repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
Joakim Repomaa
2025-02-12 20:58:42 +02:00
parent dd4e5c63e3
commit c519f8d83e
17 changed files with 182 additions and 252 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/apu/configuration.nix
View File

@@ -218,7 +218,7 @@
}; };
}; };
modules.services.webserver = { services.webserver = {
enable = true; enable = true;
acme.dnsChallenge = true; acme.dnsChallenge = true;
vHosts."koti.repomaa.com" = { vHosts."koti.repomaa.com" = {

135
hosts/freun.dev/services.nix
View File

@@ -28,20 +28,6 @@ in
}; };
modules.services = { modules.services = {
vaultwarden = {
enable = true;
subdomain = "pw";
config = {
YUBICO_CLIENT_ID = 86799;
SMTP_HOST = smtp.host;
SMTP_FROM = smtp.from;
SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = smtp.username;
SMTP_PORT = smtp.port;
HELO_NAME = smtp.heloName;
};
};
immich = { immich = {
enable = true; enable = true;
subdomain = "img"; subdomain = "img";
@@ -49,55 +35,6 @@ in
storageDirs = [ syncthingDataDir ]; storageDirs = [ syncthingDataDir ];
version = "v1.125.7"; version = "v1.125.7";
}; };
syncthing = {
enable = true;
subdomain = "sync";
dataDir = syncthingDataDir;
};
gotosocial = {
enable = true;
subdomain = "social";
settings = {
smtp-host = smtp.host;
smtp-port = smtp.port;
smtp-username = smtp.username;
smtp-from = smtp.from;
};
};
workout-tracker = {
enable = true;
subdomain = "fit";
};
workout-sync = {
enable = true;
subdomain = "ws";
};
invidious = {
enable = true;
subdomain = "vid";
};
grafana = {
enable = true;
subdomain = "graph";
};
gtrackmap = {
enable = true;
subdomain = "trackmap";
};
owncast = {
enable = true;
subdomain = "stream";
};
tailscale.enable = true;
}; };
services = { services = {
@@ -130,5 +67,77 @@ in
}; };
}; };
}; };
grafana = {
enable = true;
subdomain = "graph";
settings.smtp = {
enabled = true;
host = smtp.host;
port = smtp.port;
user = smtp.username;
from_address = smtp.from;
};
};
owncast = {
enable = true;
subdomain = "stream";
};
gtrackmap = {
enable = true;
subdomain = "trackmap";
port = 3001;
};
invidious = {
enable = true;
subdomain = "vid";
};
syncthing = {
enable = true;
subdomain = "sync";
dataDir = syncthingDataDir;
};
tailscale.enable = true;
gotosocial = {
enable = true;
subdomain = "social";
settings = {
smtp-host = smtp.host;
smtp-port = smtp.port;
smtp-username = smtp.username;
smtp-from = smtp.from;
instance-languages = [ "de" "fi" "en" ];
};
};
vaultwarden = {
enable = true;
subdomain = "pw";
config = {
YUBICO_CLIENT_ID = 86799;
SMTP_HOST = smtp.host;
SMTP_FROM = smtp.from;
SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = smtp.username;
SMTP_PORT = smtp.port;
HELO_NAME = smtp.heloName;
};
};
workout-tracker = {
enable = true;
subdomain = "fit";
};
workout-sync = {
enable = true;
subdomain = "ws";
};
}; };
} }

2
modules/services/donetick.nix
View File

@@ -204,7 +204,7 @@ in
confinement.enable = true; confinement.enable = true;
}; };
modules.services.webserver = { services.webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/" .proxyPort = cfg.settings.server.port; vHosts.${fqdn}.locations."/" .proxyPort = cfg.settings.server.port;
}; };

78
modules/services/gotosocial.nix
View File

@@ -1,62 +1,52 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.modules.services.gotosocial; cfg = config.services.gotosocial;
secrets = config.age.secrets; secrets = config.age.secrets;
domain = config.networking.domain; domain = config.networking.domain;
fqdn = "${cfg.subdomain}.${domain}"; fqdn = "${cfg.subdomain}.${domain}";
port = cfg.port; port = cfg.settings.port;
in in
{ {
options.modules.services.gotosocial = { options.services.gotosocial = {
enable = lib.mkEnableOption "Enable Gotosocial";
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
port = lib.mkOption {
type = lib.types.int;
default = 3500;
};
settings = lib.mkOption {
type = lib.types.attrs;
default = { };
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.gotosocial = { services = {
enable = true; gotosocial = {
environmentFile = secrets.gotosocial.path; environmentFile = secrets.gotosocial.path;
settings = { settings = {
host = fqdn; host = fqdn;
account-domain = domain; account-domain = domain;
protocol = "https"; protocol = "https";
bind-address = "localhost"; bind-address = "localhost";
instance-languages = [ "de" "fi" "en" ]; instance-inject-mastodon-version = true;
instance-inject-mastodon-version = true; accounts-registration-open = true;
accounts-registration-open = true; instance-expose-public-timeline = true;
instance-expose-public-timeline = true; letsencrypt-enabled = false;
letsencrypt-enabled = false; };
inherit port; setupPostgresqlDB = true;
} // cfg.settings; };
setupPostgresqlDB = true;
};
modules.services.webserver.vHosts = { webserver.vHosts = {
${domain}.locations = lib.listToAttrs ( ${domain}.locations = lib.listToAttrs (
lib.map lib.map
(path: { (path: {
name = "/.well-known/${path}"; name = "/.well-known/${path}";
value.extraConfig = '' value.extraConfig = ''
rewrite ^.*$ https://${fqdn}/.well-known/${path} permanent; rewrite ^.*$ https://${fqdn}/.well-known/${path} permanent;
''; '';
}) [ }) [
"host-meta" "host-meta"
"webfinger" "webfinger"
"nodeinfo" "nodeinfo"
] ]
); );
"${fqdn}".locations."/".proxyPort = port; "${fqdn}".locations."/".proxyPort = port;
};
}; };
}; };
} }

23
modules/services/grafana.nix
View File

@@ -1,32 +1,21 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.modules.services.grafana; cfg = config.services.grafana;
secrets = config.age.secrets; secrets = config.age.secrets;
fqdn = "${cfg.subdomain}.${config.networking.domain}"; fqdn = "${cfg.subdomain}.${config.networking.domain}";
in in
{ {
options.modules.services.grafana = { options.services.grafana = {
enable = lib.mkEnableOption "Enable Grafana";
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
config = lib.mkOption {
type = lib.types.attrs;
};
port = lib.mkOption {
type = lib.types.int;
default = 3300;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.grafana = { services.grafana = {
enable = true;
settings = { settings = {
server = { server = {
root_url = "https://${fqdn}"; root_url = "https://${fqdn}";
http_port = cfg.port;
}; };
database = { database = {
@@ -36,11 +25,7 @@ in
}; };
smtp = { smtp = {
enabled = true; from_name = "Grafana";
host = "horologium.uberspace.de";
from_address = "noreply@freun.dev";
from_name = "Vaultwarden";
user = "noreply@freun.dev";
password = "$__file{${secrets.smtp-password.path}}"; password = "$__file{${secrets.smtp-password.path}}";
}; };
}; };
@@ -59,7 +44,7 @@ in
]; ];
}; };
modules.services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port; services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.settings.server.http_port;
services.postgresql = { services.postgresql = {
enable = lib.mkDefault true; enable = lib.mkDefault true;

16
modules/services/gtrackmap.nix
View File

@@ -1,6 +1,6 @@
{ lib, config, inputs, ... }: { lib, config, inputs, ... }:
let let
cfg = config.modules.services.gtrackmap; cfg = config.services.gtrackmap;
fqdn = "${cfg.subdomain}.${config.networking.domain}"; fqdn = "${cfg.subdomain}.${config.networking.domain}";
in in
{ {
@@ -8,23 +8,13 @@ in
inputs.gtrackmap.nixosModules.default inputs.gtrackmap.nixosModules.default
]; ];
options.modules.services.gtrackmap = { options.services.gtrackmap = {
enable = lib.mkEnableOption "Enable GTrackmap";
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
port = lib.mkOption {
type = lib.types.int;
default = 3200;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.gtrackmap = { services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
enable = true;
inherit (cfg) port;
};
modules.services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };
} }

2
modules/services/hastebin.nix
View File

@@ -37,7 +37,7 @@ in
auth_tokens_file = secrets.hastebin-tokens.path; auth_tokens_file = secrets.hastebin-tokens.path;
}; };
modules.services.webserver = { services.webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn} = { vHosts.${fqdn} = {
proxyBuffering = false; proxyBuffering = false;

2
modules/services/immich.nix
View File

@@ -215,7 +215,7 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
modules.services.webserver = { services.webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = cfg.port; vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };

13
modules/services/invidious.nix
View File

@@ -1,26 +1,19 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.modules.services.invidious; cfg = config.services.invidious;
fqdn = "${cfg.subdomain}.${config.networking.domain}"; fqdn = "${cfg.subdomain}.${config.networking.domain}";
in in
{ {
options.modules.services.invidious = { options.services.invidious = {
enable = lib.mkEnableOption "Enable Invidious";
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
port = lib.mkOption {
type = lib.types.int;
default = 3000;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.invidious = { services.invidious = {
enable = true;
domain = fqdn; domain = fqdn;
address = "127.0.0.1"; address = "127.0.0.1";
inherit (cfg) port;
settings = { settings = {
external_port = 443; external_port = 443;
@@ -33,7 +26,7 @@ in
services.postgresql.enable = lib.mkDefault true; services.postgresql.enable = lib.mkDefault true;
modules.services.webserver = { services.webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = cfg.port; vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };

14
modules/services/owncast.nix
View File

@@ -1,26 +1,20 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.modules.services.owncast; cfg = config.services.owncast;
fqdn = "${cfg.subdomain}.${config.networking.domain}"; fqdn = "${cfg.subdomain}.${config.networking.domain}";
in in
{ {
options.modules.services.owncast = { options.services.owncast = {
enable = lib.mkEnableOption "Enable Owncast";
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
port = lib.mkOption {
type = lib.types.int;
default = 8080;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.owncast = { services.owncast = {
enable = true;
openFirewall = true; openFirewall = true;
inherit (cfg) port;
}; };
modules.services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };
} }

26
modules/services/readeck.nix
View File

@@ -17,20 +17,22 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.readeck = { services = {
package = pkgsUnstable.readeck; readeck = {
environmentFile = secrets.readeck.path; package = pkgsUnstable.readeck;
settings = { environmentFile = secrets.readeck.path;
server.port = lib.mkDefault 8090; settings = {
server.port = lib.mkDefault 8090;
};
}; };
};
modules.services.webserver = { webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn} = { vHosts.${fqdn} = {
proxyBuffering = false; proxyBuffering = false;
locations."/" = { locations."/" = {
proxyPort = cfg.settings.server.port; proxyPort = cfg.settings.server.port;
};
}; };
}; };
}; };

12
modules/services/syncthing.nix
View File

@@ -1,14 +1,10 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.modules.services.syncthing; cfg = config.services.syncthing;
fqdn = "${cfg.subdomain}.${config.networking.domain}"; fqdn = "${cfg.subdomain}.${config.networking.domain}";
in in
{ {
options.modules.services.syncthing = { options.services.syncthing = {
enable = lib.mkEnableOption "Enable Syncthing";
dataDir = lib.mkOption {
type = lib.types.str;
};
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
@@ -20,14 +16,12 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.syncthing = { services.syncthing = {
enable = true;
dataDir = cfg.dataDir;
openDefaultPorts = true; openDefaultPorts = true;
guiAddress = "[::1]:${toString cfg.port}"; guiAddress = "[::1]:${toString cfg.port}";
settings.gui.insecureSkipHostCheck = true; settings.gui.insecureSkipHostCheck = true;
}; };
modules.services.webserver = { services.webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = cfg.port; vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };

13
modules/services/tailscale.nix
View File

@@ -1,18 +1,9 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.modules.services.tailscale; cfg = config.services.tailscale;
in in
{ {
options = {
modules.services.tailscale = {
enable = lib.mkEnableOption "Enable Tailscale";
};
};
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.tailscale = { services.tailscale.useRoutingFeatures = "server";
enable = true;
useRoutingFeatures = "server";
};
}; };
} }

63
modules/services/vaultwarden.nix
View File

@@ -1,53 +1,46 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.modules.services.vaultwarden; cfg = config.services.vaultwarden;
secrets = config.age.secrets; secrets = config.age.secrets;
fqdn = "${cfg.subdomain}.${config.networking.domain}"; fqdn = "${cfg.subdomain}.${config.networking.domain}";
port = config.services.vaultwarden.config.ROCKET_PORT; port = config.services.vaultwarden.config.ROCKET_PORT;
in in
{ {
options.modules.services.vaultwarden = { options.services.vaultwarden = {
enable = lib.mkEnableOption "Enable Vaultwarden";
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
secrets = lib.mkOption {
type = lib.types.str;
};
config = lib.mkOption {
type = lib.types.attrs;
default = { };
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.vaultwarden = { services = {
enable = true; vaultwarden = {
dbBackend = "postgresql"; dbBackend = "postgresql";
environmentFile = secrets.vaultwarden.path; environmentFile = secrets.vaultwarden.path;
config = { config = {
DOMAIN = "https://${fqdn}"; DOMAIN = "https://${fqdn}";
DATABASE_URL = "postgres://%2Fvar%2Frun%2Fpostgresql/vaultwarden"; DATABASE_URL = "postgres://%2Fvar%2Frun%2Fpostgresql/vaultwarden";
WEBSOCKET_ENABLED = true; WEBSOCKET_ENABLED = true;
SIGNUPS_VERIFY = true; SIGNUPS_VERIFY = true;
PASSWORD_ITERATIONS = 600000; PASSWORD_ITERATIONS = 600000;
ROCKET_LIMITS = "{json=10485760}"; ROCKET_LIMITS = "{json=10485760}";
ROCKET_PORT = 8000; ROCKET_PORT = 8000;
} // cfg.config; };
}; };
modules.services.webserver = { webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = port; vHosts.${fqdn}.locations."/".proxyPort = port;
}; };
services.postgresql = { postgresql = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
ensureDatabases = [ "vaultwarden" ]; ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{ ensureUsers = [{
name = "vaultwarden"; name = "vaultwarden";
ensureDBOwnership = true; ensureDBOwnership = true;
}]; }];
};
}; };
}; };
} }

4
modules/services/webserver.nix
View File

@@ -1,6 +1,6 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.modules.services.webserver; cfg = config.services.webserver;
types = { types = {
location = lib.types.submodule { location = lib.types.submodule {
@@ -30,7 +30,7 @@ let
}; };
in in
{ {
options.modules.services.webserver = { options.services.webserver = {
enable = lib.mkEnableOption "Enable nginx"; enable = lib.mkEnableOption "Enable nginx";
acme = { acme = {
dnsChallenge = lib.mkEnableOption "Enable DNS challenge"; dnsChallenge = lib.mkEnableOption "Enable DNS challenge";

8
modules/services/workout-sync.nix
View File

@@ -1,12 +1,12 @@
{ pkgs, inputs, config, lib, ... }: { pkgs, inputs, config, lib, ... }:
let let
cfg = config.modules.services.workout-sync; cfg = config.services.workout-sync;
fqdn = "${cfg.subdomain}.${config.networking.domain}"; fqdn = "${cfg.subdomain}.${config.networking.domain}";
port = cfg.port; port = cfg.port;
workout-sync = inputs.workout-sync.packages.${pkgs.system}.default; workout-sync = inputs.workout-sync.packages.${pkgs.system}.default;
in in
{ {
options.modules.services.workout-sync = { options.services.workout-sync = {
enable = lib.mkEnableOption "Enable Workout Sync"; enable = lib.mkEnableOption "Enable Workout Sync";
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@@ -18,7 +18,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
modules.services.workout-tracker.enable = lib.mkDefault true; services.workout-tracker.enable = lib.mkDefault true;
systemd.services.workout-sync = { systemd.services.workout-sync = {
enable = true; enable = true;
@@ -46,7 +46,7 @@ in
confinement.enable = true; confinement.enable = true;
}; };
modules.services.webserver = { services.webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/" = { vHosts.${fqdn}.locations."/" = {
proxyPort = port; proxyPort = port;

21
modules/services/workout-tracker.nix
View File

@@ -1,32 +1,21 @@
{ pkgs, config, lib, inputs, ... }: { pkgs, config, lib, inputs, ... }:
let let
cfg = config.modules.services.workout-tracker; cfg = config.services.workout-tracker;
fqdn = "${cfg.subdomain}.${config.networking.domain}"; fqdn = "${cfg.subdomain}.${config.networking.domain}";
port = cfg.port; port = cfg.port;
package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.workout-tracker;
in in
{ {
options.modules.services.workout-tracker = { options.services.workout-tracker = {
enable = lib.mkEnableOption "Enable Workout Tracker";
version = lib.mkOption {
type = lib.types.str;
};
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
port = lib.mkOption {
type = lib.types.int;
default = 3322;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.workout-tracker = { services.workout-tracker = { inherit package; };
enable = true;
inherit port;
package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.workout-tracker;
};
modules.services.webserver = { services.webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = port; vHosts.${fqdn}.locations."/".proxyPort = port;
}; };