kiri/lux-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit

Browse Source
This commit is contained in:
kiri
2026-02-28 19:41:14 +01:00
parent 0c81f68a63
commit 5f34d32807
53 changed files with 1303 additions and 1386 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
modules/services/actual.nix Normal file
View File

@@ -0,0 +1,26 @@
{ den, ... }:
{
lux.services._.actual = den.lib.exactly {
includes = [
(
{ host, ... }:
{
nixos =
{ config, ... }:
{
services.actual = {
enable = true;
openFirewall = false;
settings = {
port = 3000;
hostname = "127.0.0.1";
};
};
services.caddy.virtualHosts."finance.${host.domain}".extraConfig =
"reverse_proxy :${toString config.services.actual.settings.port}";
};
}
)
];
};
}

19
modules/services/caddy.nix Normal file
View File

@@ -0,0 +1,19 @@
{ den, lib, ... }:
{
lux.services._.caddy = den.lib.parametric {
includes = [
(
{ host, ... }:
{
nixos = {
services.caddy = {
enable = true;
email = "mail@jelles.net";
openFirewall = true;
};
};
}
)
];
};
}

40
modules/services/gitea.nix Normal file
View File

@@ -0,0 +1,40 @@
{ den, ... }:
{
lux.services._.gitea = den.lib.parametric {
includes = [
(
den.lib.take.exactly({ host }:
{
nixos =
{ config, ... }:
{
services.gitea = {
enable = true;
settings = {
server = {
DOMAIN = "git.${host.domain}";
ROOT_URL = "https://git.${host.domain}/";
HTTP_PORT = 3001;
HTTP_ADDR = "127.0.0.1";
START_SSH_SERVER = false;
SSH_PORT = 22;
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
services.openssh.settings.AllowUsers = [ "git" ];
services.caddy.virtualHosts."git.${host.domain}".extraConfig =
"reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}";
};
}
))
];
};
}

21
modules/services/openssh.nix Normal file
View File

@@ -0,0 +1,21 @@
{ den, lib, ... }:
{
lux.services._.openssh = den.lib.parametric.exactly {
includes = [
(
{ host }:
{
nixos.services.openssh.settings.nixos.services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
AllowUsers = lib.attrNames host.users;
};
};
}
)
];
};
}

37
modules/services/radicale.nix Normal file
View File

@@ -0,0 +1,37 @@
{ den, ... }:
{
lux.services._.radicale = den.lib.exactly {
includes = [
(
{ host, ... }:
{
nixos =
{ config, ... }:
{
services.radicale = {
enable = true;
settings = {
server.hosts = [ "127.0.0.1:5232" ];
auth = {
type = "htpasswd";
htpasswd_filename = config.sops.secrets.radicale-users.path;
htpasswd_encryption = "bcrypt";
};
storage.filesystem_folder = "/var/lib/radicale/collections";
};
};
services.caddy.virtualHosts."radicale.${host.domain}".extraConfig = ''
reverse_proxy :5232 {
header_up X-Script-Name /
header_up X-Forwarded-For {remote}
header_up X-Remote-User {http.auth.user.id}
}'';
};
}
)
];
};
}

29
modules/services/vaultwarden.nix Normal file
View File

@@ -0,0 +1,29 @@
{ den, ... }:
{
lux.services._.vaultwarden = den.lib.parametric.exactly {
includes = [
(
{ host }:
{
nixos =
{ config, ... }:
{
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
config = {
DOMAIN = "https://vault.${host.domain}";
SIGNUPS_ALLOWED = false;
ROCKET_PORT = 8100;
ROCKET_LOG = "critical";
};
};
services.caddy.virtualHosts."vault.${host.domain}".extraConfig =
"reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
}
)
];
};
}