diff --git a/README.md b/README.md index 0cf3286..cd2b8cf 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,3 @@ This is my cobbled together NixOS configuration. There are many like it, but thi - [ ] logging (loki) - [ ] kiosk - [ ] tailscale and headscale -- [ ] game rom sync insomniac -- [ ] insomniac backups -- [ ] nginx websites diff --git a/classes/headless/grafana.nix b/classes/headless/grafana.nix index 7aacaa8..56267f0 100644 --- a/classes/headless/grafana.nix +++ b/classes/headless/grafana.nix @@ -1,11 +1,13 @@ -{config, ...}: let - virtualHostName = "grafana.helveticanonstandard.net"; -in { +{ + config, + lib, + ... +}: { services.grafana = { enable = true; settings.server = { - domain = virtualHostName; + domain = "grafana.pele"; http_port = 9010; http_addr = "127.0.0.1"; root_url = "http://192.168.1.10:8010"; # TODO @@ -21,25 +23,25 @@ in { name = "Prometheus"; type = "prometheus"; access = "proxy"; - url = "http://127.0.0.1:${builtins.toString config.services.prometheus.port}"; + url = "http://127.0.0.1:${toString config.services.prometheus.port}"; } { name = "Loki"; type = "loki"; access = "proxy"; - url = "http://127.0.0.1:${builtins.toString config.services.loki.configuration.server.http_listen_port}"; + url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}"; } ]; }; }; - # services.nginx.virtualHosts.${virtualHostName} = { - # locations."/" = { - # proxyPass = let - # host = config.services.grafana.settings.server.http_addr; - # port = builtins.toString config.services.grafana.settings.server.http_port; - # in "http://${host}:${port}"; - # proxyWebsockets = true; - # }; - # }; + services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = { + locations."/" = { + proxyPass = "http://${lib.formatHostPort { + host = config.services.grafana.settings.server.http_addr; + port = config.services.grafana.settings.server.http_port; + }}"; + proxyWebsockets = true; + }; + }; } diff --git a/classes/headless/prometheus.nix b/classes/headless/prometheus.nix index 53c2130..427c218 100644 --- a/classes/headless/prometheus.nix +++ b/classes/headless/prometheus.nix @@ -1,4 +1,8 @@ -{config, ...}: { +{ + config, + lib, + ... +}: { services.prometheus = { enable = true; port = 3020; @@ -18,9 +22,11 @@ static_configs = [ { targets = let - host = config.services.prometheus.exporters.node.listenAddress; - port = builtins.toString config.services.prometheus.exporters.node.port; - in ["${host}:${port}"]; + target = lib.formatHostPort { + host = config.services.prometheus.exporters.node.listenAddress; + inherit (config.services.prometheus.exporters.node) port; + }; + in [target]; } ]; } diff --git a/classes/headless/tailscale.nix b/classes/headless/tailscale.nix new file mode 100644 index 0000000..fb757c4 --- /dev/null +++ b/classes/headless/tailscale.nix @@ -0,0 +1,12 @@ +{ + services.tailscale = { + enable = true; + openFirewall = true; #TODO + }; + + networking.firewall = { + checkReversePath = "loose"; + trustedInterfaces = ["tailscale0"]; + allowedUDPPorts = [config.services.tailscale.port]; + }; +} diff --git a/classes/kiosk/cosmic.nix b/classes/kiosk/cosmic.nix new file mode 100644 index 0000000..e5455f4 --- /dev/null +++ b/classes/kiosk/cosmic.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: { + imports = [ + inputs.nixos-cosmic.nixosModules.default + ]; + + nix.settings = { + substituters = ["https://cosmic.cachix.org/"]; + trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; + }; + + services = { + desktopManager.cosmic.enable = true; + displayManager.cosmic-greeter.enable = true; + + greetd.settings.initial_session = { + user = config.users.mainUser; + command = '' + ${lib.getExe' pkgs.coreutils "env"} XCURSOR_THEME="''${XCURSOR_THEME:-Pop}" systemd-cat --identifier start-cosmic ${lib.getExe' pkgs.cosmic-session "start-cosmic"} + ''; + }; + }; + + environment.cosmic.excludePackages = [ + pkgs.cosmic-store + ]; +} diff --git a/classes/kiosk/flatpak.nix b/classes/kiosk/flatpak.nix new file mode 100644 index 0000000..f59aa97 --- /dev/null +++ b/classes/kiosk/flatpak.nix @@ -0,0 +1,14 @@ +{inputs, ...}: { + imports = [ + inputs.flatpak.nixosModules.nix-flatpak + ]; + + services.flatpak = { + enable = true; + + update.auto = { + enable = true; + onCalendar = "weekly"; + }; + }; +} diff --git a/classes/kiosk/fonts.nix b/classes/kiosk/fonts.nix new file mode 100644 index 0000000..24ab985 --- /dev/null +++ b/classes/kiosk/fonts.nix @@ -0,0 +1,26 @@ +{pkgs, ...}: { + fonts = { + enableDefaultPackages = true; + packages = [ + pkgs.noto-fonts + pkgs.noto-fonts-extra + pkgs.noto-fonts-cjk-sans + pkgs.noto-fonts-cjk-serif + pkgs.noto-fonts-monochrome-emoji + pkgs.noto-fonts-color-emoji + ]; + + fontconfig = { + enable = true; + + defaultFonts = { + monospace = ["Noto Sans Mono"]; + sansSerif = ["Noto Sans"]; + serif = ["Noto Serif"]; + emoji = ["Noto Color Emoji" "Noto Emoji"]; + }; + }; + + fontDir.enable = true; + }; +} diff --git a/classes/kiosk/gtk.nix b/classes/kiosk/gtk.nix new file mode 100644 index 0000000..34ada01 --- /dev/null +++ b/classes/kiosk/gtk.nix @@ -0,0 +1,5 @@ +{pkgs, ...}: { + xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk]; + + programs.dconf.enable = true; +} diff --git a/classes/kiosk/hardware.nix b/classes/kiosk/hardware.nix new file mode 100644 index 0000000..625fbdd --- /dev/null +++ b/classes/kiosk/hardware.nix @@ -0,0 +1,9 @@ +{ + hardware = { + bluetooth.enable = true; + steam-hardware.enable = true; + xone.enable = true; + xpadneo.enable = true; + graphics.enable = true; + }; +} diff --git a/classes/kiosk/location.nix b/classes/kiosk/location.nix new file mode 100644 index 0000000..474ee00 --- /dev/null +++ b/classes/kiosk/location.nix @@ -0,0 +1,3 @@ +{ + location.provider = "geoclue2"; +} diff --git a/classes/kiosk/networking.nix b/classes/kiosk/networking.nix new file mode 100644 index 0000000..d7cd8c0 --- /dev/null +++ b/classes/kiosk/networking.nix @@ -0,0 +1,10 @@ +{config, ...}: { + services.resolved.enable = true; + + networking.networkmanager = { + enable = true; + dns = "systemd-resolved"; + }; + + users.groups.networkmanager.members = config.users.normalUsers; +} diff --git a/classes/kiosk/pipewire.nix b/classes/kiosk/pipewire.nix new file mode 100644 index 0000000..157b2af --- /dev/null +++ b/classes/kiosk/pipewire.nix @@ -0,0 +1,11 @@ +{ + security.rtkit.enable = true; + + services.pipewire = { + enable = true; + wireplumber.enable = true; + alsa.enable = true; + pulse.enable = true; + jack.enable = true; + }; +} diff --git a/classes/kiosk/xdg.nix b/classes/kiosk/xdg.nix new file mode 100644 index 0000000..a5a81d9 --- /dev/null +++ b/classes/kiosk/xdg.nix @@ -0,0 +1,3 @@ +{ + xdg.portal.xdgOpenUsePortal = true; +} diff --git a/common/command-not-found.nix b/common/cnf.nix similarity index 84% rename from common/command-not-found.nix rename to common/cnf.nix index 5f8fcff..fa415f2 100644 --- a/common/command-not-found.nix +++ b/common/cnf.nix @@ -1,4 +1,3 @@ { - # TODO programs.command-not-found.enable = false; } diff --git a/common/comma.nix b/common/comma.nix deleted file mode 100644 index 05bde3a..0000000 --- a/common/comma.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - programs.nix-index-database.comma.enable = true; -} diff --git a/common/nix-index-database.nix b/common/nix-index-database.nix deleted file mode 100644 index c8b6d0d..0000000 --- a/common/nix-index-database.nix +++ /dev/null @@ -1,5 +0,0 @@ -{inputs, ...}: { - imports = [ - inputs.nix-index-database.nixosModules.nix-index - ]; -} diff --git a/common/nix.nix b/common/nix.nix index fe2be20..f435fe5 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -18,8 +18,6 @@ "flakes" ]; auto-optimise-store = true; - flake-registry = ""; - use-xdg-base-directories = true; }; }; diff --git a/common/tailscale.nix b/common/tailscale.nix deleted file mode 100644 index 12922dd..0000000 --- a/common/tailscale.nix +++ /dev/null @@ -1,14 +0,0 @@ -{config, ...}: { - services.tailscale = { - enable = true; - openFirewall = true; - }; - - networking.firewall = { - trustedInterfaces = [ - config.services.tailscale.interfaceName - ]; - # Required to connect to Tailscale exit nodes - checkReversePath = "loose"; - }; -} diff --git a/flake.lock b/flake.lock index c35d882..ddfe614 100644 --- a/flake.lock +++ b/flake.lock @@ -95,11 +95,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1742659231, - "narHash": "sha256-7bvafmxXeRfoAtWSJeTFmHlCHMte0cZecGE/BvvgyqE=", + "lastModified": 1741348424, + "narHash": "sha256-nPwbJpX8AxmzbgRd2m6KHIbyN1xavq1BaBdJzO/lkW0=", "owner": "cachix", "repo": "devenv", - "rev": "c651cb04013be972767aaecb3e9a98fc930d080e", + "rev": "8f8c96bb1e0c6a59a97592328dc61b9fdbe7474b", "type": "github" }, "original": { @@ -332,11 +332,11 @@ }, "hardware": { "locked": { - "lastModified": 1742631601, - "narHash": "sha256-yJ3OOAmsGAxSl0bTmKUp3+cEYtSS+V6hUPK2rYhIPr8=", + "lastModified": 1741325094, + "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "380ed15bcd6440606c6856db44a99140d422b46f", + "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", "type": "github" }, "original": { @@ -425,11 +425,11 @@ ] }, "locked": { - "lastModified": 1741798497, - "narHash": "sha256-E3j+3MoY8Y96mG1dUIiLFm2tZmNbRvSiyN7CrSKuAVg=", + "lastModified": 1734114420, + "narHash": "sha256-n52PUzub5jZWc8nI/sR7UICOheU8rNA+YZ73YaHeCBg=", "owner": "domenkozar", "repo": "nix", - "rev": "f3f44b2baaf6c4c6e179de8cbb1cc6db031083cd", + "rev": "bde6a1a0d1f2af86caa4d20d23eca019f3d57eee", "type": "github" }, "original": { @@ -439,26 +439,6 @@ "type": "github" } }, - "nix-index-database": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1742701275, - "narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=", - "owner": "nix-community", - "repo": "nix-index-database", - "rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-index-database", - "type": "github" - } - }, "nixos-cosmic": { "inputs": { "flake-compat": "flake-compat_3", @@ -466,11 +446,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1742641703, - "narHash": "sha256-hoN8blvJco8OSZmPj8izwQaQUdydVi+5FO4/nWd1MNU=", + "lastModified": 1741532023, + "narHash": "sha256-wPoRT99r7dMQiXWzDe9v/2OSXOmGOWad/0q9norshvs=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "216557e6cd229dbe7d73a497c227824a3c579cd7", + "rev": "364761eb5ba3f1514446b6a0eb8e8651c5bc4c67", "type": "github" }, "original": { @@ -528,11 +508,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1742512142, - "narHash": "sha256-8XfURTDxOm6+33swQJu/hx6xw1Tznl8vJJN5HwVqckg=", + "lastModified": 1741332913, + "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7105ae3957700a9646cc4b766f5815b23ed0c682", + "rev": "20755fa05115c84be00b04690630cb38f0a203ad", "type": "github" }, "original": { @@ -608,11 +588,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1742422364, - "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=", + "lastModified": 1741379970, + "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc", + "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f", "type": "github" }, "original": { @@ -624,11 +604,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1742578646, - "narHash": "sha256-GiQ40ndXRnmmbDZvuv762vS+gew1uDpFwOfgJ8tLiEs=", + "lastModified": 1741310760, + "narHash": "sha256-aizILFrPgq/W53Jw8i0a1h1GZAAKtlYOrG/A5r46gVM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "94c4dbe77c0740ebba36c173672ca15a7926c993", + "rev": "de0fe301211c267807afd11b12613f5511ff7433", "type": "github" }, "original": { @@ -645,11 +625,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1742730186, - "narHash": "sha256-LSAS036RA4iXtJNBzdiOayHQ3ZUrLlgi//jqwsuqqv4=", + "lastModified": 1741496686, + "narHash": "sha256-dJJ6n2w4OIemUWwfOy3yufKhggE0ncNOklbKgfa8CRY=", "owner": "fossar", "repo": "nix-phps", - "rev": "032d917f90ac19899915bfc528ebf9ae7a58e53f", + "rev": "f40909d5223656db01879d3325a8306883bcc668", "type": "github" }, "original": { @@ -694,7 +674,6 @@ "flatpak": "flatpak", "hardware": "hardware", "lanzaboote": "lanzaboote", - "nix-index-database": "nix-index-database", "nixos-cosmic": "nixos-cosmic", "nixpkgs": [ "nixos-cosmic", diff --git a/flake.nix b/flake.nix index fc35944..305c8e7 100644 --- a/flake.nix +++ b/flake.nix @@ -4,22 +4,18 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; flake-parts.url = "github:hercules-ci/flake-parts"; + hardware.url = "github:NixOS/nixos-hardware"; + agenix.url = "github:ryantm/agenix"; devenv-root = { url = "file+file:///dev/null"; flake = false; }; devenv.url = "github:cachix/devenv"; - hardware.url = "github:NixOS/nixos-hardware"; - agenix.url = "github:ryantm/agenix"; phps.url = "github:fossar/nix-phps"; lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2"; flatpak.url = "github:gmodena/nix-flatpak?ref=latest"; nixpkgs.follows = "nixos-cosmic/nixpkgs"; nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic"; - nix-index-database = { - url = "github:nix-community/nix-index-database"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = { @@ -44,14 +40,13 @@ perSystem = { pkgs, inputs', - lib, ... }: { devenv.shells.default = { devenv.root = let devenvRootFileContent = builtins.readFile inputs.devenv-root.outPath; in - lib.mkIf (devenvRootFileContent != "") devenvRootFileContent; + self.lib.mkIf (devenvRootFileContent != "") devenvRootFileContent; name = "puter"; @@ -64,7 +59,7 @@ ]; }; - packages = lib.packagesFromDirectoryRecursive { + packages = self.lib.packagesFromDirectoryRecursive { inherit (pkgs) callPackage; directory = ./packages; }; diff --git a/hosts/headful/flamingo/libreoffice.nix b/hosts/headful/flamingo/libreoffice.nix deleted file mode 100644 index fd1b44d..0000000 --- a/hosts/headful/flamingo/libreoffice.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "org.libreoffice.LibreOffice" - ]; -} diff --git a/hosts/headful/flamingo/spotify.nix b/hosts/headful/flamingo/spotify.nix deleted file mode 100644 index 79817b7..0000000 --- a/hosts/headful/flamingo/spotify.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "com.spotify.Client" - ]; -} diff --git a/hosts/headful/glacier/gimp.nix b/hosts/headful/glacier/gimp.nix deleted file mode 100644 index 468fc89..0000000 --- a/hosts/headful/glacier/gimp.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "org.gimp.GIMP" - ]; -} diff --git a/hosts/headful/glacier/inkscape.nix b/hosts/headful/glacier/inkscape.nix deleted file mode 100644 index c274256..0000000 --- a/hosts/headful/glacier/inkscape.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "org.inkscape.Inkscape" - ]; -} diff --git a/hosts/headful/glacier/libreoffice.nix b/hosts/headful/glacier/libreoffice.nix deleted file mode 100644 index fd1b44d..0000000 --- a/hosts/headful/glacier/libreoffice.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "org.libreoffice.LibreOffice" - ]; -} diff --git a/hosts/headful/glacier/mpv.nix b/hosts/headful/glacier/mpv.nix deleted file mode 100644 index 24250ff..0000000 --- a/hosts/headful/glacier/mpv.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "io.mpv.Mpv" - ]; -} diff --git a/hosts/headful/glacier/steam.nix b/hosts/headful/glacier/steam.nix index 50a8f9f..e51a6e8 100644 --- a/hosts/headful/glacier/steam.nix +++ b/hosts/headful/glacier/steam.nix @@ -1,6 +1,5 @@ { services.flatpak.packages = [ "com.valvesoftware.Steam" - "com.github.Matoking.protontricks" ]; } diff --git a/hosts/headful/insomniac/cosmic.nix b/hosts/headful/insomniac/cosmic.nix deleted file mode 100644 index 629d9f9..0000000 --- a/hosts/headful/insomniac/cosmic.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - services.greetd.settings.initial_session = { - user = config.users.mainUser; - command = '' - ${lib.getExe' pkgs.coreutils "env"} XCURSOR_THEME="''${XCURSOR_THEME:-Pop}" systemd-cat --identifier start-cosmic ${lib.getExe' pkgs.cosmic-session "start-cosmic"} - ''; - }; - - environment.cosmic.excludePackages = [ - pkgs.cosmic-store - ]; -} diff --git a/hosts/headful/insomniac/flatpak.nix b/hosts/headful/insomniac/flatpak.nix deleted file mode 100644 index 9976199..0000000 --- a/hosts/headful/insomniac/flatpak.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - services.flatpak.update.auto = { - enable = true; - onCalendar = "weekly"; - }; -} diff --git a/hosts/headful/insomniac/spotify.nix b/hosts/headful/insomniac/spotify.nix deleted file mode 100644 index 79817b7..0000000 --- a/hosts/headful/insomniac/spotify.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "com.spotify.Client" - ]; -} diff --git a/hosts/headful/work/spotify.nix b/hosts/headful/work/spotify.nix deleted file mode 100644 index 79817b7..0000000 --- a/hosts/headful/work/spotify.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.flatpak.packages = [ - "com.spotify.Client" - ]; -} diff --git a/hosts/headless/abacus/domains.nix b/hosts/headless/abacus/domains.nix deleted file mode 100644 index 89658b5..0000000 --- a/hosts/headless/abacus/domains.nix +++ /dev/null @@ -1,14 +0,0 @@ -{lib, ...}: let - inherit (lib) types; -in { - options.networking.domains = lib.mkOption { - description = "Domains."; - type = types.attrsOf types.str; - default = {}; - }; - - config.networking.domains = { - wrz = "wrz.one"; - helvetica = "helveticanonstandard.net"; - }; -} diff --git a/hosts/headless/abacus/forgejo.nix b/hosts/headless/abacus/forgejo.nix index c52d7d2..f6fdcc4 100644 --- a/hosts/headless/abacus/forgejo.nix +++ b/hosts/headless/abacus/forgejo.nix @@ -3,7 +3,8 @@ lib, ... }: let - virtualHostName = "tea.wrz.one"; + inherit (config.networking) domain; + virtualHostName = "tea.${domain}"; in { age.secrets = lib.mkSecrets { forgejo-mailer = { @@ -42,8 +43,8 @@ in { mailer = { ENABLED = true; SMTP_ADDR = "smtp.fastmail.com"; - FROM = "tea@wrz.one"; - USER = "lukas@wrz.one"; + FROM = "tea@${domain}"; + USER = "lukas@${domain}"; }; }; secrets.mailer.PASSWD = config.age.secrets.forgejo-mailer.path; @@ -52,7 +53,6 @@ in { systemd.services.forgejo.preStart = let forgejo = lib.getExe config.services.forgejo.package; passwordFile = config.age.secrets.forgejo-admin.path; - # TODO user = "lukas"; email = "lukas@wrz.one"; in '' @@ -78,8 +78,10 @@ in { ''; locations."/".proxyPass = let - host = config.services.forgejo.settings.server.HTTP_ADDR; - port = builtins.toString config.services.forgejo.settings.server.HTTP_PORT; - in "http://${host}:${port}"; + inherit (config.services.forgejo.settings.server) HTTP_ADDR HTTP_PORT; + in "http://${lib.formatHostPort { + host = HTTP_ADDR; + port = HTTP_PORT; + }}"; }; } diff --git a/hosts/headless/abacus/headscale.nix b/hosts/headless/abacus/headscale.nix index 19b0a00..3306e15 100644 --- a/hosts/headless/abacus/headscale.nix +++ b/hosts/headless/abacus/headscale.nix @@ -1,23 +1,9 @@ -# {config, ...}: let -# virtualHostName = ""; -# in { -# services.headscale = { -# enable = true; -# address = "127.0.0.1"; -# port = 8070; -# server_url = "https://${virtualHostName}"; -# settings = { -# logtail.enabled = false; -# }; -# }; -# -# services.nginx.virtualHosts.${virtualHostName} = { -# forceSSL = true; -# enableACME = true; -# locations."/" = { -# proxyPass = "http://localhost:${toString config.services.headscale.port}"; -# proxyWebsockets = true; -# }; -# }; -# } -{} +{ + services.headscale = { + enable = true; + address = "127.0.0.1"; + port = 3122; # TODO + settings = { + }; + }; +} diff --git a/hosts/headless/abacus/microbin.nix b/hosts/headless/abacus/microbin.nix index d6274ff..b5cdc48 100644 --- a/hosts/headless/abacus/microbin.nix +++ b/hosts/headless/abacus/microbin.nix @@ -1,4 +1,3 @@ -# TODO: use another service for this { config, lib, @@ -42,9 +41,9 @@ in { enableACME = true; forceSSL = true; - locations."/".proxyPass = let + locations."/".proxyPass = "http://${lib.formatHostPort { host = config.services.microbin.settings.MICROBIN_BIND; - port = builtins.toString config.services.microbin.settings.MICROBIN_PORT; - in "http://${host}:${port}"; + port = config.services.microbin.settings.MICROBIN_PORT; + }}"; }; } diff --git a/hosts/headless/abacus/miniflux.nix b/hosts/headless/abacus/miniflux.nix index 6534c59..2e7788a 100644 --- a/hosts/headless/abacus/miniflux.nix +++ b/hosts/headless/abacus/miniflux.nix @@ -1,4 +1,3 @@ -# TODO: is this bloat { config, lib, diff --git a/hosts/headless/abacus/navidrome.nix b/hosts/headless/abacus/navidrome.nix index 6c4b1e5..1c3f35f 100644 --- a/hosts/headless/abacus/navidrome.nix +++ b/hosts/headless/abacus/navidrome.nix @@ -1,5 +1,10 @@ -{config, ...}: let - virtualHostName = "navidrome.helveticanonstandard.net"; +{ + config, + lib, + ... +}: let + inherit (config.networking) domain; + virtualHostName = "navi.${domain}"; in { services.navidrome = { enable = true; @@ -14,9 +19,9 @@ in { enableACME = true; forceSSL = true; - locations."/".proxyPass = let + locations."/".proxyPass = "http://${lib.formatHostPort { host = config.services.navidrome.settings.Address; - port = builtins.toString config.services.navidrome.settings.Port; - in "http://${host}:${port}"; + port = config.services.navidrome.settings.Port; + }}"; }; } diff --git a/hosts/headless/abacus/nginx.nix b/hosts/headless/abacus/nginx.nix index d4a8656..dd9bc60 100644 --- a/hosts/headless/abacus/nginx.nix +++ b/hosts/headless/abacus/nginx.nix @@ -1,4 +1,4 @@ -{ +{config, ...}: { services.nginx = { enable = true; @@ -12,19 +12,11 @@ access_log /var/log/nginx/access.log; ''; - virtualHosts = let - matchAll = ''~.*''; - matchWww = ''~^www\.(?.+)$''; - in { - # Redirect anything that doesn't match any server name to networking.domain - ${matchAll} = { - default = true; - rejectSSL = true; + virtualHosts."~.*" = { + default = true; + rejectSSL = true; - globalRedirect = "wrz.one"; - }; - # Redirect www to non-www - ${matchWww}.globalRedirect = "$domain"; + globalRedirect = config.networking.domain; }; }; } diff --git a/hosts/headless/abacus/static-sites.nix b/hosts/headless/abacus/static.nix similarity index 83% rename from hosts/headless/abacus/static-sites.nix rename to hosts/headless/abacus/static.nix index 4e0deda..cd5ae05 100644 --- a/hosts/headless/abacus/static-sites.nix +++ b/hosts/headless/abacus/static.nix @@ -3,14 +3,14 @@ lib, ... }: let + inherit (config.networking) domain; parent = "/var/www"; sites = [ - "wrz.one" - "helveticanonstandard.net" + domain + "log.${domain}" ]; in - lib.mkMerge ( - map ( + lib.mkMerge (map ( virtualHostName: let root = "${parent}/${virtualHostName}"; in { @@ -28,5 +28,4 @@ in }; } ) - sites - ) + sites) diff --git a/hosts/headless/abacus/vaultwarden.nix b/hosts/headless/abacus/vaultwarden.nix index bd3bf96..a58e7a1 100644 --- a/hosts/headless/abacus/vaultwarden.nix +++ b/hosts/headless/abacus/vaultwarden.nix @@ -3,7 +3,8 @@ lib, ... }: let - virtualHostName = "vault.wrz.one"; + inherit (config.networking) domain; + virtualHostName = "vault.${domain}"; backupDir = "/srv/backup/vaultwarden"; in { age.secrets = lib.mkSecrets {vaultwarden = {};}; @@ -37,10 +38,10 @@ in { forceSSL = true; locations."/" = { - proxyPass = let + proxyPass = "http://${lib.formatHostPort { host = config.services.vaultwarden.config.ROCKET_ADDRESS; - port = builtins.toString config.services.vaultwarden.config.ROCKET_PORT; - in "http://${host}:${port}"; + port = config.services.vaultwarden.config.ROCKET_PORT; + }}"; proxyWebsockets = true; }; }; diff --git a/hosts/headless/vessel/syncthing.nix b/hosts/headless/vessel/syncthing.nix index b184a4b..f430f0d 100644 --- a/hosts/headless/vessel/syncthing.nix +++ b/hosts/headless/vessel/syncthing.nix @@ -1,15 +1,14 @@ -# TODO: unify syncthing.nix files -let +{lib, ...}: let guiPort = 8384; in { services.syncthing = { enable = true; systemService = true; openDefaultPorts = true; - guiAddress = let + guiAddress = lib.formatHostPort { host = "0.0.0.0"; - port = builtins.toString guiPort; - in "${host}:${port}"; + port = guiPort; + }; }; networking.firewall.allowedTCPPorts = [guiPort]; diff --git a/hosts/headful/insomniac/dolphin.nix b/hosts/kiosk/insomniac/dolphin.nix similarity index 100% rename from hosts/headful/insomniac/dolphin.nix rename to hosts/kiosk/insomniac/dolphin.nix diff --git a/hosts/headful/insomniac/filesystems.nix b/hosts/kiosk/insomniac/filesystems.nix similarity index 100% rename from hosts/headful/insomniac/filesystems.nix rename to hosts/kiosk/insomniac/filesystems.nix diff --git a/hosts/headful/insomniac/freetube.nix b/hosts/kiosk/insomniac/freetube.nix similarity index 100% rename from hosts/headful/insomniac/freetube.nix rename to hosts/kiosk/insomniac/freetube.nix diff --git a/hosts/headful/insomniac/hardware.nix b/hosts/kiosk/insomniac/hardware.nix similarity index 100% rename from hosts/headful/insomniac/hardware.nix rename to hosts/kiosk/insomniac/hardware.nix diff --git a/hosts/headful/flamingo/mpv.nix b/hosts/kiosk/insomniac/librewolf.nix similarity index 53% rename from hosts/headful/flamingo/mpv.nix rename to hosts/kiosk/insomniac/librewolf.nix index 24250ff..229aa0a 100644 --- a/hosts/headful/flamingo/mpv.nix +++ b/hosts/kiosk/insomniac/librewolf.nix @@ -1,5 +1,5 @@ { services.flatpak.packages = [ - "io.mpv.Mpv" + "io.gitlab.librewolf-community" ]; } diff --git a/hosts/headful/insomniac/rmg.nix b/hosts/kiosk/insomniac/rmg.nix similarity index 100% rename from hosts/headful/insomniac/rmg.nix rename to hosts/kiosk/insomniac/rmg.nix diff --git a/hosts/headful/insomniac/steam.nix b/hosts/kiosk/insomniac/steam.nix similarity index 100% rename from hosts/headful/insomniac/steam.nix rename to hosts/kiosk/insomniac/steam.nix diff --git a/hosts/headful/insomniac/system.nix b/hosts/kiosk/insomniac/system.nix similarity index 100% rename from hosts/headful/insomniac/system.nix rename to hosts/kiosk/insomniac/system.nix diff --git a/hosts/headful/insomniac/users.nix b/hosts/kiosk/insomniac/users.nix similarity index 100% rename from hosts/headful/insomniac/users.nix rename to hosts/kiosk/insomniac/users.nix diff --git a/lib.nix b/lib.nix index c9acc8a..9374f57 100644 --- a/lib.nix +++ b/lib.nix @@ -15,6 +15,11 @@ lib: _: { (lib.mkIf (!condition) falseContent) ]; + formatHostPort = { + host, + port, + }: "${host}:${builtins.toString port}"; + mkSecrets = secrets: let mkSecret = { name,