noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-05 19:40:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix references

Browse Source
This commit is contained in:
Noah Masur
2025-02-17 14:05:23 -05:00
parent 7de88ba2b6
commit ebd7b88909
54 changed files with 272 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
View File

@ -59,7 +59,7 @@ in
};
# Allow web traffic to Caddy
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.budget ]; } ];
handle = [

8
platforms/nixos/modules/nmasur/presets/services/arr.nix
View File

@ -8,7 +8,7 @@
let
inherit (config.nmasur.settings) hostnames;
cfg = config.nmasur.presets.services.actualbudget;
cfg = config.nmasur.presets.services.arrs;
# This config specifies ports for Prometheus to scrape information
arrConfig = {
@ -46,7 +46,7 @@ in
config = lib.mkIf cfg.enable {
# Required
config.nmasur.profiles.shared-media.enable = true; # Shared user for multiple services
nmasur.profiles.shared-media.enable = true; # Shared user for multiple services
# # Broken on 2024-12-07
# # https://discourse.nixos.org/t/solved-sonarr-is-broken-in-24-11-unstable-aka-how-the-hell-do-i-use-nixpkgs-config-permittedinsecurepackages/
@ -92,7 +92,7 @@ in
# Requires updating the base_url config value in each service
# If you try to rewrite the URL, the service won't redirect properly
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
# Group means that routes with the same name are mutually exclusive,
# so they are split between the appropriate services.
@ -276,7 +276,7 @@ in
};
# Prometheus scrape targets (expose Exportarr to Prometheus)
prometheus.scrapeTargets = map (
nmasur.presets.services.prometheus-exporters.scrapeTargets = map (
key:
"127.0.0.1:${
lib.attrsets.getAttrFromPath [

2
platforms/nixos/modules/nmasur/presets/services/audiobookshelf.nix
View File

@ -28,7 +28,7 @@ in
};
# Allow web traffic to Caddy
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ globals.hostnames.audiobooks ]; } ];
handle = [

16
platforms/nixos/modules/nmasur/presets/services/caddy.nix
View File

@ -43,15 +43,15 @@ in
type = lib.types.listOf lib.types.str;
description = "CIDR blocks to allow for requests";
default = [ ];
merge = lib.mkMerge; # Ensure that values are merged from default
# merge = lib.mkMerge; # Ensure that values are merged from default
};
};
config = lib.mkIf cfg.enable {
# Force Caddy to 403 if not coming from allowlisted source
cfg.cidrAllowlist = lib.mkDefault [ "127.0.0.1/32" ];
cfg.routes = lib.mkBefore [
nmasur.presets.services.caddy.cidrAllowlist = lib.mkDefault [ "127.0.0.1/32" ];
nmasur.presets.services.caddy.routes = lib.mkBefore [
{
match = [ { not = [ { remote_ip.ranges = cfg.cidrAllowlist; } ]; } ];
handle = [
@ -72,7 +72,7 @@ in
getHostnameFromRoute =
route:
if (lib.hasAttr "match" route) then (lib.concatMap getHostnameFromMatch route.match) else [ ];
hostnames_non_unique = lib.concatMap getHostnameFromRoute config.caddy.routes;
hostnames_non_unique = lib.concatMap getHostnameFromRoute cfg.routes;
hostnames = lib.unique hostnames_non_unique;
# Create attrset of subdomains to their fqdns
hostname_map = builtins.listToAttrs (
@ -90,8 +90,8 @@ in
listen = [ ":443" ];
# These routes are pulled from the rest of this repo
routes = config.caddy.routes;
errors.routes = config.caddy.blocks;
routes = cfg.routes;
errors.routes = cfg.blocks;
# Uncommenting collects access logs
logs = {
@ -104,7 +104,7 @@ in
};
};
apps.http.servers.metrics = { }; # Enables Prometheus metrics
apps.tls.automation.policies = config.caddy.tlsPolicies;
apps.tls.automation.policies = cfg.tlsPolicies;
# Setup logging to journal and files
logging.logs =
@ -223,6 +223,6 @@ in
# Caddy exposes Prometheus metrics with the admin API
# https://caddyserver.com/docs/api
prometheus.scrapeTargets = [ "127.0.0.1:2019" ];
nmasur.presets.services.prometheus-exporters.scrapeTargets = [ "127.0.0.1:2019" ];
};
}

2
platforms/nixos/modules/nmasur/presets/services/calibre-web.nix
View File

@ -37,7 +37,7 @@ in
};
# Allow web traffic to Caddy
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.books ]; } ];
handle = [

2
platforms/nixos/modules/nmasur/presets/services/cloudflare.nix
View File

@ -70,7 +70,7 @@ in
plugins = [ "github.com/caddy-dns/cloudflare@master" ];
hash = "sha256-C7JOGd4sXsRZL561oP84V2/pTg7szEgF4OFOw35yS1s=";
};
caddy.tlsPolicies = [
nmasur.presets.services.caddy.tlsPolicies = [
{
issuers = [
{

4
platforms/nixos/modules/nmasur/presets/services/filebrowser.nix
View File

@ -16,10 +16,10 @@ in
services.filebrowser = {
enable = true;
# Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
passwordHash = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
};
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.files ]; } ];
handle = [

4
platforms/nixos/modules/nmasur/presets/services/gitea.nix
View File

@ -61,7 +61,7 @@ in
users.users.${username}.extraGroups = [ "gitea" ];
caddy.routes = [
nmasur.presets.services.caddy.routes = [
# Prevent public access to Prometheus metrics.
{
match = [
@ -95,7 +95,7 @@ in
services.cloudflare-dyndns.domains = [ hostnames.git ];
# Scrape the metrics endpoint for Prometheus.
prometheus.scrapeTargets = [
nmasur.presets.services.prometheus-exporters.scrapeTargets = [
"127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}"
];

2
platforms/nixos/modules/nmasur/presets/services/grafana.nix
View File

@ -2561,7 +2561,7 @@ in
};
};
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.metrics ]; } ];
handle = [

2
platforms/nixos/modules/nmasur/presets/services/immich.nix
View File

@ -29,7 +29,7 @@ in
};
};
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.photos ]; } ];
handle = [

2
platforms/nixos/modules/nmasur/presets/services/influxdb2.nix
View File

@ -55,7 +55,7 @@ in
before = [ "influxdb2.service" ];
};
caddy.routes = lib.mkIf config.services.influxdb2.enable [
nmasur.presets.services.caddy.routes = lib.mkIf config.services.influxdb2.enable [
{
match = [ { host = [ hostnames.influxdb ]; } ];
handle = [

6
platforms/nixos/modules/nmasur/presets/services/jellyfin.nix
View File

@ -14,6 +14,8 @@ let
in
{
options.nmasur.presets.services.jellyfin.enable = lib.mkEnableOption "Jellyfin video streaming";
config = lib.mkIf cfg.enable {
services.jellyfin.group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
@ -21,7 +23,7 @@ in
isSystemUser = true;
};
caddy.routes = [
nmasur.presets.services.caddy.routes = [
# Prevent public access to Prometheus metrics.
{
match = [
@ -79,6 +81,6 @@ in
systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
# Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
prometheus.scrapeTargets = [ "127.0.0.1:8096" ];
nmasur.presets.services.prometheus-exporters.scrapeTargets = [ "127.0.0.1:8096" ];
};
}

2
platforms/nixos/modules/nmasur/presets/services/litestream.nix
View File

@ -55,7 +55,7 @@ in
# Broken on 2024-08-23
# https://github.com/NixOS/nixpkgs/commit/0875d0ce1c778f344cd2377a5337a45385d6ffa0
insecurePackages = [ "litestream-0.3.13" ];
allowInsecurePackages = [ "litestream-0.3.13" ];
# Wait for secret to exist
systemd.services.litestream = {

2
platforms/nixos/modules/nmasur/presets/services/minecraft-server.nix
View File

@ -53,7 +53,7 @@ in
networking.firewall.allowedTCPPorts = [ publicPort ];
cloudflare.noProxyDomains = [ hostnames.minecraft ];
nmasur.presets.services.cloudflare.noProxyDomains = [ hostnames.minecraft ];
## Automatically start and stop Minecraft server based on player connections

2
platforms/nixos/modules/nmasur/presets/services/n8n.nix
View File

@ -33,7 +33,7 @@ in
services.cloudflare-dyndns.domains = [ hostnames.n8n ];
# Allow web traffic to Caddy
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.n8n ]; } ];
handle = [

4
platforms/nixos/modules/nmasur/presets/services/nextcloud.nix
View File

@ -63,7 +63,7 @@ in
users.users.caddy.extraGroups = [ "nextcloud" ];
# Point Caddy to Nginx
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.content ]; } ];
handle = [
@ -225,7 +225,7 @@ in
url = "https://${hostnames.content}";
passwordFile = config.services.nextcloud.config.adminpassFile;
};
prometheus.scrapeTargets = [
nmasur.presets.services.prometheus-exporters.scrapeTargets = [
"127.0.0.1:${builtins.toString config.services.prometheus.exporters.nextcloud.port}"
];
# Allows nextcloud-exporter to read passwordFile

2
platforms/nixos/modules/nmasur/presets/services/ntfy-sh.nix
View File

@ -21,7 +21,7 @@ in
};
};
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.notifications ]; } ];
handle = [

2
platforms/nixos/modules/nmasur/presets/services/paperless.nix
View File

@ -30,7 +30,7 @@ in
users.users.nextcloud.extraGroups = lib.mkIf config.services.nextcloud.enable [ "paperless" ];
users.users.${username}.extraGroups = [ "paperless" ];
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [
{

49
platforms/nixos/modules/nmasur/presets/services/postgresql.nix
View File

@ -12,30 +12,31 @@ in
{
options.nmasur.presets.services.postgresql.enable = lib.mkEnableOption "Postgresql database";
services.postgresql = lib.mkIf cfg.enable {
enable = true;
package = pkgs.postgresql_15;
settings = { };
authentication = ''
local all postgres peer map=root
local all admin peer map=admin
'';
identMap = ''
root postgres postgres
root root postgres
admin ${username} admin
'';
ensureUsers = [
{
name = "admin";
ensureClauses = {
createdb = true;
createrole = true;
login = true;
};
}
];
config = lib.mkIf cfg.enable {
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
settings = { };
authentication = ''
local all postgres peer map=root
local all admin peer map=admin
'';
identMap = ''
root postgres postgres
root root postgres
admin ${username} admin
'';
ensureUsers = [
{
name = "admin";
ensureClauses = {
createdb = true;
createrole = true;
login = true;
};
}
];
};
};
}

2
platforms/nixos/modules/nmasur/presets/services/prometheus-exporters.nix
View File

@ -27,7 +27,7 @@ in
config = lib.mkIf cfg.enable {
# Default scrape the basic host information
cfg.scrapeTargets = [
nmasur.presets.services.prometheus-exporters.scrapeTargets = [
"127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${builtins.toString config.services.prometheus.exporters.systemd.port}"
"127.0.0.1:${builtins.toString config.services.prometheus.exporters.process.port}"

18
platforms/nixos/modules/nmasur/presets/services/template.nix
View File

@ -1,18 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.nmasur.presets.services.;
in
{
options.nmasur.presets.services..enable = lib.mkEnableOption "";
config = lib.mkIf cfg.enable {
};
}

4
platforms/nixos/modules/nmasur/presets/services/thelounge.nix
View File

@ -5,6 +5,8 @@ let
in
{
options.nmasur.presets.services.thelounge.enable = lib.mkEnableOption "TheLounge IRC chat service";
config = lib.mkIf cfg.enable {
services.thelounge = {
@ -21,7 +23,7 @@ in
# sudo su - thelounge -s /bin/sh -c "thelounge add myuser"
# Allow web traffic to Caddy
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.irc ]; } ];
handle = [

2
platforms/nixos/modules/nmasur/presets/services/transmission.nix
View File

@ -64,7 +64,7 @@ in
};
# Create reverse proxy for web UI
caddy.routes =
nmasur.presets.services.caddy.routes =
let
# Set if the download domain is the same as the Transmission domain
useDownloadDomain = hostnames.download == hostnames.transmission;

2
platforms/nixos/modules/nmasur/presets/services/uptime-kuma.nix
View File

@ -19,7 +19,7 @@ in
};
# Allow web traffic to Caddy
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.status ]; } ];
handle = [

2
platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix
View File

@ -51,7 +51,7 @@ in
networking.firewall.allowedTCPPorts = [ 3012 ];
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.secrets ]; } ];
handle = [

6
platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix
View File

@ -20,7 +20,9 @@ let
{
job_name = config.networking.hostName;
stream_parse = true;
static_configs = [ { targets = config.prometheus.scrapeTargets; } ];
static_configs = [
{ targets = config.nmasur.presets.services.prometheus-exporters.scrapeTargets; }
];
}
];
};
@ -78,7 +80,7 @@ in
before = [ "vmauth.service" ];
};
caddy.routes = [
nmasur.presets.services.caddy.routes = [
{
match = [ { host = [ hostnames.prometheus ]; } ];
handle = [

4
platforms/nixos/modules/nmasur/presets/services/vm-agent.nix
View File

@ -20,7 +20,9 @@ let
{
job_name = config.networking.hostName;
stream_parse = true;
static_configs = [ { targets = config.prometheus.scrapeTargets; } ];
static_configs = [
{ targets = config.nmasur.presets.services.prometheus-exporters.scrapeTargets; }
];
}
];
};

2
platforms/nixos/modules/nmasur/presets/zfs.nix
View File

@ -20,7 +20,7 @@ in
boot.kernelParams = [ "nohibernate" ]; # ZFS does not work with hibernation
boot.supportedFilesystems = [ "zfs" ];
services.prometheus.exporters.zfs.enable = config.prometheus.exporters.enable;
prometheus.scrapeTargets = [
nmasur.presets.services.prometheus-exporters.scrapeTargets = [
"127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}"
];

20
platforms/nixos/modules/nmasur/profiles/aws.nix
View File

@ -1,20 +0,0 @@
{ config, lib, ... }:
let
cfg = config.nmasur.profiles.aws;
in
{
options.nmasur.profiles.aws.enable = lib.mkEnableOption "AWS EC2";
config = lib.mkIf cfg.enable {
# AWS settings require this
permitRootLogin = "prohibit-password";
# Make sure disk size is large enough
# https://github.com/nix-community/nixos-generators/issues/150
amazonImage.sizeMB = 16 * 1024;
};
}

2
platforms/nixos/modules/nmasur/profiles/nas.nix
View File

@ -20,7 +20,7 @@ in
msmtp.enable = lib.mkDefault true;
};
services = {
arr.enable = lib.mkDefault true;
arrs.enable = lib.mkDefault true;
audiobookshelf.enable = lib.mkDefault true;
bind.enable = lib.mkDefault true;
caddy.enable = lib.mkDefault true;