noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-02-12 17:02:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

hostnames and user settings

Browse Source
This commit is contained in:
Noah Masur 2025-02-08 12:58:06 -05:00
parent 9c5de4c54f
commit 61b1ceffd9
No known key found for this signature in database
45 changed files with 253 additions and 275 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
flake.lock generated
View File

@ -138,26 +138,6 @@
"type": "github" "type": "github"
} }
}, },
"firefox-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1737161595,
"narHash": "sha256-Txp3uh0KdB3+Pe6xihU0JWWe0LK8iXTUnZ8bOcKu3w0=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "3224752c71a5245e90cfae360e0dc5de98e2b53c",
"type": "github"
},
"original": {
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -213,24 +193,6 @@
} }
}, },
"flake-utils": { "flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": [ "systems": [
"mac-app-util", "mac-app-util",
@ -250,9 +212,9 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-utils_3": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1705309234,
@ -321,37 +283,15 @@
"type": "github" "type": "github"
} }
}, },
"jujutsu": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1737163288,
"narHash": "sha256-PROBXqOUzgqIG66S74P1nyg7MbNoQ01k3oF0IM7qpHY=",
"owner": "martinvonz",
"repo": "jj",
"rev": "83d40d2c425fa2e050bdac8837b19e5beb3bef25",
"type": "github"
},
"original": {
"owner": "martinvonz",
"repo": "jj",
"type": "github"
}
},
"mac-app-util": { "mac-app-util": {
"inputs": { "inputs": {
"cl-nix-lite": "cl-nix-lite", "cl-nix-lite": "cl-nix-lite",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1732920695, "lastModified": 1732920695,
@ -421,7 +361,7 @@
}, },
"nix2vim": { "nix2vim": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -654,11 +594,9 @@
"darwin": "darwin", "darwin": "darwin",
"disko": "disko", "disko": "disko",
"fidget-nvim-src": "fidget-nvim-src", "fidget-nvim-src": "fidget-nvim-src",
"firefox-darwin": "firefox-darwin",
"gh-collaborators": "gh-collaborators", "gh-collaborators": "gh-collaborators",
"hmts-nvim-src": "hmts-nvim-src", "hmts-nvim-src": "hmts-nvim-src",
"home-manager": "home-manager", "home-manager": "home-manager",
"jujutsu": "jujutsu",
"mac-app-util": "mac-app-util", "mac-app-util": "mac-app-util",
"nextcloud-cookbook": "nextcloud-cookbook", "nextcloud-cookbook": "nextcloud-cookbook",
"nextcloud-external": "nextcloud-external", "nextcloud-external": "nextcloud-external",
@ -693,27 +631,6 @@
"zenyd-mpv-scripts": "zenyd-mpv-scripts" "zenyd-mpv-scripts": "zenyd-mpv-scripts"
} }
}, },
"rust-overlay": {
"inputs": {
"nixpkgs": [
"jujutsu",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735784864,
"narHash": "sha256-tIl5p3ueaPw7T5T1UXkLc8ISMk6Y8CI/D/rd0msf73I=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "04d5f1836721461b256ec452883362c5edc5288e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"snipe-nvim-src": { "snipe-nvim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -731,21 +648,6 @@
} }
}, },
"systems": { "systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": { "locked": {
"lastModified": 1689347925, "lastModified": 1689347925,
"narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=", "narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=",
@ -760,7 +662,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": { "systems_2": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

24
flake.nix
View File

@ -34,11 +34,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Use official Firefox binary for macOS # # Use official Firefox binary for macOS
firefox-darwin = { # firefox-darwin = {
url = "github:bandithedoge/nixpkgs-firefox-darwin"; # url = "github:bandithedoge/nixpkgs-firefox-darwin";
inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
}; # };
# Better App install management in macOS # Better App install management in macOS
mac-app-util = { mac-app-util = {
@ -175,12 +175,12 @@
flake = false; flake = false;
}; };
# Git alternative # # Git alternative
# Fixes: https://github.com/martinvonz/jj/issues/4784 # # Fixes: https://github.com/martinvonz/jj/issues/4784
jujutsu = { # jujutsu = {
url = "github:martinvonz/jj"; # url = "github:martinvonz/jj";
inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
}; # };
# Ren and rep - CLI find and replace # Ren and rep - CLI find and replace
rep = { rep = {
@ -275,7 +275,7 @@
overlays = [ overlays = [
inputs.nur.overlays.default inputs.nur.overlays.default
inputs.nix2vim.overlay inputs.nix2vim.overlay
inputs.jujutsu.overlays.default # Fix: https://github.com/martinvonz/jj/issues/4784 # inputs.jujutsu.overlays.default # Fix: https://github.com/martinvonz/jj/issues/4784
(import ./overlays/neovim-plugins.nix inputs) (import ./overlays/neovim-plugins.nix inputs)
(import ./overlays/tree-sitter.nix inputs) (import ./overlays/tree-sitter.nix inputs)
(import ./overlays/mpv-scripts.nix inputs) (import ./overlays/mpv-scripts.nix inputs)

42
modules/common/default.nix
View File

@ -16,27 +16,27 @@
]; ];
options = { options = {
user = lib.mkOption { # user = lib.mkOption {
type = lib.types.str; # type = lib.types.str;
description = "Primary user of the system"; # description = "Primary user of the system";
}; # };
fullName = lib.mkOption { # fullName = lib.mkOption {
type = lib.types.str; # type = lib.types.str;
description = "Human readable name of the user"; # description = "Human readable name of the user";
}; # };
userDirs = { # userDirs = {
# Required to prevent infinite recursion when referenced by himalaya # # Required to prevent infinite recursion when referenced by himalaya
download = lib.mkOption { # download = lib.mkOption {
type = lib.types.str; # type = lib.types.str;
description = "XDG directory for downloads"; # description = "XDG directory for downloads";
default = if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads"; # default = if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads";
}; # };
}; # };
identityFile = lib.mkOption { # identityFile = lib.mkOption {
type = lib.types.str; # type = lib.types.str;
description = "Path to existing private key file."; # description = "Path to existing private key file.";
default = "/etc/ssh/ssh_host_ed25519_key"; # default = "/etc/ssh/ssh_host_ed25519_key";
}; # };
# homePath = lib.mkOption { # homePath = lib.mkOption {
# type = lib.types.path; # type = lib.types.path;
# description = "Path of user's home directory."; # description = "Path of user's home directory.";

49
platforms/home-manager/modules/nmasur/presets/programs/calendar.nix Normal file
View File

@ -0,0 +1,49 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.nmasur.presets.programs.calendar;
in
{
options.nmasur.presets.programs.calendar = {
enable = lib.mkEnableOption "Calendar application";
username = lib.mkOption {
type = lib.types.str;
description = "Username for the calendar service backend";
default = config.nmasur.settings.username;
};
hostname = lib.mkOption {
type = lib.types.str;
description = "Hostname for the calendar service backend";
};
url = lib.mkOption {
type = lib.types.str;
description = "Username for the calendar service backend";
default = "https://${cfg.hostname}/remote.php/dav/principals/users/${cfg.username}";
};
};
config = lib.mkIf cfg.enable {
accounts.calendar.accounts.default = {
basePath = "other/calendars"; # Where to save calendars in ~ directory
name = "personal";
local.type = "filesystem";
primary = true;
remote = {
passwordCommand = [ "" ];
type = "caldav";
url = cfg.url;
userName = cfg.username;
};
};
home.packages = [ pkgs.gnome-calendar ];
};
}

2
platforms/home-manager/modules/nmasur/presets/programs/himalaya.nix
View File

@ -20,7 +20,7 @@ in
accounts.email.accounts.home.himalaya = { accounts.email.accounts.home.himalaya = {
enable = true; enable = true;
settings = { settings = {
downloads-dir = config.userDirs.download; downloads-dir = config.xdg.userDirs.download;
smtp-insecure = true; smtp-insecure = true;
}; };
}; };

3
platforms/home-manager/modules/nmasur/profiles/experimental.nix
View File

@ -26,9 +26,10 @@ in
]; ];
programs.gh-dash.enable = true; programs.gh-dash.enable = lib.mkDefault true;
programs.helix.enable = lib.mkDefault true; programs.helix.enable = lib.mkDefault true;
programs.zed-editor.enable = lib.mkDefault true; programs.zed-editor.enable = lib.mkDefault true;
programs.himalaya.enable = lib.mkDefault true;
}; };

6
platforms/home-manager/modules/nmasur/profiles/linux-base.nix
View File

@ -16,14 +16,14 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# Allow Nix to manage the default applications list # Allow Nix to manage the default applications list
mimeApps.enable = lib.mkDefault true; xdg.mimeApps.enable = lib.mkDefault true;
# Set directories for application defaults # Set directories for application defaults
userDirs = { xdg.userDirs = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
createDirectories = lib.mkDefault true; createDirectories = lib.mkDefault true;
documents = lib.mkDefault "$HOME/documents"; documents = lib.mkDefault "$HOME/documents";
download = lib.mkDefault config.userDirs.download; download = lib.mkDefault "$HOME/downloads";
music = lib.mkDefault "$HOME/media/music"; music = lib.mkDefault "$HOME/media/music";
pictures = lib.mkDefault "$HOME/media/images"; pictures = lib.mkDefault "$HOME/media/images";
videos = lib.mkDefault "$HOME/media/videos"; videos = lib.mkDefault "$HOME/media/videos";

3
platforms/nix-darwin/modules/nmasur/presets/programs/fish.nix
View File

@ -7,6 +7,7 @@
let let
cfg = config.nmasur.presets.programs.fish; cfg = config.nmasur.presets.programs.fish;
inherit (config.nmasur.settings) username;
in in
{ {
@ -18,7 +19,7 @@ in
environment.shells = [ pkgs.fish ]; environment.shells = [ pkgs.fish ];
users.users.${config.user}.shell = pkgs.fish; users.users.${username}.shell = pkgs.fish;
# Speeds up fish launch time on macOS # Speeds up fish launch time on macOS
programs.fish.useBabelfish = true; programs.fish.useBabelfish = true;

3
platforms/nix-darwin/modules/nmasur/presets/services/hammerspoon.nix
View File

@ -6,6 +6,7 @@
let let
cfg = config.nmasur.presets.services.hammerspoon; cfg = config.nmasur.presets.services.hammerspoon;
inherit (config.nmasur.settings) username;
in in
{ {
@ -19,7 +20,7 @@ in
system.activationScripts.postUserActivation.text = '' system.activationScripts.postUserActivation.text = ''
defaults write org.hammerspoon.Hammerspoon MJConfigFile "${ defaults write org.hammerspoon.Hammerspoon MJConfigFile "${
config.home-manager.users.${config.user}.xdg.configHome config.home-manager.users.${username}.xdg.configHome
}/hammerspoon/init.lua" }/hammerspoon/init.lua"
sudo killall Dock sudo killall Dock
''; '';

14
platforms/nix-darwin/modules/nmasur/settings.nix Normal file
View File

@ -0,0 +1,14 @@
{ lib, ... }:
{
options.nmasur.settings = {
username = lib.mkOption {
type = lib.types.str;
description = "Primary username for the system";
};
fullName = lib.mkOption {
type = lib.types.str;
description = "Human readable name of the user";
};
};
}

8
platforms/nixos/modules/hostnames.nix
View File

@ -1,8 +0,0 @@
{ lib, ... }:
{
options.hostnames = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
};
}

33
platforms/nixos/modules/nmasur/presets/programs/calendar.nix
View File

@ -1,33 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.nmasur.presets.programs.calendar;
in
{
options.nmasur.presets.programs.calendar.enable = lib.mkEnableOption "Calendar application";
config = lib.mkIf cfg.enable {
accounts.calendar.accounts.default = {
basePath = "other/calendars"; # Where to save calendars in ~ directory
name = "personal";
local.type = "filesystem";
primary = true;
remote = {
passwordCommand = [ "" ];
type = "caldav";
url = "https://${config.hostnames.content}/remote.php/dav/principals/users/${config.user}";
userName = config.user;
};
};
home.packages = [ pkgs.gnome-calendar ];
};
}

5
platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
View File

@ -6,6 +6,7 @@
let let
cfg = config.nmasur.presets.services.actualbudget; cfg = config.nmasur.presets.services.actualbudget;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -60,7 +61,7 @@ in
# Allow web traffic to Caddy # Allow web traffic to Caddy
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.budget ]; } ]; match = [ { host = [ hostnames.budget ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -71,7 +72,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.budget ]; services.cloudflare-dyndns.domains = [ hostnames.budget ];
# Backups # Backups
services.restic.backups.default.paths = [ "/var/lib/actualbudget" ]; services.restic.backups.default.paths = [ "/var/lib/actualbudget" ];

17
platforms/nixos/modules/nmasur/presets/services/arr.nix
View File

@ -8,6 +8,7 @@
let let
cfg = config.nmasur.presets.services.actualbudget; cfg = config.nmasur.presets.services.actualbudget;
hostnames = config.nmasur.settings.hostnames;
# This config specifies ports for Prometheus to scrape information # This config specifies ports for Prometheus to scrape information
arrConfig = { arrConfig = {
@ -98,7 +99,7 @@ in
group = "download"; group = "download";
match = [ match = [
{ {
host = [ config.hostnames.download ]; host = [ hostnames.download ];
path = [ "/sonarr*" ]; path = [ "/sonarr*" ];
} }
]; ];
@ -114,7 +115,7 @@ in
group = "download"; group = "download";
match = [ match = [
{ {
host = [ config.hostnames.download ]; host = [ hostnames.download ];
path = [ "/radarr*" ]; path = [ "/radarr*" ];
} }
]; ];
@ -129,7 +130,7 @@ in
group = "download"; group = "download";
match = [ match = [
{ {
host = [ config.hostnames.download ]; host = [ hostnames.download ];
path = [ "/readarr*" ]; path = [ "/readarr*" ];
} }
]; ];
@ -144,7 +145,7 @@ in
group = "download"; group = "download";
match = [ match = [
{ {
host = [ config.hostnames.download ]; host = [ hostnames.download ];
path = [ "/prowlarr*" ]; path = [ "/prowlarr*" ];
} }
]; ];
@ -160,7 +161,7 @@ in
group = "download"; group = "download";
match = [ match = [
{ {
host = [ config.hostnames.download ]; host = [ hostnames.download ];
path = [ "/bazarr*" ]; path = [ "/bazarr*" ];
} }
]; ];
@ -180,7 +181,7 @@ in
group = "download"; group = "download";
match = [ match = [
{ {
host = [ config.hostnames.download ]; host = [ hostnames.download ];
path = [ "/sabnzbd*" ]; path = [ "/sabnzbd*" ];
} }
]; ];
@ -193,7 +194,7 @@ in
} }
{ {
group = "download"; group = "download";
match = [ { host = [ config.hostnames.download ]; } ]; match = [ { host = [ hostnames.download ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -204,7 +205,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.download ]; services.cloudflare-dyndns.domains = [ hostnames.download ];
# Enable Prometheus exporters # Enable Prometheus exporters
systemd.services = lib.mapAttrs' (name: attrs: { systemd.services = lib.mapAttrs' (name: attrs: {

11
platforms/nixos/modules/nmasur/presets/services/bind.nix
View File

@ -14,14 +14,15 @@
let let
cfg = config.nmasur.presets.services.bind; cfg = config.nmasur.presets.services.bind;
hostnames = config.nmasur.settings.hostnames;
localIp = "192.168.1.218"; localIp = "192.168.1.218";
localServices = [ localServices = [
config.hostnames.stream hostnames.stream
config.hostnames.content hostnames.content
config.hostnames.books hostnames.books
config.hostnames.download hostnames.download
config.hostnames.photos hostnames.photos
]; ];
mkRecord = service: "${service} A ${localIp}"; mkRecord = service: "${service} A ${localIp}";
localRecords = lib.concatLines (map mkRecord localServices); localRecords = lib.concatLines (map mkRecord localServices);

7
platforms/nixos/modules/nmasur/presets/services/calibre-web.nix
View File

@ -1,7 +1,7 @@
# Calibre-web is an E-Book library and management tool. # Calibre-web is an E-Book library and management tool.
# - Exposed to the public via Caddy. # - Exposed to the public via Caddy.
# - Hostname defined with config.hostnames.books # - Hostname defined with hostnames.books
# - File directory backed up to S3 on a cron schedule. # - File directory backed up to S3 on a cron schedule.
{ {
@ -14,6 +14,7 @@
let let
cfg = config.nmasur.presets.services.calibre-web; cfg = config.nmasur.presets.services.calibre-web;
hostnames = config.nmasur.settings.hostnames;
libraryPath = "/data/books"; libraryPath = "/data/books";
in in
{ {
@ -38,7 +39,7 @@ in
# Allow web traffic to Caddy # Allow web traffic to Caddy
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.books ]; } ]; match = [ { host = [ hostnames.books ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -54,7 +55,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.books ]; services.cloudflare-dyndns.domains = [ hostnames.books ];
# Grant user access to Calibre directories # Grant user access to Calibre directories
users.users.${config.user}.extraGroups = [ "calibre-web" ]; users.users.${config.user}.extraGroups = [ "calibre-web" ];

5
platforms/nixos/modules/nmasur/presets/services/filebrowser.nix
View File

@ -5,6 +5,7 @@
}: }:
let let
cfg = config.nmasur.presets.services.filebrowser; cfg = config.nmasur.presets.services.filebrowser;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -20,7 +21,7 @@ in
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.files ]; } ]; match = [ { host = [ hostnames.files ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -33,7 +34,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.files ]; services.cloudflare-dyndns.domains = [ hostnames.files ];
}; };

3
platforms/nixos/modules/nmasur/presets/services/gitea-runner-local.nix
View File

@ -13,6 +13,7 @@
let let
cfg = config.nmasur.presets.services.gitea-runner-local; cfg = config.nmasur.presets.services.gitea-runner-local;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -42,7 +43,7 @@ in
wget wget
]; ];
name = config.networking.hostName; name = config.networking.hostName;
url = "https://${config.hostnames.git}"; url = "https://${hostnames.git}";
tokenFile = config.secrets.giteaRunnerToken.dest; tokenFile = config.secrets.giteaRunnerToken.dest;
}; };

11
platforms/nixos/modules/nmasur/presets/services/gitea.nix
View File

@ -7,6 +7,7 @@
let let
cfg = config.nmasur.presets.services.gitea; cfg = config.nmasur.presets.services.gitea;
hostnames = config.nmasur.settings.hostnames;
giteaPath = "/var/lib/gitea"; # Default service directory giteaPath = "/var/lib/gitea"; # Default service directory
in in
{ {
@ -28,7 +29,7 @@ in
DISABLE_HTTP_GIT = false; DISABLE_HTTP_GIT = false;
# Allow requests hitting the specified hostname. # Allow requests hitting the specified hostname.
ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git; ACCESS_CONTROL_ALLOW_ORIGIN = hostnames.git;
# Automatically create viable users/orgs on push. # Automatically create viable users/orgs on push.
ENABLE_PUSH_CREATE_USER = true; ENABLE_PUSH_CREATE_USER = true;
@ -40,7 +41,7 @@ in
server = { server = {
HTTP_PORT = 3001; HTTP_PORT = 3001;
HTTP_ADDRESS = "127.0.0.1"; HTTP_ADDRESS = "127.0.0.1";
ROOT_URL = "https://${config.hostnames.git}/"; ROOT_URL = "https://${hostnames.git}/";
SSH_PORT = 22; SSH_PORT = 22;
START_SSH_SERVER = false; # Use sshd instead START_SSH_SERVER = false; # Use sshd instead
DISABLE_SSH = false; DISABLE_SSH = false;
@ -65,7 +66,7 @@ in
{ {
match = [ match = [
{ {
host = [ config.hostnames.git ]; host = [ hostnames.git ];
path = [ "/metrics*" ]; path = [ "/metrics*" ];
} }
]; ];
@ -78,7 +79,7 @@ in
} }
# Allow access to primary server. # Allow access to primary server.
{ {
match = [ { host = [ config.hostnames.git ]; } ]; match = [ { host = [ hostnames.git ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -91,7 +92,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.git ]; services.cloudflare-dyndns.domains = [ hostnames.git ];
# Scrape the metrics endpoint for Prometheus. # Scrape the metrics endpoint for Prometheus.
prometheus.scrapeTargets = [ prometheus.scrapeTargets = [

47
platforms/nixos/modules/nmasur/presets/services/grafana.nix
View File

@ -7,6 +7,7 @@
let let
cfg = config.nmasur.presets.services.grafana; cfg = config.nmasur.presets.services.grafana;
hostnames = config.nmasur.settings.hostnames;
promUid = "victoriametrics"; promUid = "victoriametrics";
in in
{ {
@ -31,7 +32,7 @@ in
enable = true; enable = true;
settings = { settings = {
server = { server = {
domain = config.hostnames.metrics; domain = hostnames.metrics;
http_addr = "127.0.0.1"; http_addr = "127.0.0.1";
http_port = 3000; http_port = 3000;
protocol = "http"; protocol = "http";
@ -451,7 +452,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.git}/admin/runners"; url = "https://${hostnames.git}/admin/runners";
} }
]; ];
options = { options = {
@ -525,7 +526,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.stream}"; url = "https://${hostnames.stream}";
} }
]; ];
options = { options = {
@ -785,7 +786,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.download}"; url = "https://${hostnames.download}";
} }
]; ];
} }
@ -807,7 +808,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.download}/bazarr"; url = "https://${hostnames.download}/bazarr";
} }
]; ];
} }
@ -829,7 +830,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.download}/radarr"; url = "https://${hostnames.download}/radarr";
} }
]; ];
} }
@ -851,7 +852,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.download}/readarr"; url = "https://${hostnames.download}/readarr";
} }
]; ];
} }
@ -873,7 +874,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.content}"; url = "https://${hostnames.content}";
} }
]; ];
} }
@ -895,7 +896,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.books}"; url = "https://${hostnames.books}";
} }
]; ];
} }
@ -917,7 +918,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.download}/sabnzbd"; url = "https://${hostnames.download}/sabnzbd";
} }
]; ];
} }
@ -939,7 +940,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.influxdb}"; url = "https://${hostnames.influxdb}";
} }
]; ];
} }
@ -961,7 +962,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.stream}"; url = "https://${hostnames.stream}";
} }
]; ];
} }
@ -983,7 +984,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.download}/sonarr"; url = "https://${hostnames.download}/sonarr";
} }
]; ];
} }
@ -1005,7 +1006,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.irc}"; url = "https://${hostnames.irc}";
} }
]; ];
} }
@ -1027,7 +1028,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.download}/prowlarr"; url = "https://${hostnames.download}/prowlarr";
} }
]; ];
} }
@ -1049,7 +1050,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.metrics}"; url = "https://${hostnames.metrics}";
} }
]; ];
} }
@ -1071,7 +1072,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.git}"; url = "https://${hostnames.git}";
} }
]; ];
} }
@ -1093,7 +1094,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.secrets}"; url = "https://${hostnames.secrets}";
} }
]; ];
} }
@ -1115,7 +1116,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.prometheus}/vmui"; url = "https://${hostnames.prometheus}/vmui";
} }
]; ];
} }
@ -1137,7 +1138,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.paperless}"; url = "https://${hostnames.paperless}";
} }
]; ];
} }
@ -1159,7 +1160,7 @@ in
{ {
targetBlank = true; targetBlank = true;
title = ""; title = "";
url = "https://${config.hostnames.audiobooks}"; url = "https://${hostnames.audiobooks}";
} }
]; ];
} }
@ -2562,7 +2563,7 @@ in
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.metrics ]; } ]; match = [ { host = [ hostnames.metrics ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -2575,6 +2576,6 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.metrics ]; services.cloudflare-dyndns.domains = [ hostnames.metrics ];
}; };
} }

9
platforms/nixos/modules/nmasur/presets/services/immich.nix
View File

@ -2,6 +2,7 @@
let let
cfg = config.nmasur.presets.services.immich; cfg = config.nmasur.presets.services.immich;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -19,7 +20,7 @@ in
machine-learning.environment = { }; machine-learning.environment = { };
mediaLocation = "/data/images"; mediaLocation = "/data/images";
secretsFile = null; secretsFile = null;
settings.server.externalDomain = "https://${config.hostnames.photos}"; settings.server.externalDomain = "https://${hostnames.photos}";
environment = { environment = {
IMMICH_ENV = "production"; IMMICH_ENV = "production";
IMMICH_LOG_LEVEL = "log"; IMMICH_LOG_LEVEL = "log";
@ -30,7 +31,7 @@ in
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.photos ]; } ]; match = [ { host = [ hostnames.photos ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -41,10 +42,10 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.photos ]; services.cloudflare-dyndns.domains = [ hostnames.photos ];
# Point localhost to the local domain # Point localhost to the local domain
networking.hosts."127.0.0.1" = [ config.hostnames.photos ]; networking.hosts."127.0.0.1" = [ hostnames.photos ];
# Backups # Backups
services.restic.backups.default.paths = [ "/data/images" ]; services.restic.backups.default.paths = [ "/data/images" ];

5
platforms/nixos/modules/nmasur/presets/services/influxdb2.nix
View File

@ -7,6 +7,7 @@
let let
cfg = config.nmasur.presets.services.influxdb2; cfg = config.nmasur.presets.services.influxdb2;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -56,7 +57,7 @@ in
caddy.routes = lib.mkIf config.services.influxdb2.enable [ caddy.routes = lib.mkIf config.services.influxdb2.enable [
{ {
match = [ { host = [ config.hostnames.influxdb ]; } ]; match = [ { host = [ hostnames.influxdb ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -67,6 +68,6 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.influxdb ]; services.cloudflare-dyndns.domains = [ hostnames.influxdb ];
}; };
} }

7
platforms/nixos/modules/nmasur/presets/services/jellyfin.nix
View File

@ -10,6 +10,7 @@
let let
cfg = config.nmasur.presets.services.jellyfin; cfg = config.nmasur.presets.services.jellyfin;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -25,7 +26,7 @@ in
{ {
match = [ match = [
{ {
host = [ config.hostnames.stream ]; host = [ hostnames.stream ];
path = [ "/metrics*" ]; path = [ "/metrics*" ];
} }
]; ];
@ -38,7 +39,7 @@ in
} }
# Allow access to normal route. # Allow access to normal route.
{ {
match = [ { host = [ config.hostnames.stream ]; } ]; match = [ { host = [ hostnames.stream ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -49,7 +50,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.stream ]; services.cloudflare-dyndns.domains = [ hostnames.stream ];
# Create videos directory, allow anyone in Jellyfin group to manage it # Create videos directory, allow anyone in Jellyfin group to manage it
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

3
platforms/nixos/modules/nmasur/presets/services/minecraft-server.nix
View File

@ -7,6 +7,7 @@
let let
cfg = config.nmasur.presets.services.minecraft-server; cfg = config.nmasur.presets.services.minecraft-server;
hostnames = config.nmasur.settings.hostnames;
localPort = 25564; localPort = 25564;
publicPort = 49732; publicPort = 49732;
rconPort = 25575; rconPort = 25575;
@ -52,7 +53,7 @@ in
networking.firewall.allowedTCPPorts = [ publicPort ]; networking.firewall.allowedTCPPorts = [ publicPort ];
cloudflare.noProxyDomains = [ config.hostnames.minecraft ]; cloudflare.noProxyDomains = [ hostnames.minecraft ];
## Automatically start and stop Minecraft server based on player connections ## Automatically start and stop Minecraft server based on player connections

16
platforms/nixos/modules/services/n8n.nix → platforms/nixos/modules/nmasur/presets/services/n8n.nix
View File

@ -2,14 +2,22 @@
# together with triggers. # together with triggers.
{ config, lib, ... }: { config, lib, ... }:
let
cfg = config.nmasur.presets.services.n8n;
hostnames = config.nmasur.settings.hostnames;
in
{ {
config = lib.mkIf config.services.n8n.enable { options.nmasur.presets.services.n8n.enable = lib.mkEnableOption "n8n low-code automation tool";
config = lib.mkIf cfg.enable {
unfreePackages = [ "n8n" ]; unfreePackages = [ "n8n" ];
services.n8n = { services.n8n = {
webhookUrl = "https://${config.hostnames.n8n}"; webhookUrl = "https://${hostnames.n8n}";
settings = { settings = {
listen_address = "127.0.0.1"; listen_address = "127.0.0.1";
port = 5678; port = 5678;
@ -22,12 +30,12 @@
}; };
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.n8n ]; services.cloudflare-dyndns.domains = [ hostnames.n8n ];
# Allow web traffic to Caddy # Allow web traffic to Caddy
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.n8n ]; } ]; match = [ { host = [ hostnames.n8n ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";

11
platforms/nixos/modules/nmasur/presets/services/nextcloud.nix
View File

@ -7,6 +7,7 @@
let let
cfg = config.nmasur.presets.services.nextcloud; cfg = config.nmasur.presets.services.nextcloud;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -30,7 +31,7 @@ in
settings = { settings = {
default_phone_region = "US"; default_phone_region = "US";
# Allow access when hitting either of these hosts or IPs # Allow access when hitting either of these hosts or IPs
trusted_domains = [ config.hostnames.content ]; trusted_domains = [ hostnames.content ];
trusted_proxies = [ "127.0.0.1" ]; trusted_proxies = [ "127.0.0.1" ];
maintenance_window_start = 4; # Run jobs at 4am UTC maintenance_window_start = 4; # Run jobs at 4am UTC
log_type = "file"; log_type = "file";
@ -64,7 +65,7 @@ in
# Point Caddy to Nginx # Point Caddy to Nginx
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.content ]; } ]; match = [ { host = [ hostnames.content ]; } ];
handle = [ handle = [
{ {
handler = "subroute"; handler = "subroute";
@ -195,7 +196,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.content ]; services.cloudflare-dyndns.domains = [ hostnames.content ];
# Create credentials file for nextcloud # Create credentials file for nextcloud
secrets.nextcloud = { secrets.nextcloud = {
@ -217,11 +218,11 @@ in
systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode = lib.mkForce "0770"; systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode = lib.mkForce "0770";
# Log metrics to prometheus # Log metrics to prometheus
networking.hosts."127.0.0.1" = [ config.hostnames.content ]; networking.hosts."127.0.0.1" = [ hostnames.content ];
services.prometheus.exporters.nextcloud = { services.prometheus.exporters.nextcloud = {
enable = config.prometheus.exporters.enable; enable = config.prometheus.exporters.enable;
username = config.services.nextcloud.config.adminuser; username = config.services.nextcloud.config.adminuser;
url = "https://${config.hostnames.content}"; url = "https://${hostnames.content}";
passwordFile = config.services.nextcloud.config.adminpassFile; passwordFile = config.services.nextcloud.config.adminpassFile;
}; };
prometheus.scrapeTargets = [ prometheus.scrapeTargets = [

7
platforms/nixos/modules/nmasur/presets/services/ntfy-sh.nix
View File

@ -2,6 +2,7 @@
let let
cfg = config.nmasur.presets.services.ntfy-sh; cfg = config.nmasur.presets.services.ntfy-sh;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -11,7 +12,7 @@ in
services.ntfy-sh = { services.ntfy-sh = {
enable = true; enable = true;
settings = { settings = {
base-url = "https://${config.hostnames.notifications}"; base-url = "https://${hostnames.notifications}";
upstream-base-url = "https://ntfy.sh"; upstream-base-url = "https://ntfy.sh";
listen-http = ":8333"; listen-http = ":8333";
behind-proxy = true; behind-proxy = true;
@ -22,7 +23,7 @@ in
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.notifications ]; } ]; match = [ { host = [ hostnames.notifications ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -33,7 +34,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.notifications ]; services.cloudflare-dyndns.domains = [ hostnames.notifications ];
}; };
} }

5
platforms/nixos/modules/nmasur/presets/services/paperless.nix
View File

@ -4,6 +4,7 @@
let let
cfg = config.nmasur.presets.services.paperless; cfg = config.nmasur.presets.services.paperless;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -33,7 +34,7 @@ in
{ {
match = [ match = [
{ {
host = [ config.hostnames.paperless ]; host = [ hostnames.paperless ];
# path = [ "/paperless*" ]; # Change path name in Caddy # path = [ "/paperless*" ]; # Change path name in Caddy
} }
]; ];
@ -47,7 +48,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.paperless ]; services.cloudflare-dyndns.domains = [ hostnames.paperless ];
secrets.paperless = { secrets.paperless = {
source = ../../../private/prometheus.age; source = ../../../private/prometheus.age;

3
platforms/nixos/modules/nmasur/presets/services/prometheus-remote-write.nix
View File

@ -12,6 +12,7 @@
let let
cfg = config.nmasur.presets.services.prometheus-remote-write; cfg = config.nmasur.presets.services.prometheus-remote-write;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -25,7 +26,7 @@ in
remoteWrite = [ remoteWrite = [
{ {
name = config.networking.hostName; name = config.networking.hostName;
url = "https://${config.hostnames.prometheus}/api/v1/write"; url = "https://${hostnames.prometheus}/api/v1/write";
basic_auth = { basic_auth = {
# Uses password hashed with bcrypt above # Uses password hashed with bcrypt above
username = "prometheus"; username = "prometheus";

5
platforms/nixos/modules/nmasur/presets/services/thelounge.nix
View File

@ -1,6 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.nmasur.presets.services.thelounge; cfg = config.nmasur.presets.services.thelounge;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -22,7 +23,7 @@ in
# Allow web traffic to Caddy # Allow web traffic to Caddy
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.irc ]; } ]; match = [ { host = [ hostnames.irc ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -33,6 +34,6 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.irc ]; services.cloudflare-dyndns.domains = [ hostnames.irc ];
}; };
} }

9
platforms/nixos/modules/nmasur/presets/services/transmission.nix
View File

@ -10,6 +10,7 @@
let let
cfg = config.nmasur.presets.services.transmission; cfg = config.nmasur.presets.services.transmission;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -37,7 +38,7 @@ in
# This is a salted hash of the real password # This is a salted hash of the real password
# https://github.com/tomwijnroks/transmission-pwgen # https://github.com/tomwijnroks/transmission-pwgen
rpc-password = "{c4c5145f6e18bcd3c7429214a832440a45285ce26jDOBGVW"; rpc-password = "{c4c5145f6e18bcd3c7429214a832440a45285ce26jDOBGVW";
rpc-host-whitelist = config.hostnames.transmission; rpc-host-whitelist = hostnames.transmission;
rpc-host-whitelist-enabled = true; rpc-host-whitelist-enabled = true;
rpc-whitelist = lib.mkDefault "127.0.0.1"; # Overwritten by Cloudflare rpc-whitelist = lib.mkDefault "127.0.0.1"; # Overwritten by Cloudflare
rpc-whitelist-enabled = true; rpc-whitelist-enabled = true;
@ -45,7 +46,7 @@ in
}; };
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.transmission ]; services.cloudflare-dyndns.domains = [ hostnames.transmission ];
# Bind transmission to wireguard namespace # Bind transmission to wireguard namespace
systemd.services.transmission = lib.mkIf config.wireguard.enable { systemd.services.transmission = lib.mkIf config.wireguard.enable {
@ -66,14 +67,14 @@ in
caddy.routes = caddy.routes =
let let
# Set if the download domain is the same as the Transmission domain # Set if the download domain is the same as the Transmission domain
useDownloadDomain = config.hostnames.download == config.hostnames.transmission; useDownloadDomain = hostnames.download == hostnames.transmission;
in in
lib.mkAfter [ lib.mkAfter [
{ {
group = if useDownloadDomain then "download" else "transmission"; group = if useDownloadDomain then "download" else "transmission";
match = [ match = [
{ {
host = [ config.hostnames.transmission ]; host = [ hostnames.transmission ];
path = if useDownloadDomain then [ "/transmission*" ] else null; path = if useDownloadDomain then [ "/transmission*" ] else null;
} }
]; ];

5
platforms/nixos/modules/nmasur/presets/services/uptime-kuma.nix
View File

@ -2,6 +2,7 @@
let let
cfg = config.nmasur.presets.services.uptime-kuma; cfg = config.nmasur.presets.services.uptime-kuma;
hostnames = config.nmasur.settings.hostnames;
in in
{ {
@ -20,7 +21,7 @@ in
# Allow web traffic to Caddy # Allow web traffic to Caddy
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.status ]; } ]; match = [ { host = [ hostnames.status ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -33,7 +34,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.status ]; services.cloudflare-dyndns.domains = [ hostnames.status ];
}; };

7
platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix
View File

@ -11,6 +11,7 @@
let let
cfg = config.nmasur.presets.services.vaultwarden; cfg = config.nmasur.presets.services.vaultwarden;
hostnames = config.nmasur.settings.hostnames;
vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory
in in
{ {
@ -22,7 +23,7 @@ in
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
config = { config = {
DOMAIN = "https://${config.hostnames.secrets}"; DOMAIN = "https://${hostnames.secrets}";
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true; SIGNUPS_VERIFY = true;
INVITATIONS_ALLOWED = true; INVITATIONS_ALLOWED = true;
@ -52,7 +53,7 @@ in
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.secrets ]; } ]; match = [ { host = [ hostnames.secrets ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -66,7 +67,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.secrets ]; services.cloudflare-dyndns.domains = [ hostnames.secrets ];
## Backup config ## Backup config

5
platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix
View File

@ -11,6 +11,7 @@
let let
cfg = config.nmasur.presets.services.victoriametrics; cfg = config.nmasur.presets.services.victoriametrics;
hostnames = config.nmasur.settings.hostnames;
username = "prometheus"; username = "prometheus";
@ -79,7 +80,7 @@ in
caddy.routes = [ caddy.routes = [
{ {
match = [ { host = [ config.hostnames.prometheus ]; } ]; match = [ { host = [ hostnames.prometheus ]; } ];
handle = [ handle = [
{ {
handler = "reverse_proxy"; handler = "reverse_proxy";
@ -90,7 +91,7 @@ in
]; ];
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.prometheus ]; services.cloudflare-dyndns.domains = [ hostnames.prometheus ];
}; };
} }

3
platforms/nixos/modules/nmasur/presets/services/vm-agent.nix
View File

@ -11,6 +11,7 @@
let let
cfg = config.nmasur.presets.services.vm-agent; cfg = config.nmasur.presets.services.vm-agent;
hostnames = config.nmasur.settings.hostnames;
username = "prometheus"; username = "prometheus";
@ -37,7 +38,7 @@ in
package = pkgs-stable.vmagent; package = pkgs-stable.vmagent;
prometheusConfig = prometheusConfig; prometheusConfig = prometheusConfig;
remoteWrite = { remoteWrite = {
url = "https://${config.hostnames.prometheus}/api/v1/write"; url = "https://${hostnames.prometheus}/api/v1/write";
basicAuthUsername = username; basicAuthUsername = username;
basicAuthPasswordFile = config.secrets.vmagent.dest; basicAuthPasswordFile = config.secrets.vmagent.dest;
}; };

19
platforms/nixos/modules/nmasur/settings.nix Normal file
View File

@ -0,0 +1,19 @@
{ lib, ... }:
{
options.nmasur.settings = {
username = lib.mkOption {
type = lib.types.str;
description = "Primary username for the system";
};
fullName = lib.mkOption {
type = lib.types.str;
description = "Human readable name of the user";
};
options.hostnames = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Map of service names to FQDNs";
default = { };
};
};
}

3
platforms/nixos/modules/secrets.nix
View File

@ -27,6 +27,7 @@ in
identityFile = lib.mkOption { identityFile = lib.mkOption {
type = lib.types.path; type = lib.types.path;
description = "Path containing decryption identity."; description = "Path containing decryption identity.";
default = "/etc/ssh/ssh_host_ed25519_key";
}; };
secrets = lib.mkOption { secrets = lib.mkOption {
@ -91,7 +92,7 @@ in
script = '' script = ''
echo "${attrs.prefix}$( echo "${attrs.prefix}$(
${pkgs.age}/bin/age --decrypt \ ${pkgs.age}/bin/age --decrypt \
--identity ${config.secretsIdentityFile} ${attrs.source} --identity ${config.identityFile} ${attrs.source}
)" > ${attrs.dest} )" > ${attrs.dest}
chown '${attrs.owner}':'${attrs.group}' '${attrs.dest}' chown '${attrs.owner}':'${attrs.group}' '${attrs.dest}'

3
platforms/nixos/modules/services/filebrowser.nix
View File

@ -6,6 +6,7 @@
}: }:
let let
cfg = config.services.filebrowser; cfg = config.services.filebrowser;
hostnames = config.nmasur.settings.hostnames;
dataDir = "/var/lib/filebrowser"; dataDir = "/var/lib/filebrowser";
@ -57,7 +58,7 @@ in
}; };
# Configure Cloudflare DNS to point to this machine # Configure Cloudflare DNS to point to this machine
services.cloudflare-dyndns.domains = [ config.hostnames.files ]; services.cloudflare-dyndns.domains = [ hostnames.files ];
}; };

0
windows/alacritty.yml → platforms/windows/alacritty.yml
View File

0
windows/autohotkey/RemapCaps.ahk → platforms/windows/autohotkey/RemapCaps.ahk
View File

0
windows/autohotkey/RemapCapsCtrlEscapeV2.ahk → platforms/windows/autohotkey/RemapCapsCtrlEscapeV2.ahk
View File

0
windows/caps-lock-ctrl.reg → platforms/windows/caps-lock-ctrl.reg
View File

0
windows/chocolatey.config → platforms/windows/chocolatey.config
View File

0
windows/utc-time.reg → platforms/windows/utc-time.reg
View File

0
windows/windows-programs.md → platforms/windows/windows-programs.md
View File