diff --git a/flake.nix b/flake.nix index 4ed905a..311bc1d 100644 --- a/flake.nix +++ b/flake.nix @@ -228,24 +228,27 @@ dotfilesRepo = "https://github.com/nmasur/dotfiles"; hostnames = { audiobooks = "read.${baseName}"; + books = "books.${baseName}"; budget = "money.${baseName}"; + content = "cloud.${baseName}"; + download = "download.${baseName}"; files = "files.${baseName}"; git = "git.${baseName}"; + imap = "imap.purelymail.com"; influxdb = "influxdb.${baseName}"; irc = "irc.${baseName}"; + mail = "noahmasur.com"; metrics = "metrics.${baseName}"; minecraft = "minecraft.${baseName}"; n8n = "n8n.${baseName}"; notifications = "ntfy.${baseName}"; - prometheus = "prom.${baseName}"; paperless = "paper.${baseName}"; photos = "photos.${baseName}"; + prometheus = "prom.${baseName}"; secrets = "vault.${baseName}"; - stream = "stream.${baseName}"; - content = "cloud.${baseName}"; - books = "books.${baseName}"; - download = "download.${baseName}"; + smtp = "smtp.purelymail.com"; status = "status.${baseName}"; + stream = "stream.${baseName}"; transmission = "transmission.${baseName}"; }; }; @@ -273,7 +276,13 @@ forAllSystems = nixpkgs.lib.genAttrs supportedSystems; # { system -> pkgs } - pkgsBySystem = forAllSystems (system: import nixpkgs { inherit system overlays; }); + pkgsBySystem = forAllSystems ( + system: + import nixpkgs { + inherit system overlays; + config.permittedInsecurePackages = [ "litestream-0.3.13" ]; + } + ); # stablePkgsBySystem = forAllSystems (system: import nixpkgs { inherit system overlays; }); buildHome = @@ -295,9 +304,9 @@ inputs.wsl.nixosModules.wsl ./platforms/nixos ]; - # specialArgs = { - # wallpapers = inputs.wallpapers; - # }; + specialArgs = { + hostnames = globals.hostnames; + }; }; buildDarwin = diff --git a/hosts/nixos/flame/default.nix b/hosts/nixos/flame/default.nix index f3f6628..e4a4627 100644 --- a/hosts/nixos/flame/default.nix +++ b/hosts/nixos/flame/default.nix @@ -11,23 +11,23 @@ rec { nmasur.settings = { username = "noah"; fullName = "Noah Masur"; - hostnames = - let - baseName = "masu.rs"; - in - { - budget = "money.${baseName}"; - git = "git.${baseName}"; - influxdb = "influxdb.${baseName}"; - irc = "irc.${baseName}"; - metrics = "metrics.${baseName}"; - minecraft = "minecraft.${baseName}"; - n8n = "n8n.${baseName}"; - notifications = "ntfy.${baseName}"; - prometheus = "prom.${baseName}"; - secrets = "vault.${baseName}"; - status = "status.${baseName}"; - }; + # hostnames = + # let + # baseName = "masu.rs"; + # in + # { + # budget = "money.${baseName}"; + # git = "git.${baseName}"; + # influxdb = "influxdb.${baseName}"; + # irc = "irc.${baseName}"; + # metrics = "metrics.${baseName}"; + # minecraft = "minecraft.${baseName}"; + # n8n = "n8n.${baseName}"; + # notifications = "ntfy.${baseName}"; + # prometheus = "prom.${baseName}"; + # secrets = "vault.${baseName}"; + # status = "status.${baseName}"; + # }; }; nmasur.profiles = { diff --git a/hosts/nixos/swan/default.nix b/hosts/nixos/swan/default.nix index cb7499a..8029bd2 100644 --- a/hosts/nixos/swan/default.nix +++ b/hosts/nixos/swan/default.nix @@ -7,21 +7,21 @@ rec { nmasur.settings = { username = "noah"; fullName = "Noah Masur"; - hostnames = - let - baseName = "masu.rs"; - in - { - audiobooks = "read.${baseName}"; - books = "books.${baseName}"; - content = "cloud.${baseName}"; - download = "download.${baseName}"; - files = "files.${baseName}"; - paperless = "paper.${baseName}"; - photos = "photos.${baseName}"; - prometheus = "prom.${baseName}"; - stream = "stream.${baseName}"; - }; + # hostnames = + # let + # baseName = "masu.rs"; + # in + # { + # audiobooks = "read.${baseName}"; + # books = "books.${baseName}"; + # content = "cloud.${baseName}"; + # download = "download.${baseName}"; + # files = "files.${baseName}"; + # paperless = "paper.${baseName}"; + # photos = "photos.${baseName}"; + # prometheus = "prom.${baseName}"; + # stream = "stream.${baseName}"; + # }; }; nmasur.profiles = { diff --git a/hosts/nixos/tempest/default.nix b/hosts/nixos/tempest/default.nix index ce67571..fab99d0 100644 --- a/hosts/nixos/tempest/default.nix +++ b/hosts/nixos/tempest/default.nix @@ -8,13 +8,13 @@ rec { nmasur.settings = { username = "noah"; fullName = "Noah Masur"; - hostnames = - let - baseName = "masu.rs"; - in - { - prometheus = "prom.${baseName}"; - }; + # hostnames = + # let + # baseName = "masu.rs"; + # in + # { + # prometheus = "prom.${baseName}"; + # }; }; nmasur.profiles = { diff --git a/platforms/home-manager/modules/nmasur/presets/programs/notes/default.nix b/platforms/home-manager/modules/nmasur/presets/programs/notes/default.nix index c79a755..265dfaa 100644 --- a/platforms/home-manager/modules/nmasur/presets/programs/notes/default.nix +++ b/platforms/home-manager/modules/nmasur/presets/programs/notes/default.nix @@ -10,7 +10,7 @@ let in { - options.nmasur.preset.programs.notes = { + options.nmasur.presets.programs.notes = { enable = lib.mkEnableOption "Manage notes repository"; repo = lib.mkOption { type = lib.types.nullOr lib.types.str; diff --git a/platforms/home-manager/modules/nmasur/presets/programs/ripgrep.nix b/platforms/home-manager/modules/nmasur/presets/programs/ripgrep.nix index f2f2282..82c4e08 100644 --- a/platforms/home-manager/modules/nmasur/presets/programs/ripgrep.nix +++ b/platforms/home-manager/modules/nmasur/presets/programs/ripgrep.nix @@ -13,14 +13,19 @@ in options.nmasur.presets.programs.ripgrep = { enable = lib.mkEnableOption "Ripgrep search tool"; - ignorePatterns = '' - !.env* - !.github/ - !.gitignore - !*.tfvars - .terraform/ - .target/ - /Library/''; + ignorePatterns = lib.mkOption { + type = lib.types.lines; + description = "Patterns to ignore with ripgrep"; + default = '' + !.env* + !.github/ + !.gitignore + !*.tfvars + .terraform/ + .target/ + /Library/ + ''; + }; }; config = lib.mkIf cfg.enable { diff --git a/platforms/home-manager/theme.nix b/platforms/home-manager/theme.nix index 6c2c43d..a2aa13a 100644 --- a/platforms/home-manager/theme.nix +++ b/platforms/home-manager/theme.nix @@ -11,7 +11,7 @@ colors = lib.mkOption { type = lib.types.attrs; description = "Base16 color scheme."; - default = (import ../colorscheme/gruvbox).dark; + default = (import ../../colorscheme/gruvbox).dark; }; mode = lib.mkOption { type = lib.types.enum [ diff --git a/platforms/nixos/modules/nmasur/presets/programs/msmtp.nix b/platforms/nixos/modules/nmasur/presets/programs/msmtp.nix index 574428a..6efdc09 100644 --- a/platforms/nixos/modules/nmasur/presets/programs/msmtp.nix +++ b/platforms/nixos/modules/nmasur/presets/programs/msmtp.nix @@ -2,6 +2,7 @@ config, pkgs, lib, + hostnames, ... }: @@ -16,10 +17,12 @@ in host = lib.mkOption { type = lib.types.str; description = "Hostname for SMTP server"; + default = hostnames.smtp; }; domain = lib.mkOption { type = lib.types.str; description = "Domain name for SMTP email"; + default = hostnames.mail; }; user = lib.mkOption { type = lib.types.str; diff --git a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix b/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix index eb49d3c..c0fe75d 100644 --- a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix +++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix @@ -41,7 +41,7 @@ in user = "${toString (builtins.toString config.users.users.actualbudget.uid)}"; pull = "missing"; privileged = false; - ports = [ "127.0.0.1:${builtins.toString config.services.actualbudget.port}:5006" ]; + ports = [ "127.0.0.1:${builtins.toString cfg.port}:5006" ]; networks = [ ]; log-driver = "journald"; labels = { @@ -65,7 +65,7 @@ in handle = [ { handler = "reverse_proxy"; - upstreams = [ { dial = "localhost:${builtins.toString config.services.actualbudget.port}"; } ]; + upstreams = [ { dial = "localhost:${builtins.toString cfg.port}"; } ]; } ]; } diff --git a/platforms/nixos/modules/nmasur/presets/services/grafana.nix b/platforms/nixos/modules/nmasur/presets/services/grafana.nix index fea5855..90eccd8 100644 --- a/platforms/nixos/modules/nmasur/presets/services/grafana.nix +++ b/platforms/nixos/modules/nmasur/presets/services/grafana.nix @@ -17,7 +17,7 @@ in # Allow Grafana to connect to email service secrets.mailpass-grafana = { - source = ../../../private/mailpass-grafana.age; + source = ../../../../../../private/mailpass-grafana.age; dest = "${config.secretsDirectory}/mailpass-grafana"; owner = "grafana"; group = "grafana"; diff --git a/platforms/nixos/modules/nmasur/presets/services/influxdb2.nix b/platforms/nixos/modules/nmasur/presets/services/influxdb2.nix index b8c5722..1a3e374 100644 --- a/platforms/nixos/modules/nmasur/presets/services/influxdb2.nix +++ b/platforms/nixos/modules/nmasur/presets/services/influxdb2.nix @@ -33,7 +33,7 @@ in # Create credentials file for InfluxDB admin secrets.influxdb2Password = lib.mkIf config.services.influxdb2.enable { - source = ../../../private/influxdb2-password.age; + source = ../../../../../../private/influxdb2-password.age; dest = "${config.secretsDirectory}/influxdb2-password"; owner = "influxdb2"; group = "influxdb2"; @@ -44,7 +44,7 @@ in before = [ "influxdb2.service" ]; }; secrets.influxdb2Token = lib.mkIf config.services.influxdb2.enable { - source = ../../../private/influxdb2-token.age; + source = ../../../../../../private/influxdb2-token.age; dest = "${config.secretsDirectory}/influxdb2-token"; owner = "influxdb2"; group = "influxdb2"; diff --git a/platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix b/platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix index d744df0..48e8e90 100644 --- a/platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix +++ b/platforms/nixos/modules/nmasur/presets/services/nix-autoupgrade.nix @@ -55,7 +55,7 @@ in systemctl status $SERVICE_ID >> $TEMPFILE set -e ${lib.getExe pkgs.msmtp} \ - --file=${config.home-manager.users.${username}.xdg.configDir}/msmtp/config \ + --file=${config.home-manager.users.${username}.xdg.configHome}/msmtp/config \ --account=system \ ${address} < $TEMPFILE ''; diff --git a/platforms/nixos/modules/nmasur/presets/services/paperless.nix b/platforms/nixos/modules/nmasur/presets/services/paperless.nix index 06f9902..2354006 100644 --- a/platforms/nixos/modules/nmasur/presets/services/paperless.nix +++ b/platforms/nixos/modules/nmasur/presets/services/paperless.nix @@ -51,7 +51,7 @@ in services.cloudflare-dyndns.domains = [ hostnames.paperless ]; secrets.paperless = { - source = ../../../private/prometheus.age; + source = ../../../../../../private/prometheus.age; dest = "${config.secretsDirectory}/paperless"; owner = "paperless"; group = "paperless"; diff --git a/platforms/nixos/modules/nmasur/presets/services/prometheus-remote-write.nix b/platforms/nixos/modules/nmasur/presets/services/prometheus-remote-write.nix index 440bea8..6053121 100644 --- a/platforms/nixos/modules/nmasur/presets/services/prometheus-remote-write.nix +++ b/platforms/nixos/modules/nmasur/presets/services/prometheus-remote-write.nix @@ -38,7 +38,7 @@ in # Create credentials file for remote Prometheus push secrets.prometheus = { - source = ../../../private/prometheus.age; + source = ../../../../../../private/prometheus.age; dest = "${config.secretsDirectory}/prometheus"; owner = "prometheus"; group = "prometheus"; diff --git a/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix b/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix index b8cd24f..84d3b1e 100644 --- a/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix +++ b/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix @@ -43,7 +43,7 @@ in }; secrets.vaultwarden = { - source = ../../../private/vaultwarden.age; + source = ../../../../../../private/vaultwarden.age; dest = "${config.secretsDirectory}/vaultwarden"; owner = "vaultwarden"; group = "vaultwarden"; @@ -94,7 +94,9 @@ in { path = "${vaultwardenPath}/db.sqlite3"; replicas = [ - { url = "s3://${config.backup.s3.bucket}.${config.backup.s3.endpoint}/vaultwarden"; } + { + url = "s3://${config.nmasur.presets.services.litestream.s3.bucket}.${config.nmasur.presets.services.litestream.s3.endpoint}/vaultwarden"; + } ]; } ]; @@ -119,7 +121,7 @@ in # Backup other Vaultwarden data to object storage systemd.services.vaultwarden-backup = lib.mkIf config.nmasur.presets.services.litestream.enable { description = "Backup Vaultwarden files"; - environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId; + environment.AWS_ACCESS_KEY_ID = config.nmasur.presets.services.litestream.s3.accessKeyId; serviceConfig = { Type = "oneshot"; User = "vaultwarden"; @@ -129,8 +131,8 @@ in script = '' ${pkgs.awscli2}/bin/aws s3 sync \ ${vaultwardenPath}/ \ - s3://${config.backup.s3.bucket}/vaultwarden/ \ - --endpoint-url=https://${config.backup.s3.endpoint} \ + s3://${config.nmasur.presets.services.litestream.s3.bucket}/vaultwarden/ \ + --endpoint-url=https://${config.nmasur.presets.services.litestream.s3.endpoint} \ --exclude "*db.sqlite3*" \ --exclude ".db.sqlite3*" ''; diff --git a/platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix b/platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix index 1cc8c2b..15364a3 100644 --- a/platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix +++ b/platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix @@ -71,7 +71,7 @@ in }; secrets.vmauth = lib.mkIf config.services.victoriametrics.enable { - source = ../../../private/prometheus.age; + source = ../../../../../../private/prometheus.age; dest = "${config.secretsDirectory}/vmauth"; prefix = "PASSWORD="; }; diff --git a/platforms/nixos/modules/nmasur/presets/services/vm-agent.nix b/platforms/nixos/modules/nmasur/presets/services/vm-agent.nix index 82a4b1b..ac22d66 100644 --- a/platforms/nixos/modules/nmasur/presets/services/vm-agent.nix +++ b/platforms/nixos/modules/nmasur/presets/services/vm-agent.nix @@ -47,7 +47,7 @@ in }; secrets.vmagent = { - source = ../../../private/prometheus.age; + source = ../../../../../../private/prometheus.age; dest = "${config.secretsDirectory}/vmagent"; }; systemd.services.vmagent-secret = lib.mkIf config.services.vmagent.enable { diff --git a/platforms/nixos/modules/nmasur/settings.nix b/platforms/nixos/modules/nmasur/settings.nix index 03ec2ec..cfe13da 100644 --- a/platforms/nixos/modules/nmasur/settings.nix +++ b/platforms/nixos/modules/nmasur/settings.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, hostnames, ... }: { options.nmasur.settings = { @@ -13,7 +13,7 @@ hostnames = lib.mkOption { type = lib.types.attrsOf lib.types.str; description = "Map of service names to FQDNs"; - default = { }; + default = hostnames; }; }; }