fix references

2025-02-22 19:42:02 +00:00 · 2025-02-17 14:05:23 -05:00 · 2025-02-17 14:05:23 -05:00 · ebd7b88909
commit ebd7b88909
parent 7de88ba2b6
54 changed files with 272 additions and 216 deletions
--- a/hosts-old/aarch64-darwin/default.nix
+++ b/hosts-old/aarch64-darwin/default.nix
@ -5,6 +5,8 @@
 lib.pipe (lib.filesystem.listFilesRecursive ./.) [
  # Get only files ending in default.nix
  (builtins.filter (name: lib.hasSuffix "default.nix" name))
  # Remove this file
  (builtins.filter (name: name != ./default.nix))
  # Import each host function
  map
  (file: {
--- a/hosts-old/aarch64-linux/default.nix
+++ b/hosts-old/aarch64-linux/default.nix
@ -9,6 +9,8 @@ in
 lib.pipe (lib.filesystem.listFilesRecursive ./.) [
  # Get only files ending in default.nix
  (builtins.filter (name: lib.hasSuffix "default.nix" name))
  # Remove this file
  (builtins.filter (name: name != ./default.nix))
  # Import each host function
  map
  (file: {
--- a/hosts-old/x86_64-linux/default.nix
+++ b/hosts-old/x86_64-linux/default.nix
@ -9,6 +9,8 @@ in
 lib.pipe (lib.filesystem.listFilesRecursive ./.) [
  # Get only files ending in default.nix
  (builtins.filter (name: lib.hasSuffix "default.nix" name))
  # Remove this file
  (builtins.filter (name: name != ./default.nix))
  # Import each host function
  map
  (file: {
--- a/hosts/nixos/swan/default.nix
+++ b/hosts/nixos/swan/default.nix
@ -13,13 +13,14 @@ rec {
      in
      {
        audiobooks = "read.${baseName}";
        books = "books.${baseName}";
        content = "cloud.${baseName}";
        download = "download.${baseName}";
        files = "files.${baseName}";
        paperless = "paper.${baseName}";
        photos = "photos.${baseName}";
        prometheus = "prom.${baseName}";
        stream = "stream.${baseName}";
        content = "cloud.${baseName}";
        books = "books.${baseName}";
        download = "download.${baseName}";
      };
  };
--- a/hosts/nixos/tempest/default.nix
+++ b/hosts/nixos/tempest/default.nix
@ -8,6 +8,13 @@ rec {
  nmasur.settings = {
    username = "noah";
    fullName = "Noah Masur";
    hostnames =
      let
        baseName = "masu.rs";
      in
      {
        prometheus = "prom.${baseName}";
      };
  };
  nmasur.profiles = {
--- a/platforms/generators/aws/default.nix
+++ b/platforms/generators/aws/default.nix
@ -0,0 +1,31 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 let
  cfg = config.aws;
 in
 {
  options.aws.enable = lib.mkEnableOption "AWS EC2";
  config = lib.mkIf cfg.enable {
    # AWS settings require this
    permitRootLogin = "prohibit-password";
    # Make sure disk size is large enough
    # https://github.com/nix-community/nixos-generators/issues/150
    amazonImage.sizeMB = 16 * 1024;
    boot.kernelPackages = pkgs.legacyPackages.x86_64-linux.linuxKernel.packages.linux_6_6;
    boot.loader.systemd-boot.enable = lib.mkForce false;
    boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
    services.amazon-ssm-agent.enable = true;
    users.users.ssm-user.extraGroups = [ "wheel" ];
  };
 }
--- a/platforms/generators/default.nix
+++ b/platforms/generators/default.nix
@ -0,0 +1,9 @@
 { lib, ... }:
 {
  imports = lib.pipe (lib.filesystem.listFilesRecursive ./.) [
    # Get only files ending in .nix
    (builtins.filter (name: lib.hasSuffix ".nix" name))
    # Remove this file
    (builtins.filter (name: name != ./default.nix))
  ];
 }
--- a/platforms/home-manager/default.nix
+++ b/platforms/home-manager/default.nix
@ -3,5 +3,7 @@
  imports = lib.pipe (lib.filesystem.listFilesRecursive ./.) [
    # Get only files ending in .nix
    (builtins.filter (name: lib.hasSuffix ".nix" name))
    # Remove this file
    (builtins.filter (name: name != ./default.nix))
  ];
 }
--- a/platforms/home-manager/modules/nmasur/presets/programs/doas.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/doas.nix
@ -15,12 +15,12 @@ in
  config = lib.mkIf cfg.enable {
    # Alias sudo to doas for convenience
-    fish.shellAliases = {
+    programs.fish.shellAliases = {
      sudo = "doas";
    };
    # Disable overriding our sudo alias with a TERMINFO alias
-    kitty.settings.shell_integration = "no-sudo";
+    programs.kitty.settings.shell_integration = "no-sudo";
  };
 }
--- a/platforms/home-manager/modules/nmasur/presets/programs/dotfiles.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/dotfiles.nix
@ -12,7 +12,7 @@ in
  # Allows me to make sure I can work on my dotfiles locally
-  options.nmasur.preset.programs.dotfiles = {
+  options.nmasur.presets.programs.dotfiles = {
    enable = lib.mkEnableOption "Clone dotfiles repository";
    repo = lib.mkOption {
      type = lib.types.str;
--- a/platforms/home-manager/modules/nmasur/presets/programs/fish.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/fish.nix
@ -21,7 +21,7 @@ in
  config = lib.mkIf cfg.enable {
-    cfg.fish_user_key_bindings = # fish
+    nmasur.presets.programs.fish.fish_user_key_bindings = # fish
      ''
        # Shift-Enter (defined by terminal)
        bind -M insert \x1F accept-autosuggestion
--- a/platforms/home-manager/modules/nmasur/presets/programs/jujutsu.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/jujutsu.nix
@ -13,13 +13,15 @@ in
  options.nmasur.presets.programs.jujutsu.enable = lib.mkEnableOption "Jujutsu version control";
  config = lib.mkIf cfg.enable {
-    enable = true;
+    programs.jujutsu = {
      enable = true;
-    # https://github.com/martinvonz/jj/blob/main/docs/config.md
+      # https://github.com/martinvonz/jj/blob/main/docs/config.md
-    settings = {
+      settings = {
-      user = {
+        user = {
-        name = config.programs.git.userName;
+          name = config.programs.git.userName;
-        email = config.programs.git.userEmail;
+          email = config.programs.git.userEmail;
        };
      };
    };
--- a/platforms/home-manager/modules/nmasur/presets/programs/mpv.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/mpv.nix
@ -6,12 +6,12 @@
 }:
 let
-  cfg = config.nmasur.presets.programs.alacritty;
+  cfg = config.nmasur.presets.programs.mpv;
 in
 {
-  options.nmasur.presets.programs.alacritty.enable = lib.mkEnableOption "Alacritty terminal";
+  options.nmasur.presets.programs.mpv.enable = lib.mkEnableOption "mpv video player";
  config = lib.mkIf cfg.enable {
    # Video player
--- a/platforms/home-manager/modules/nmasur/presets/programs/neovim.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/neovim.nix
@ -28,7 +28,7 @@ in
    home.packages = [ cfg.package ];
-    cfg.package = lib.mkDefault pkgs.nmasur-neovim.override {
+    nmasur.presets.programs.neovim.package = lib.mkDefault pkgs.nmasur-neovim.override {
      colors = cfg.colors;
      github = cfg.github.enable;
      terraform = cfg.terraform.enable;
--- a/platforms/home-manager/modules/nmasur/presets/programs/nixpkgs.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/nixpkgs.nix
@ -6,7 +6,6 @@
 }:
 let
  inherit (config.nmasur.settings) username;
  cfg = config.nmasur.presets.programs.nixpkgs;
 in
@ -110,51 +109,47 @@ in
        ''
      );
-    # Set automatic generation cleanup for home-manager
+    nix = {
-    nix.gc = {
+
-      automatic = config.nix.gc.automatic;
+      # Set channel to flake packages, used for nix-shell commands
-      options = config.nix.gc.options;
+      nixPath = [ "nixpkgs=${pkgs.path}" ];
      # For security, only allow specific users
      settings.allowed-users = [
        "@wheel" # Anyone in the wheel group
        config.home.username # The current user
      ];
      # Enable features in Nix commands
      extraOptions = ''
        experimental-features = nix-command flakes
        warn-dirty = false
      '';
      # Set automatic generation cleanup for home-manager
      gc = {
        automatic = true;
        options = "--delete-older-than 10d";
      };
      settings = {
        # Add community Cachix to binary cache
        # Don't use at work because blocked by corporate firewall
        builders-use-substitutes = true;
        substituters = lib.mkIf (!config.nmasur.profiles.work.enable) [
          "https://nix-community.cachix.org"
        ];
        trusted-public-keys = lib.mkIf (!config.nmasur.profiles.work.enable) [
          "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        ];
        # Scans and hard links identical files in the store
        # Not working with macOS: https://github.com/NixOS/nix/issues/7273
        auto-optimise-store = lib.mkIf (!pkgs.stdenv.isDarwin) true;
      };
    };
  };
  nix = {
    # Set channel to flake packages, used for nix-shell commands
    nixPath = [ "nixpkgs=${pkgs.path}" ];
    # For security, only allow specific users
    settings.allowed-users = [
      "@wheel" # Anyone in the wheel group
      config.home.username # The current user
    ];
    # Enable features in Nix commands
    extraOptions = ''
      experimental-features = nix-command flakes
      warn-dirty = false
    '';
    gc = {
      automatic = true;
      options = "--delete-older-than 10d";
    };
    settings = {
      # Add community Cachix to binary cache
      # Don't use at work because blocked by corporate firewall
      builders-use-substitutes = true;
      substituters = lib.mkIf (!config.nmasur.profiles.work.enable) [
        "https://nix-community.cachix.org"
      ];
      trusted-public-keys = lib.mkIf (!config.nmasur.profiles.work.enable) [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      # Scans and hard links identical files in the store
      # Not working with macOS: https://github.com/NixOS/nix/issues/7273
      auto-optimise-store = lib.mkIf (!pkgs.stdenv.isDarwin) true;
    };
  };
 }
--- a/platforms/home-manager/modules/nmasur/presets/programs/rofi/brightness.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/rofi/brightness.nix
@ -13,43 +13,48 @@ in
  # Adapted from:
  # A rofi powered menu to execute brightness choices.
-  config.brightnessCommand = lib.mkIf config.nmasur.presets.programs.rofi.enable builtins.toString (
+  config.nmasur.presets.services.i3.commands.brightness =
-    pkgs.writeShellScript "brightness" ''
+    lib.mkIf config.nmasur.presets.programs.rofi.enable
      (
        builtins.toString (
          pkgs.writeShellScript "brightness" # bash
            ''
-      dimmer="󰃝"
+              dimmer="󰃝"
-      medium="󰃟"
+              medium="󰃟"
-      brighter="󰃠"
+              brighter="󰃠"
-      chosen=$(printf '%s;%s;%s\n' \
+              chosen=$(printf '%s;%s;%s\n' \
-          "$dimmer" \
+                  "$dimmer" \
-          "$medium" \
+                  "$medium" \
-          "$brighter" \
+                  "$brighter" \
-          | ${lib.getExe rofi} \
+                  | ${lib.getExe rofi} \
-              -theme-str '@import "brightness.rasi"' \
+                      -theme-str '@import "brightness.rasi"' \
-              -hover-select \
+                      -hover-select \
-              -me-select-entry ''' \
+                      -me-select-entry ''' \
-              -me-accept-entry MousePrimary \
+                      -me-accept-entry MousePrimary \
-              -dmenu \
+                      -dmenu \
-              -sep ';' \
+                      -sep ';' \
-              -selected-row 1)
+                      -selected-row 1)
-      case "$chosen" in
+              case "$chosen" in
-          "$dimmer")
+                  "$dimmer")
-              ${lib.getExe pkgs.ddcutil} --display 1 setvcp 10 25; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 25
+                      ${lib.getExe pkgs.ddcutil} --display 1 setvcp 10 25; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 25
-              ;;
+                      ;;
-          "$medium")
+                  "$medium")
-              ${lib.getExe pkgs.ddcutil} --display 1 setvcp 10 75; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 75
+                      ${lib.getExe pkgs.ddcutil} --display 1 setvcp 10 75; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 75
-              ;;
+                      ;;
-          "$brighter")
+                  "$brighter")
-              ${lib.getExe pkgs.ddcutil} --display 1 setvcp 10 100; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 100
+                      ${lib.getExe pkgs.ddcutil} --display 1 setvcp 10 100; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 100
-              ;;
+                      ;;
-          *) exit 1 ;;
+                  *) exit 1 ;;
-      esac
+              esac
-    ''
+            ''
-  );
+        )
      );
 }
--- a/platforms/home-manager/modules/nmasur/presets/programs/rofi/default.nix
+++ b/platforms/home-manager/modules/nmasur/presets/programs/rofi/default.nix
@ -38,7 +38,7 @@ in
      {
        launcher = ''${lib.getExe rofi} -modes drun -show drun -theme-str '@import "launcher.rasi"' '';
        systemdSearch = lib.getExe pkgs.rofi-systemd;
-        altTab = "${lib.getExe rofi} -show window -modi window";
+        applicationSwitch = "${lib.getExe rofi} -show window -modi window";
        calculator = "${lib.getExe rofi} -modes calc -show calc";
        audioSwitch = lib.getExe (
          pkgs.writeShellApplication {
--- a/platforms/home-manager/modules/nmasur/presets/services/dunst.nix
+++ b/platforms/home-manager/modules/nmasur/presets/services/dunst.nix
@ -13,23 +13,25 @@ in
  options.nmasur.presets.services.dunst.enable = lib.mkEnableOption "Dunst notification system";
  config = lib.mkIf cfg.enable {
-    enable = false;
+    services.dunst = {
-    settings = {
+      enable = false;
-      global = {
+      settings = {
-        width = 300;
+        global = {
-        height = 200;
+          width = 300;
-        offset = "30x50";
+          height = 200;
-        origin = "top-right";
+          offset = "30x50";
-        transparency = 0;
+          origin = "top-right";
-        padding = 20;
+          transparency = 0;
-        horizontal_padding = 20;
+          padding = 20;
-        frame_color = config.theme.colors.base03;
+          horizontal_padding = 20;
-      };
+          frame_color = config.theme.colors.base03;
        };
-      urgency_normal = {
+        urgency_normal = {
-        background = config.theme.colors.base00;
+          background = config.theme.colors.base00;
-        foreground = config.theme.colors.base05;
+          foreground = config.theme.colors.base05;
-        timeout = 10;
+          timeout = 10;
        };
      };
    };
--- a/platforms/home-manager/modules/nmasur/presets/services/i3.nix
+++ b/platforms/home-manager/modules/nmasur/presets/services/i3.nix
@ -190,7 +190,9 @@ in
              lib.mkIf cfg.commands.systemdSearch != null "exec --no-startup-id ${cfg.commands.systemdSearch}";
            "${modifier}+Shift+a" =
              lib.mkIf cfg.commands.audioSwitch != null "exec --no-startup-id ${cfg.commands.audioSwitch}";
-            "Mod1+Tab" = lib.mkIf cfg.commands.altTab != null "exec --no-startup-id ${cfg.commands.altTab}";
+            "Mod1+Tab" =
              lib.mkIf cfg.commands.applicationSwitch
              != null "exec --no-startup-id ${cfg.commands.applicationSwitch}";
            "${modifier}+Shift+period" =
              lib.mkIf cfg.commands.power != null "exec --no-startup-id ${cfg.commands.power}";
            "${modifier}+Shift+m" =
--- a/platforms/home-manager/modules/nmasur/presets/services/mbsync.nix
+++ b/platforms/home-manager/modules/nmasur/presets/services/mbsync.nix
@ -12,7 +12,7 @@ in
 {
-  options.nmasur.preset.services.mbsync = {
+  options.nmasur.presets.services.mbsync = {
    enable = lib.mkEnableOption "Mail service.";
    user = lib.mkOption {
      type = lib.types.str;
--- a/platforms/home-manager/modules/nmasur/profiles/linux-gui.nix
+++ b/platforms/home-manager/modules/nmasur/profiles/linux-gui.nix
@ -14,8 +14,8 @@ in
  config = lib.mkIf cfg.enable {
    nmasur.gtk.enable = lib.mkDefault true;
    nmasur.presets = {
      gtk.enable = lib.mkDefault true;
      programs = {
        _1password.enable = lib.mkDefault true;
        aerc.enable = lib.mkDefault true;
--- a/platforms/home-manager/modules/nmasur/settings.nix
+++ b/platforms/home-manager/modules/nmasur/settings.nix
@ -0,0 +1,19 @@
 { lib, ... }:
 {
  options.nmasur.settings = {
    username = lib.mkOption {
      type = lib.types.str;
      description = "Primary username for the system";
    };
    fullName = lib.mkOption {
      type = lib.types.str;
      description = "Human readable name of the user";
    };
    hostnames = lib.mkOption {
      type = lib.types.attrsOf lib.types.str;
      description = "Map of service names to FQDNs";
      default = { };
    };
  };
 }
--- a/platforms/nix-darwin/default.nix
+++ b/platforms/nix-darwin/default.nix
@ -3,5 +3,7 @@
  imports = lib.pipe (lib.filesystem.listFilesRecursive ./.) [
    # Get only files ending in .nix
    (builtins.filter (name: lib.hasSuffix ".nix" name))
    # Remove this file
    (builtins.filter (name: name != ./default.nix))
  ];
 }
--- a/platforms/nixos/default.nix
+++ b/platforms/nixos/default.nix
@ -3,5 +3,7 @@
  imports = lib.pipe (lib.filesystem.listFilesRecursive ./.) [
    # Get only files ending in .nix
    (builtins.filter (name: lib.hasSuffix ".nix" name))
    # Remove this file
    (builtins.filter (name: name != ./default.nix))
  ];
 }
--- a/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/actualbudget.nix
@ -59,7 +59,7 @@ in
    };
    # Allow web traffic to Caddy
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.budget ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/arr.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/arr.nix
@ -8,7 +8,7 @@
 let
  inherit (config.nmasur.settings) hostnames;
-  cfg = config.nmasur.presets.services.actualbudget;
+  cfg = config.nmasur.presets.services.arrs;
  # This config specifies ports for Prometheus to scrape information
  arrConfig = {
@ -46,7 +46,7 @@ in
  config = lib.mkIf cfg.enable {
    # Required
-    config.nmasur.profiles.shared-media.enable = true; # Shared user for multiple services
+    nmasur.profiles.shared-media.enable = true; # Shared user for multiple services
    # # Broken on 2024-12-07
    # # https://discourse.nixos.org/t/solved-sonarr-is-broken-in-24-11-unstable-aka-how-the-hell-do-i-use-nixpkgs-config-permittedinsecurepackages/
@ -92,7 +92,7 @@ in
    # Requires updating the base_url config value in each service
    # If you try to rewrite the URL, the service won't redirect properly
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        # Group means that routes with the same name are mutually exclusive,
        # so they are split between the appropriate services.
@ -276,7 +276,7 @@ in
    };
    # Prometheus scrape targets (expose Exportarr to Prometheus)
-    prometheus.scrapeTargets = map (
+    nmasur.presets.services.prometheus-exporters.scrapeTargets = map (
      key:
      "127.0.0.1:${
        lib.attrsets.getAttrFromPath [
--- a/platforms/nixos/modules/nmasur/presets/services/audiobookshelf.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/audiobookshelf.nix
@ -28,7 +28,7 @@ in
    };
    # Allow web traffic to Caddy
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ globals.hostnames.audiobooks ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/caddy.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/caddy.nix
@ -43,15 +43,15 @@ in
      type = lib.types.listOf lib.types.str;
      description = "CIDR blocks to allow for requests";
      default = [ ];
-      merge = lib.mkMerge; # Ensure that values are merged from default
+      # merge = lib.mkMerge; # Ensure that values are merged from default
    };
  };
  config = lib.mkIf cfg.enable {
    # Force Caddy to 403 if not coming from allowlisted source
-    cfg.cidrAllowlist = lib.mkDefault [ "127.0.0.1/32" ];
+    nmasur.presets.services.caddy.cidrAllowlist = lib.mkDefault [ "127.0.0.1/32" ];
-    cfg.routes = lib.mkBefore [
+    nmasur.presets.services.caddy.routes = lib.mkBefore [
      {
        match = [ { not = [ { remote_ip.ranges = cfg.cidrAllowlist; } ]; } ];
        handle = [
@ -72,7 +72,7 @@ in
        getHostnameFromRoute =
          route:
          if (lib.hasAttr "match" route) then (lib.concatMap getHostnameFromMatch route.match) else [ ];
-        hostnames_non_unique = lib.concatMap getHostnameFromRoute config.caddy.routes;
+        hostnames_non_unique = lib.concatMap getHostnameFromRoute cfg.routes;
        hostnames = lib.unique hostnames_non_unique;
        # Create attrset of subdomains to their fqdns
        hostname_map = builtins.listToAttrs (
@ -90,8 +90,8 @@ in
              listen = [ ":443" ];
              # These routes are pulled from the rest of this repo
-              routes = config.caddy.routes;
+              routes = cfg.routes;
-              errors.routes = config.caddy.blocks;
+              errors.routes = cfg.blocks;
              # Uncommenting collects access logs
              logs = {
@ -104,7 +104,7 @@ in
              };
            };
            apps.http.servers.metrics = { }; # Enables Prometheus metrics
-            apps.tls.automation.policies = config.caddy.tlsPolicies;
+            apps.tls.automation.policies = cfg.tlsPolicies;
            # Setup logging to journal and files
            logging.logs =
@ -223,6 +223,6 @@ in
    # Caddy exposes Prometheus metrics with the admin API
    # https://caddyserver.com/docs/api
-    prometheus.scrapeTargets = [ "127.0.0.1:2019" ];
+    nmasur.presets.services.prometheus-exporters.scrapeTargets = [ "127.0.0.1:2019" ];
  };
 }
--- a/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix
@ -37,7 +37,7 @@ in
    };
    # Allow web traffic to Caddy
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.books ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/cloudflare.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare.nix
@ -70,7 +70,7 @@ in
      plugins = [ "github.com/caddy-dns/cloudflare@master" ];
      hash = "sha256-C7JOGd4sXsRZL561oP84V2/pTg7szEgF4OFOw35yS1s=";
    };
-    caddy.tlsPolicies = [
+    nmasur.presets.services.caddy.tlsPolicies = [
      {
        issuers = [
          {
--- a/platforms/nixos/modules/nmasur/presets/services/filebrowser.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/filebrowser.nix
@ -16,10 +16,10 @@ in
    services.filebrowser = {
      enable = true;
      # Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
-      password = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
+      passwordHash = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
    };
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.files ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/gitea.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/gitea.nix
@ -61,7 +61,7 @@ in
    users.users.${username}.extraGroups = [ "gitea" ];
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      # Prevent public access to Prometheus metrics.
      {
        match = [
@ -95,7 +95,7 @@ in
    services.cloudflare-dyndns.domains = [ hostnames.git ];
    # Scrape the metrics endpoint for Prometheus.
-    prometheus.scrapeTargets = [
+    nmasur.presets.services.prometheus-exporters.scrapeTargets = [
      "127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}"
    ];
--- a/platforms/nixos/modules/nmasur/presets/services/grafana.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/grafana.nix
@ -2561,7 +2561,7 @@ in
      };
    };
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.metrics ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/immich.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/immich.nix
@ -29,7 +29,7 @@ in
      };
    };
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.photos ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/influxdb2.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/influxdb2.nix
@ -55,7 +55,7 @@ in
      before = [ "influxdb2.service" ];
    };
-    caddy.routes = lib.mkIf config.services.influxdb2.enable [
+    nmasur.presets.services.caddy.routes = lib.mkIf config.services.influxdb2.enable [
      {
        match = [ { host = [ hostnames.influxdb ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/jellyfin.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/jellyfin.nix
@ -14,6 +14,8 @@ let
 in
 {
  options.nmasur.presets.services.jellyfin.enable = lib.mkEnableOption "Jellyfin video streaming";
  config = lib.mkIf cfg.enable {
    services.jellyfin.group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
@ -21,7 +23,7 @@ in
      isSystemUser = true;
    };
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      # Prevent public access to Prometheus metrics.
      {
        match = [
@ -79,6 +81,6 @@ in
    systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
    # Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
-    prometheus.scrapeTargets = [ "127.0.0.1:8096" ];
+    nmasur.presets.services.prometheus-exporters.scrapeTargets = [ "127.0.0.1:8096" ];
  };
 }
--- a/platforms/nixos/modules/nmasur/presets/services/litestream.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/litestream.nix
@ -55,7 +55,7 @@ in
    # Broken on 2024-08-23
    # https://github.com/NixOS/nixpkgs/commit/0875d0ce1c778f344cd2377a5337a45385d6ffa0
-    insecurePackages = [ "litestream-0.3.13" ];
+    allowInsecurePackages = [ "litestream-0.3.13" ];
    # Wait for secret to exist
    systemd.services.litestream = {
--- a/platforms/nixos/modules/nmasur/presets/services/minecraft-server.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/minecraft-server.nix
@ -53,7 +53,7 @@ in
    networking.firewall.allowedTCPPorts = [ publicPort ];
-    cloudflare.noProxyDomains = [ hostnames.minecraft ];
+    nmasur.presets.services.cloudflare.noProxyDomains = [ hostnames.minecraft ];
    ## Automatically start and stop Minecraft server based on player connections
--- a/platforms/nixos/modules/nmasur/presets/services/n8n.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/n8n.nix
@ -33,7 +33,7 @@ in
    services.cloudflare-dyndns.domains = [ hostnames.n8n ];
    # Allow web traffic to Caddy
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.n8n ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/nextcloud.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/nextcloud.nix
@ -63,7 +63,7 @@ in
    users.users.caddy.extraGroups = [ "nextcloud" ];
    # Point Caddy to Nginx
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.content ]; } ];
        handle = [
@ -225,7 +225,7 @@ in
      url = "https://${hostnames.content}";
      passwordFile = config.services.nextcloud.config.adminpassFile;
    };
-    prometheus.scrapeTargets = [
+    nmasur.presets.services.prometheus-exporters.scrapeTargets = [
      "127.0.0.1:${builtins.toString config.services.prometheus.exporters.nextcloud.port}"
    ];
    # Allows nextcloud-exporter to read passwordFile
--- a/platforms/nixos/modules/nmasur/presets/services/ntfy-sh.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/ntfy-sh.nix
@ -21,7 +21,7 @@ in
      };
    };
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.notifications ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/paperless.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/paperless.nix
@ -30,7 +30,7 @@ in
    users.users.nextcloud.extraGroups = lib.mkIf config.services.nextcloud.enable [ "paperless" ];
    users.users.${username}.extraGroups = [ "paperless" ];
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [
          {
--- a/platforms/nixos/modules/nmasur/presets/services/postgresql.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/postgresql.nix
@ -12,30 +12,31 @@ in
 {
  options.nmasur.presets.services.postgresql.enable = lib.mkEnableOption "Postgresql database";
-
+  config = lib.mkIf cfg.enable {
-  services.postgresql = lib.mkIf cfg.enable {
+    services.postgresql = {
-    enable = true;
+      enable = true;
-    package = pkgs.postgresql_15;
+      package = pkgs.postgresql_15;
-    settings = { };
+      settings = { };
-    authentication = ''
+      authentication = ''
-      local all postgres peer map=root
+        local all postgres peer map=root
-      local all admin peer map=admin
+        local all admin peer map=admin
-    '';
+      '';
-    identMap = ''
+      identMap = ''
-      root      postgres          postgres
+        root      postgres          postgres
-      root      root              postgres
+        root      root              postgres
-      admin     ${username}    admin
+        admin     ${username}    admin
-    '';
+      '';
-    ensureUsers = [
+      ensureUsers = [
-      {
+        {
-        name = "admin";
+          name = "admin";
-        ensureClauses = {
+          ensureClauses = {
-          createdb = true;
+            createdb = true;
-          createrole = true;
+            createrole = true;
-          login = true;
+            login = true;
-        };
+          };
-      }
+        }
-    ];
+      ];
    };
  };
 }
--- a/platforms/nixos/modules/nmasur/presets/services/prometheus-exporters.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/prometheus-exporters.nix
@ -27,7 +27,7 @@ in
  config = lib.mkIf cfg.enable {
    # Default scrape the basic host information
-    cfg.scrapeTargets = [
+    nmasur.presets.services.prometheus-exporters.scrapeTargets = [
      "127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}"
      "127.0.0.1:${builtins.toString config.services.prometheus.exporters.systemd.port}"
      "127.0.0.1:${builtins.toString config.services.prometheus.exporters.process.port}"
--- a/platforms/nixos/modules/nmasur/presets/services/template.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/template.nix
@ -1,18 +0,0 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 let
  cfg = config.nmasur.presets.services.;
 in
 {
  options.nmasur.presets.services..enable = lib.mkEnableOption "";
  config = lib.mkIf cfg.enable {
  };
 }
--- a/platforms/nixos/modules/nmasur/presets/services/thelounge.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/thelounge.nix
@ -5,6 +5,8 @@ let
 in
 {
  options.nmasur.presets.services.thelounge.enable = lib.mkEnableOption "TheLounge IRC chat service";
  config = lib.mkIf cfg.enable {
    services.thelounge = {
@ -21,7 +23,7 @@ in
    # sudo su - thelounge -s /bin/sh -c "thelounge add myuser"
    # Allow web traffic to Caddy
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.irc ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/transmission.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/transmission.nix
@ -64,7 +64,7 @@ in
      };
      # Create reverse proxy for web UI
-      caddy.routes =
+      nmasur.presets.services.caddy.routes =
        let
          # Set if the download domain is the same as the Transmission domain
          useDownloadDomain = hostnames.download == hostnames.transmission;
--- a/platforms/nixos/modules/nmasur/presets/services/uptime-kuma.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/uptime-kuma.nix
@ -19,7 +19,7 @@ in
    };
    # Allow web traffic to Caddy
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.status ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/vaultwarden.nix
@ -51,7 +51,7 @@ in
    networking.firewall.allowedTCPPorts = [ 3012 ];
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.secrets ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/victoriametrics.nix
@ -20,7 +20,9 @@ let
      {
        job_name = config.networking.hostName;
        stream_parse = true;
-        static_configs = [ { targets = config.prometheus.scrapeTargets; } ];
+        static_configs = [
          { targets = config.nmasur.presets.services.prometheus-exporters.scrapeTargets; }
        ];
      }
    ];
  };
@ -78,7 +80,7 @@ in
      before = [ "vmauth.service" ];
    };
-    caddy.routes = [
+    nmasur.presets.services.caddy.routes = [
      {
        match = [ { host = [ hostnames.prometheus ]; } ];
        handle = [
--- a/platforms/nixos/modules/nmasur/presets/services/vm-agent.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/vm-agent.nix
@ -20,7 +20,9 @@ let
      {
        job_name = config.networking.hostName;
        stream_parse = true;
-        static_configs = [ { targets = config.prometheus.scrapeTargets; } ];
+        static_configs = [
          { targets = config.nmasur.presets.services.prometheus-exporters.scrapeTargets; }
        ];
      }
    ];
  };
--- a/platforms/nixos/modules/nmasur/presets/zfs.nix
+++ b/platforms/nixos/modules/nmasur/presets/zfs.nix
@ -20,7 +20,7 @@ in
    boot.kernelParams = [ "nohibernate" ]; # ZFS does not work with hibernation
    boot.supportedFilesystems = [ "zfs" ];
    services.prometheus.exporters.zfs.enable = config.prometheus.exporters.enable;
-    prometheus.scrapeTargets = [
+    nmasur.presets.services.prometheus-exporters.scrapeTargets = [
      "127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}"
    ];
--- a/platforms/nixos/modules/nmasur/profiles/aws.nix
+++ b/platforms/nixos/modules/nmasur/profiles/aws.nix
@ -1,20 +0,0 @@
 { config, lib, ... }:
 let
  cfg = config.nmasur.profiles.aws;
 in
 {
  options.nmasur.profiles.aws.enable = lib.mkEnableOption "AWS EC2";
  config = lib.mkIf cfg.enable {
    # AWS settings require this
    permitRootLogin = "prohibit-password";
    # Make sure disk size is large enough
    # https://github.com/nix-community/nixos-generators/issues/150
    amazonImage.sizeMB = 16 * 1024;
  };
 }
--- a/platforms/nixos/modules/nmasur/profiles/nas.nix
+++ b/platforms/nixos/modules/nmasur/profiles/nas.nix
@ -20,7 +20,7 @@ in
        msmtp.enable = lib.mkDefault true;
      };
      services = {
-        arr.enable = lib.mkDefault true;
+        arrs.enable = lib.mkDefault true;
        audiobookshelf.enable = lib.mkDefault true;
        bind.enable = lib.mkDefault true;
        caddy.enable = lib.mkDefault true;