noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-05 16:10:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

hostnames and user settings

Browse Source
This commit is contained in:
Noah Masur
2025-02-08 12:58:06 -05:00
parent 9c5de4c54f
commit 61b1ceffd9
45 changed files with 253 additions and 275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
platforms/nixos/modules/hostnames.nix
View File

@ -1,8 +0,0 @@
{ lib, ... }:
{
options.hostnames = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
};
}

33
platforms/nixos/modules/nmasur/presets/programs/calendar.nix
View File

@ -1,33 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.nmasur.presets.programs.calendar;
in
{
options.nmasur.presets.programs.calendar.enable = lib.mkEnableOption "Calendar application";
config = lib.mkIf cfg.enable {
accounts.calendar.accounts.default = {
basePath = "other/calendars"; # Where to save calendars in ~ directory
name = "personal";
local.type = "filesystem";
primary = true;
remote = {
passwordCommand = [ "" ];
type = "caldav";
url = "https://${config.hostnames.content}/remote.php/dav/principals/users/${config.user}";
userName = config.user;
};
};
home.packages = [ pkgs.gnome-calendar ];
};
}

5
platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
View File

@ -6,6 +6,7 @@
let
cfg = config.nmasur.presets.services.actualbudget;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -60,7 +61,7 @@ in
# Allow web traffic to Caddy
caddy.routes = [
{
match = [ { host = [ config.hostnames.budget ]; } ];
match = [ { host = [ hostnames.budget ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -71,7 +72,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.budget ];
services.cloudflare-dyndns.domains = [ hostnames.budget ];
# Backups
services.restic.backups.default.paths = [ "/var/lib/actualbudget" ];

17
platforms/nixos/modules/nmasur/presets/services/arr.nix
View File

@ -8,6 +8,7 @@
let
cfg = config.nmasur.presets.services.actualbudget;
hostnames = config.nmasur.settings.hostnames;
# This config specifies ports for Prometheus to scrape information
arrConfig = {
@ -98,7 +99,7 @@ in
group = "download";
match = [
{
host = [ config.hostnames.download ];
host = [ hostnames.download ];
path = [ "/sonarr*" ];
}
];
@ -114,7 +115,7 @@ in
group = "download";
match = [
{
host = [ config.hostnames.download ];
host = [ hostnames.download ];
path = [ "/radarr*" ];
}
];
@ -129,7 +130,7 @@ in
group = "download";
match = [
{
host = [ config.hostnames.download ];
host = [ hostnames.download ];
path = [ "/readarr*" ];
}
];
@ -144,7 +145,7 @@ in
group = "download";
match = [
{
host = [ config.hostnames.download ];
host = [ hostnames.download ];
path = [ "/prowlarr*" ];
}
];
@ -160,7 +161,7 @@ in
group = "download";
match = [
{
host = [ config.hostnames.download ];
host = [ hostnames.download ];
path = [ "/bazarr*" ];
}
];
@ -180,7 +181,7 @@ in
group = "download";
match = [
{
host = [ config.hostnames.download ];
host = [ hostnames.download ];
path = [ "/sabnzbd*" ];
}
];
@ -193,7 +194,7 @@ in
}
{
group = "download";
match = [ { host = [ config.hostnames.download ]; } ];
match = [ { host = [ hostnames.download ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -204,7 +205,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.download ];
services.cloudflare-dyndns.domains = [ hostnames.download ];
# Enable Prometheus exporters
systemd.services = lib.mapAttrs' (name: attrs: {

11
platforms/nixos/modules/nmasur/presets/services/bind.nix
View File

@ -14,14 +14,15 @@
let
cfg = config.nmasur.presets.services.bind;
hostnames = config.nmasur.settings.hostnames;
localIp = "192.168.1.218";
localServices = [
config.hostnames.stream
config.hostnames.content
config.hostnames.books
config.hostnames.download
config.hostnames.photos
hostnames.stream
hostnames.content
hostnames.books
hostnames.download
hostnames.photos
];
mkRecord = service: "${service} A ${localIp}";
localRecords = lib.concatLines (map mkRecord localServices);

7
platforms/nixos/modules/nmasur/presets/services/calibre-web.nix
View File

@ -1,7 +1,7 @@
# Calibre-web is an E-Book library and management tool.
# - Exposed to the public via Caddy.
# - Hostname defined with config.hostnames.books
# - Hostname defined with hostnames.books
# - File directory backed up to S3 on a cron schedule.
{
@ -14,6 +14,7 @@
let
cfg = config.nmasur.presets.services.calibre-web;
hostnames = config.nmasur.settings.hostnames;
libraryPath = "/data/books";
in
{
@ -38,7 +39,7 @@ in
# Allow web traffic to Caddy
caddy.routes = [
{
match = [ { host = [ config.hostnames.books ]; } ];
match = [ { host = [ hostnames.books ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -54,7 +55,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.books ];
services.cloudflare-dyndns.domains = [ hostnames.books ];
# Grant user access to Calibre directories
users.users.${config.user}.extraGroups = [ "calibre-web" ];

5
platforms/nixos/modules/nmasur/presets/services/filebrowser.nix
View File

@ -5,6 +5,7 @@
}:
let
cfg = config.nmasur.presets.services.filebrowser;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -20,7 +21,7 @@ in
caddy.routes = [
{
match = [ { host = [ config.hostnames.files ]; } ];
match = [ { host = [ hostnames.files ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -33,7 +34,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.files ];
services.cloudflare-dyndns.domains = [ hostnames.files ];
};

3
platforms/nixos/modules/nmasur/presets/services/gitea-runner-local.nix
View File

@ -13,6 +13,7 @@
let
cfg = config.nmasur.presets.services.gitea-runner-local;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -42,7 +43,7 @@ in
wget
];
name = config.networking.hostName;
url = "https://${config.hostnames.git}";
url = "https://${hostnames.git}";
tokenFile = config.secrets.giteaRunnerToken.dest;
};

11
platforms/nixos/modules/nmasur/presets/services/gitea.nix
View File

@ -7,6 +7,7 @@
let
cfg = config.nmasur.presets.services.gitea;
hostnames = config.nmasur.settings.hostnames;
giteaPath = "/var/lib/gitea"; # Default service directory
in
{
@ -28,7 +29,7 @@ in
DISABLE_HTTP_GIT = false;
# Allow requests hitting the specified hostname.
ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git;
ACCESS_CONTROL_ALLOW_ORIGIN = hostnames.git;
# Automatically create viable users/orgs on push.
ENABLE_PUSH_CREATE_USER = true;
@ -40,7 +41,7 @@ in
server = {
HTTP_PORT = 3001;
HTTP_ADDRESS = "127.0.0.1";
ROOT_URL = "https://${config.hostnames.git}/";
ROOT_URL = "https://${hostnames.git}/";
SSH_PORT = 22;
START_SSH_SERVER = false; # Use sshd instead
DISABLE_SSH = false;
@ -65,7 +66,7 @@ in
{
match = [
{
host = [ config.hostnames.git ];
host = [ hostnames.git ];
path = [ "/metrics*" ];
}
];
@ -78,7 +79,7 @@ in
}
# Allow access to primary server.
{
match = [ { host = [ config.hostnames.git ]; } ];
match = [ { host = [ hostnames.git ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -91,7 +92,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.git ];
services.cloudflare-dyndns.domains = [ hostnames.git ];
# Scrape the metrics endpoint for Prometheus.
prometheus.scrapeTargets = [

47
platforms/nixos/modules/nmasur/presets/services/grafana.nix
View File

@ -7,6 +7,7 @@
let
cfg = config.nmasur.presets.services.grafana;
hostnames = config.nmasur.settings.hostnames;
promUid = "victoriametrics";
in
{
@ -31,7 +32,7 @@ in
enable = true;
settings = {
server = {
domain = config.hostnames.metrics;
domain = hostnames.metrics;
http_addr = "127.0.0.1";
http_port = 3000;
protocol = "http";
@ -451,7 +452,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.git}/admin/runners";
url = "https://${hostnames.git}/admin/runners";
}
];
options = {
@ -525,7 +526,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.stream}";
url = "https://${hostnames.stream}";
}
];
options = {
@ -785,7 +786,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.download}";
url = "https://${hostnames.download}";
}
];
}
@ -807,7 +808,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.download}/bazarr";
url = "https://${hostnames.download}/bazarr";
}
];
}
@ -829,7 +830,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.download}/radarr";
url = "https://${hostnames.download}/radarr";
}
];
}
@ -851,7 +852,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.download}/readarr";
url = "https://${hostnames.download}/readarr";
}
];
}
@ -873,7 +874,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.content}";
url = "https://${hostnames.content}";
}
];
}
@ -895,7 +896,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.books}";
url = "https://${hostnames.books}";
}
];
}
@ -917,7 +918,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.download}/sabnzbd";
url = "https://${hostnames.download}/sabnzbd";
}
];
}
@ -939,7 +940,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.influxdb}";
url = "https://${hostnames.influxdb}";
}
];
}
@ -961,7 +962,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.stream}";
url = "https://${hostnames.stream}";
}
];
}
@ -983,7 +984,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.download}/sonarr";
url = "https://${hostnames.download}/sonarr";
}
];
}
@ -1005,7 +1006,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.irc}";
url = "https://${hostnames.irc}";
}
];
}
@ -1027,7 +1028,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.download}/prowlarr";
url = "https://${hostnames.download}/prowlarr";
}
];
}
@ -1049,7 +1050,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.metrics}";
url = "https://${hostnames.metrics}";
}
];
}
@ -1071,7 +1072,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.git}";
url = "https://${hostnames.git}";
}
];
}
@ -1093,7 +1094,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.secrets}";
url = "https://${hostnames.secrets}";
}
];
}
@ -1115,7 +1116,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.prometheus}/vmui";
url = "https://${hostnames.prometheus}/vmui";
}
];
}
@ -1137,7 +1138,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.paperless}";
url = "https://${hostnames.paperless}";
}
];
}
@ -1159,7 +1160,7 @@ in
{
targetBlank = true;
title = "";
url = "https://${config.hostnames.audiobooks}";
url = "https://${hostnames.audiobooks}";
}
];
}
@ -2562,7 +2563,7 @@ in
caddy.routes = [
{
match = [ { host = [ config.hostnames.metrics ]; } ];
match = [ { host = [ hostnames.metrics ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -2575,6 +2576,6 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.metrics ];
services.cloudflare-dyndns.domains = [ hostnames.metrics ];
};
}

9
platforms/nixos/modules/nmasur/presets/services/immich.nix
View File

@ -2,6 +2,7 @@
let
cfg = config.nmasur.presets.services.immich;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -19,7 +20,7 @@ in
machine-learning.environment = { };
mediaLocation = "/data/images";
secretsFile = null;
settings.server.externalDomain = "https://${config.hostnames.photos}";
settings.server.externalDomain = "https://${hostnames.photos}";
environment = {
IMMICH_ENV = "production";
IMMICH_LOG_LEVEL = "log";
@ -30,7 +31,7 @@ in
caddy.routes = [
{
match = [ { host = [ config.hostnames.photos ]; } ];
match = [ { host = [ hostnames.photos ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -41,10 +42,10 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.photos ];
services.cloudflare-dyndns.domains = [ hostnames.photos ];
# Point localhost to the local domain
networking.hosts."127.0.0.1" = [ config.hostnames.photos ];
networking.hosts."127.0.0.1" = [ hostnames.photos ];
# Backups
services.restic.backups.default.paths = [ "/data/images" ];

5
platforms/nixos/modules/nmasur/presets/services/influxdb2.nix
View File

@ -7,6 +7,7 @@
let
cfg = config.nmasur.presets.services.influxdb2;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -56,7 +57,7 @@ in
caddy.routes = lib.mkIf config.services.influxdb2.enable [
{
match = [ { host = [ config.hostnames.influxdb ]; } ];
match = [ { host = [ hostnames.influxdb ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -67,6 +68,6 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.influxdb ];
services.cloudflare-dyndns.domains = [ hostnames.influxdb ];
};
}

7
platforms/nixos/modules/nmasur/presets/services/jellyfin.nix
View File

@ -10,6 +10,7 @@
let
cfg = config.nmasur.presets.services.jellyfin;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -25,7 +26,7 @@ in
{
match = [
{
host = [ config.hostnames.stream ];
host = [ hostnames.stream ];
path = [ "/metrics*" ];
}
];
@ -38,7 +39,7 @@ in
}
# Allow access to normal route.
{
match = [ { host = [ config.hostnames.stream ]; } ];
match = [ { host = [ hostnames.stream ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -49,7 +50,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.stream ];
services.cloudflare-dyndns.domains = [ hostnames.stream ];
# Create videos directory, allow anyone in Jellyfin group to manage it
systemd.tmpfiles.rules = [

3
platforms/nixos/modules/nmasur/presets/services/minecraft-server.nix
View File

@ -7,6 +7,7 @@
let
cfg = config.nmasur.presets.services.minecraft-server;
hostnames = config.nmasur.settings.hostnames;
localPort = 25564;
publicPort = 49732;
rconPort = 25575;
@ -52,7 +53,7 @@ in
networking.firewall.allowedTCPPorts = [ publicPort ];
cloudflare.noProxyDomains = [ config.hostnames.minecraft ];
cloudflare.noProxyDomains = [ hostnames.minecraft ];
## Automatically start and stop Minecraft server based on player connections

16
platforms/nixos/modules/services/n8n.nix → platforms/nixos/modules/nmasur/presets/services/n8n.nix
View File

@ -2,14 +2,22 @@
# together with triggers.
{ config, lib, ... }:
let
cfg = config.nmasur.presets.services.n8n;
hostnames = config.nmasur.settings.hostnames;
in
{
config = lib.mkIf config.services.n8n.enable {
options.nmasur.presets.services.n8n.enable = lib.mkEnableOption "n8n low-code automation tool";
config = lib.mkIf cfg.enable {
unfreePackages = [ "n8n" ];
services.n8n = {
webhookUrl = "https://${config.hostnames.n8n}";
webhookUrl = "https://${hostnames.n8n}";
settings = {
listen_address = "127.0.0.1";
port = 5678;
@ -22,12 +30,12 @@
};
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.n8n ];
services.cloudflare-dyndns.domains = [ hostnames.n8n ];
# Allow web traffic to Caddy
caddy.routes = [
{
match = [ { host = [ config.hostnames.n8n ]; } ];
match = [ { host = [ hostnames.n8n ]; } ];
handle = [
{
handler = "reverse_proxy";

11
platforms/nixos/modules/nmasur/presets/services/nextcloud.nix
View File

@ -7,6 +7,7 @@
let
cfg = config.nmasur.presets.services.nextcloud;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -30,7 +31,7 @@ in
settings = {
default_phone_region = "US";
# Allow access when hitting either of these hosts or IPs
trusted_domains = [ config.hostnames.content ];
trusted_domains = [ hostnames.content ];
trusted_proxies = [ "127.0.0.1" ];
maintenance_window_start = 4; # Run jobs at 4am UTC
log_type = "file";
@ -64,7 +65,7 @@ in
# Point Caddy to Nginx
caddy.routes = [
{
match = [ { host = [ config.hostnames.content ]; } ];
match = [ { host = [ hostnames.content ]; } ];
handle = [
{
handler = "subroute";
@ -195,7 +196,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.content ];
services.cloudflare-dyndns.domains = [ hostnames.content ];
# Create credentials file for nextcloud
secrets.nextcloud = {
@ -217,11 +218,11 @@ in
systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode = lib.mkForce "0770";
# Log metrics to prometheus
networking.hosts."127.0.0.1" = [ config.hostnames.content ];
networking.hosts."127.0.0.1" = [ hostnames.content ];
services.prometheus.exporters.nextcloud = {
enable = config.prometheus.exporters.enable;
username = config.services.nextcloud.config.adminuser;
url = "https://${config.hostnames.content}";
url = "https://${hostnames.content}";
passwordFile = config.services.nextcloud.config.adminpassFile;
};
prometheus.scrapeTargets = [

7
platforms/nixos/modules/nmasur/presets/services/ntfy-sh.nix
View File

@ -2,6 +2,7 @@
let
cfg = config.nmasur.presets.services.ntfy-sh;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -11,7 +12,7 @@ in
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://${config.hostnames.notifications}";
base-url = "https://${hostnames.notifications}";
upstream-base-url = "https://ntfy.sh";
listen-http = ":8333";
behind-proxy = true;
@ -22,7 +23,7 @@ in
caddy.routes = [
{
match = [ { host = [ config.hostnames.notifications ]; } ];
match = [ { host = [ hostnames.notifications ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -33,7 +34,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.notifications ];
services.cloudflare-dyndns.domains = [ hostnames.notifications ];
};
}

5
platforms/nixos/modules/nmasur/presets/services/paperless.nix
View File

@ -4,6 +4,7 @@
let
cfg = config.nmasur.presets.services.paperless;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -33,7 +34,7 @@ in
{
match = [
{
host = [ config.hostnames.paperless ];
host = [ hostnames.paperless ];
# path = [ "/paperless*" ]; # Change path name in Caddy
}
];
@ -47,7 +48,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.paperless ];
services.cloudflare-dyndns.domains = [ hostnames.paperless ];
secrets.paperless = {
source = ../../../private/prometheus.age;

3
platforms/nixos/modules/nmasur/presets/services/prometheus-remote-write.nix
View File

@ -12,6 +12,7 @@
let
cfg = config.nmasur.presets.services.prometheus-remote-write;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -25,7 +26,7 @@ in
remoteWrite = [
{
name = config.networking.hostName;
url = "https://${config.hostnames.prometheus}/api/v1/write";
url = "https://${hostnames.prometheus}/api/v1/write";
basic_auth = {
# Uses password hashed with bcrypt above
username = "prometheus";

5
platforms/nixos/modules/nmasur/presets/services/thelounge.nix
View File

@ -1,6 +1,7 @@
{ config, lib, ... }:
let
cfg = config.nmasur.presets.services.thelounge;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -22,7 +23,7 @@ in
# Allow web traffic to Caddy
caddy.routes = [
{
match = [ { host = [ config.hostnames.irc ]; } ];
match = [ { host = [ hostnames.irc ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -33,6 +34,6 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.irc ];
services.cloudflare-dyndns.domains = [ hostnames.irc ];
};
}

9
platforms/nixos/modules/nmasur/presets/services/transmission.nix
View File

@ -10,6 +10,7 @@
let
cfg = config.nmasur.presets.services.transmission;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -37,7 +38,7 @@ in
# This is a salted hash of the real password
# https://github.com/tomwijnroks/transmission-pwgen
rpc-password = "{c4c5145f6e18bcd3c7429214a832440a45285ce26jDOBGVW";
rpc-host-whitelist = config.hostnames.transmission;
rpc-host-whitelist = hostnames.transmission;
rpc-host-whitelist-enabled = true;
rpc-whitelist = lib.mkDefault "127.0.0.1"; # Overwritten by Cloudflare
rpc-whitelist-enabled = true;
@ -45,7 +46,7 @@ in
};
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.transmission ];
services.cloudflare-dyndns.domains = [ hostnames.transmission ];
# Bind transmission to wireguard namespace
systemd.services.transmission = lib.mkIf config.wireguard.enable {
@ -66,14 +67,14 @@ in
caddy.routes =
let
# Set if the download domain is the same as the Transmission domain
useDownloadDomain = config.hostnames.download == config.hostnames.transmission;
useDownloadDomain = hostnames.download == hostnames.transmission;
in
lib.mkAfter [
{
group = if useDownloadDomain then "download" else "transmission";
match = [
{
host = [ config.hostnames.transmission ];
host = [ hostnames.transmission ];
path = if useDownloadDomain then [ "/transmission*" ] else null;
}
];

5
platforms/nixos/modules/nmasur/presets/services/uptime-kuma.nix
View File

@ -2,6 +2,7 @@
let
cfg = config.nmasur.presets.services.uptime-kuma;
hostnames = config.nmasur.settings.hostnames;
in
{
@ -20,7 +21,7 @@ in
# Allow web traffic to Caddy
caddy.routes = [
{
match = [ { host = [ config.hostnames.status ]; } ];
match = [ { host = [ hostnames.status ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -33,7 +34,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.status ];
services.cloudflare-dyndns.domains = [ hostnames.status ];
};

7
platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix
View File

@ -11,6 +11,7 @@
let
cfg = config.nmasur.presets.services.vaultwarden;
hostnames = config.nmasur.settings.hostnames;
vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory
in
{
@ -22,7 +23,7 @@ in
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://${config.hostnames.secrets}";
DOMAIN = "https://${hostnames.secrets}";
SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true;
INVITATIONS_ALLOWED = true;
@ -52,7 +53,7 @@ in
caddy.routes = [
{
match = [ { host = [ config.hostnames.secrets ]; } ];
match = [ { host = [ hostnames.secrets ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -66,7 +67,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.secrets ];
services.cloudflare-dyndns.domains = [ hostnames.secrets ];
## Backup config

5
platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix
View File

@ -11,6 +11,7 @@
let
cfg = config.nmasur.presets.services.victoriametrics;
hostnames = config.nmasur.settings.hostnames;
username = "prometheus";
@ -79,7 +80,7 @@ in
caddy.routes = [
{
match = [ { host = [ config.hostnames.prometheus ]; } ];
match = [ { host = [ hostnames.prometheus ]; } ];
handle = [
{
handler = "reverse_proxy";
@ -90,7 +91,7 @@ in
];
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.prometheus ];
services.cloudflare-dyndns.domains = [ hostnames.prometheus ];
};
}

3
platforms/nixos/modules/nmasur/presets/services/vm-agent.nix
View File

@ -11,6 +11,7 @@
let
cfg = config.nmasur.presets.services.vm-agent;
hostnames = config.nmasur.settings.hostnames;
username = "prometheus";
@ -37,7 +38,7 @@ in
package = pkgs-stable.vmagent;
prometheusConfig = prometheusConfig;
remoteWrite = {
url = "https://${config.hostnames.prometheus}/api/v1/write";
url = "https://${hostnames.prometheus}/api/v1/write";
basicAuthUsername = username;
basicAuthPasswordFile = config.secrets.vmagent.dest;
};

19
platforms/nixos/modules/nmasur/settings.nix Normal file
View File

@ -0,0 +1,19 @@
{ lib, ... }:
{
options.nmasur.settings = {
username = lib.mkOption {
type = lib.types.str;
description = "Primary username for the system";
};
fullName = lib.mkOption {
type = lib.types.str;
description = "Human readable name of the user";
};
options.hostnames = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Map of service names to FQDNs";
default = { };
};
};
}

3
platforms/nixos/modules/secrets.nix
View File

@ -27,6 +27,7 @@ in
identityFile = lib.mkOption {
type = lib.types.path;
description = "Path containing decryption identity.";
default = "/etc/ssh/ssh_host_ed25519_key";
};
secrets = lib.mkOption {
@ -91,7 +92,7 @@ in
script = ''
echo "${attrs.prefix}$(
${pkgs.age}/bin/age --decrypt \
--identity ${config.secretsIdentityFile} ${attrs.source}
--identity ${config.identityFile} ${attrs.source}
)" > ${attrs.dest}
chown '${attrs.owner}':'${attrs.group}' '${attrs.dest}'

3
platforms/nixos/modules/services/filebrowser.nix
View File

@ -6,6 +6,7 @@
}:
let
cfg = config.services.filebrowser;
hostnames = config.nmasur.settings.hostnames;
dataDir = "/var/lib/filebrowser";
@ -57,7 +58,7 @@ in
};
# Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.files ];
services.cloudflare-dyndns.domains = [ hostnames.files ];
};