules/services/gotosocial.nix
View File

@@ -1,62 +1,52 @@
{ config, lib, ... }:
let
cfg = config.modules.services.gotosocial;
cfg = config.services.gotosocial;
secrets = config.age.secrets;
domain = config.networking.domain;
fqdn = "${cfg.subdomain}.${domain}";
port = cfg.port;
port = cfg.settings.port;
in
{
options.modules.services.gotosocial = {
enable = lib.mkEnableOption "Enable Gotosocial";
options.services.gotosocial = {
subdomain = lib.mkOption {
type = lib.types.str;
};
port = lib.mkOption {
type = lib.types.int;
default = 3500;
};
settings = lib.mkOption {
type = lib.types.attrs;
default = { };
};
};
config = lib.mkIf cfg.enable {
services.gotosocial = {
enable = true;
environmentFile = secrets.gotosocial.path;
settings = {
host = fqdn;
account-domain = domain;
protocol = "https";
bind-address = "localhost";
instance-languages = [ "de" "fi" "en" ];
instance-inject-mastodon-version = true;
accounts-registration-open = true;
instance-expose-public-timeline = true;
letsencrypt-enabled = false;
inherit port;
} // cfg.settings;
setupPostgresqlDB = true;
};
services = {
gotosocial = {
environmentFile = secrets.gotosocial.path;
settings = {
host = fqdn;
account-domain = domain;
protocol = "https";
bind-address = "localhost";
instance-inject-mastodon-version = true;
accounts-registration-open = true;
instance-expose-public-timeline = true;
letsencrypt-enabled = false;
};
setupPostgresqlDB = true;
};
modules.services.webserver.vHosts = {
${domain}.locations = lib.listToAttrs (
lib.map
(path: {
name = "/.well-known/${path}";
value.extraConfig = ''
rewrite ^.*$ https://${fqdn}/.well-known/${path} permanent;
'';
}) [
"host-meta"
"webfinger"
"nodeinfo"
]
);
webserver.vHosts = {
${domain}.locations = lib.listToAttrs (
lib.map
(path: {
name = "/.well-known/${path}";
value.extraConfig = ''
rewrite ^.*$ https://${fqdn}/.well-known/${path} permanent;
'';
}) [
"host-meta"
"webfinger"
"nodeinfo"
]
);
"${fqdn}".locations."/".proxyPort = port;
"${fqdn}".locations."/".proxyPort = port;
};
};
};
}

23
modules/services/grafana.nix
View File

@@ -1,32 +1,21 @@
{ lib, config, ... }:
let
cfg = config.modules.services.grafana;
cfg = config.services.grafana;
secrets = config.age.secrets;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{
options.modules.services.grafana = {
enable = lib.mkEnableOption "Enable Grafana";
options.services.grafana = {
subdomain = lib.mkOption {
type = lib.types.str;
};
config = lib.mkOption {
type = lib.types.attrs;
};
port = lib.mkOption {
type = lib.types.int;
default = 3300;
};
};
config = lib.mkIf cfg.enable {
services.grafana = {
enable = true;
settings = {
server = {
root_url = "https://${fqdn}";
http_port = cfg.port;
};
database = {
@@ -36,11 +25,7 @@ in
};
smtp = {
enabled = true;
host = "horologium.uberspace.de";
from_address = "noreply@freun.dev";
from_name = "Vaultwarden";
user = "noreply@freun.dev";
from_name = "Grafana";
password = "$__file{${secrets.smtp-password.path}}";
};
};
@@ -59,7 +44,7 @@ in
];
};
modules.services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.settings.server.http_port;
services.postgresql = {
enable = lib.mkDefault true;

16
modules/services/gtrackmap.nix
View File

@@ -1,6 +1,6 @@
{ lib, config, inputs, ... }:
let
cfg = config.modules.services.gtrackmap;
cfg = config.services.gtrackmap;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{
@@ -8,23 +8,13 @@ in
inputs.gtrackmap.nixosModules.default
];
options.modules.services.gtrackmap = {
enable = lib.mkEnableOption "Enable GTrackmap";
options.services.gtrackmap = {
subdomain = lib.mkOption {
type = lib.types.str;
};
port = lib.mkOption {
type = lib.types.int;
default = 3200;
};
};
config = lib.mkIf cfg.enable {
services.gtrackmap = {
enable = true;
inherit (cfg) port;
};
modules.services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
};
}

2
modules/services/hastebin.nix
View File

@@ -37,7 +37,7 @@ in
auth_tokens_file = secrets.hastebin-tokens.path;
};
modules.services.webserver = {
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn} = {
proxyBuffering = false;

2
modules/services/immich.nix
View File

@@ -215,7 +215,7 @@ in
wantedBy = [ "multi-user.target" ];
};
modules.services.webserver = {
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
};

13
modules/services/invidious.nix
View File

@@ -1,26 +1,19 @@
{ config, lib, ... }:
let
cfg = config.modules.services.invidious;
cfg = config.services.invidious;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{
options.modules.services.invidious = {
enable = lib.mkEnableOption "Enable Invidious";
options.services.invidious = {
subdomain = lib.mkOption {
type = lib.types.str;
};
port = lib.mkOption {
type = lib.types.int;
default = 3000;
};
};
config = lib.mkIf cfg.enable {
services.invidious = {
enable = true;
domain = fqdn;
address = "127.0.0.1";
inherit (cfg) port;
settings = {
external_port = 443;
@@ -33,7 +26,7 @@ in
services.postgresql.enable = lib.mkDefault true;
modules.services.webserver = {
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
};

14
modules/services/owncast.nix
View File

@@ -1,26 +1,20 @@
{ lib, config, ... }:
let
cfg = config.modules.services.owncast;
cfg = config.services.owncast;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{
options.modules.services.owncast = {
enable = lib.mkEnableOption "Enable Owncast";
options.services.owncast = {
subdomain = lib.mkOption {
type = lib.types.str;
};
port = lib.mkOption {
type = lib.types.int;
default = 8080;
};
};
config = lib.mkIf cfg.enable {
services.owncast = {
enable = true;
openFirewall = true;
inherit (cfg) port;
};
modules.services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
};
}

26
modules/services/readeck.nix
View File

@@ -17,20 +17,22 @@ in
};
config = lib.mkIf cfg.enable {
services.readeck = {
package = pkgsUnstable.readeck;
environmentFile = secrets.readeck.path;
settings = {
server.port = lib.mkDefault 8090;
services = {
readeck = {
package = pkgsUnstable.readeck;
environmentFile = secrets.readeck.path;
settings = {
server.port = lib.mkDefault 8090;
};
};
};
modules.services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn} = {
proxyBuffering = false;
locations."/" = {
proxyPort = cfg.settings.server.port;
webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn} = {
proxyBuffering = false;
locations."/" = {
proxyPort = cfg.settings.server.port;
};
};
};
};

12
modules/services/syncthing.nix
View File

@@ -1,14 +1,10 @@
{ config, lib, ... }:
let
cfg = config.modules.services.syncthing;
cfg = config.services.syncthing;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{
options.modules.services.syncthing = {
enable = lib.mkEnableOption "Enable Syncthing";
dataDir = lib.mkOption {
type = lib.types.str;
};
options.services.syncthing = {
subdomain = lib.mkOption {
type = lib.types.str;
};
@@ -20,14 +16,12 @@ in
config = lib.mkIf cfg.enable {
services.syncthing = {
enable = true;
dataDir = cfg.dataDir;
openDefaultPorts = true;
guiAddress = "[::1]:${toString cfg.port}";
settings.gui.insecureSkipHostCheck = true;
};
modules.services.webserver = {
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
};

13
modules/services/tailscale.nix
View File

@@ -1,18 +1,9 @@
{ lib, config, ... }:
let
cfg = config.modules.services.tailscale;
cfg = config.services.tailscale;
in
{
options = {
modules.services.tailscale = {
enable = lib.mkEnableOption "Enable Tailscale";
};
};
config = lib.mkIf cfg.enable {
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
services.tailscale.useRoutingFeatures = "server";
};
}

63
modules/services/vaultwarden.nix
View File

@@ -1,53 +1,46 @@
{ lib, config, ... }:
let
cfg = config.modules.services.vaultwarden;
cfg = config.services.vaultwarden;
secrets = config.age.secrets;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
port = config.services.vaultwarden.config.ROCKET_PORT;
in
{
options.modules.services.vaultwarden = {
enable = lib.mkEnableOption "Enable Vaultwarden";
options.services.vaultwarden = {
subdomain = lib.mkOption {
type = lib.types.str;
};
secrets = lib.mkOption {
type = lib.types.str;
};
config = lib.mkOption {
type = lib.types.attrs;
default = { };
};
};
config = lib.mkIf cfg.enable {
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = secrets.vaultwarden.path;
config = {
DOMAIN = "https://${fqdn}";
DATABASE_URL = "postgres://%2Fvar%2Frun%2Fpostgresql/vaultwarden";
WEBSOCKET_ENABLED = true;
SIGNUPS_VERIFY = true;
PASSWORD_ITERATIONS = 600000;
ROCKET_LIMITS = "{json=10485760}";
ROCKET_PORT = 8000;
} // cfg.config;
};
services = {
vaultwarden = {
dbBackend = "postgresql";
environmentFile = secrets.vaultwarden.path;
config = {
DOMAIN = "https://${fqdn}";
DATABASE_URL = "postgres://%2Fvar%2Frun%2Fpostgresql/vaultwarden";
WEBSOCKET_ENABLED = true;
SIGNUPS_VERIFY = true;
PASSWORD_ITERATIONS = 600000;
ROCKET_LIMITS = "{json=10485760}";
ROCKET_PORT = 8000;
};
};
modules.services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = port;
};
webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = port;
};
services.postgresql = {
enable = lib.mkDefault true;
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{
name = "vaultwarden";
ensureDBOwnership = true;
}];
postgresql = {
enable = lib.mkDefault true;
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{
name = "vaultwarden";
ensureDBOwnership = true;
}];
};
};
};
}

4
modules/services/webserver.nix
View File

@@ -1,6 +1,6 @@
{ lib, config, ... }:
let
cfg = config.modules.services.webserver;
cfg = config.services.webserver;
types = {
location = lib.types.submodule {
@@ -30,7 +30,7 @@ let
};
in
{
options.modules.services.webserver = {
options.services.webserver = {
enable = lib.mkEnableOption "Enable nginx";
acme = {
dnsChallenge = lib.mkEnableOption "Enable DNS challenge";

8
modules/services/workout-sync.nix
View File

@@ -1,12 +1,12 @@
{ pkgs, inputs, config, lib, ... }:
let
cfg = config.modules.services.workout-sync;
cfg = config.services.workout-sync;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
port = cfg.port;
workout-sync = inputs.workout-sync.packages.${pkgs.system}.default;
in
{
options.modules.services.workout-sync = {
options.services.workout-sync = {
enable = lib.mkEnableOption "Enable Workout Sync";
subdomain = lib.mkOption {
type = lib.types.str;
@@ -18,7 +18,7 @@ in
};
config = lib.mkIf cfg.enable {
modules.services.workout-tracker.enable = lib.mkDefault true;
services.workout-tracker.enable = lib.mkDefault true;
systemd.services.workout-sync = {
enable = true;
@@ -46,7 +46,7 @@ in
confinement.enable = true;
};
modules.services.webserver = {
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/" = {
proxyPort = port;

21
modules/services/workout-tracker.nix
View File

@@ -1,32 +1,21 @@
{ pkgs, config, lib, inputs, ... }:
let
cfg = config.modules.services.workout-tracker;
cfg = config.services.workout-tracker;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
port = cfg.port;
package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.workout-tracker;
in
{
options.modules.services.workout-tracker = {
enable = lib.mkEnableOption "Enable Workout Tracker";
version = lib.mkOption {
type = lib.types.str;
};
options.services.workout-tracker = {
subdomain = lib.mkOption {
type = lib.types.str;
};
port = lib.mkOption {
type = lib.types.int;
default = 3322;
};
};
config = lib.mkIf cfg.enable {
services.workout-tracker = {
enable = true;
inherit port;
package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.workout-tracker;
};
services.workout-tracker = { inherit package; };
modules.services.webserver = {
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = port;
};