kiri/lux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: restructure config files

Browse Source
This commit is contained in:
Jelle Spreeuwenberg
2026-04-27 15:59:20 +02:00
parent bac6e4997b
commit 0b2ecd31b0
58 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/capabilities/services/actual.nix
+29
View File
@@ -0,0 +1,29 @@
{ config, ... }:
let
repo = config.repo;
repoHelpers = repo.helpers;
service = repo.services.actual;
in
{
flake.modules.nixos.actual =
{ lib, ... }:
lib.mkMerge [
{
services.actual = {
enable = true;
openFirewall = false;
settings = {
inherit (service) port;
hostname = service.host;
};
};
}
(repoHelpers.mkCaddyReverseProxy {
inherit (service)
domain
port
;
})
];
}
modules/capabilities/services/caddy.nix
+13
View File
@@ -0,0 +1,13 @@
{ config, ... }:
let
repo = config.repo;
in
{
flake.modules.nixos.caddy = {
services.caddy = {
enable = true;
email = repo.account.primaryEmail.address;
openFirewall = true;
};
};
}
modules/capabilities/services/gitea.nix
+42
View File
@@ -0,0 +1,42 @@
{ config, ... }:
let
repo = config.repo;
repoHelpers = repo.helpers;
service = repo.services.gitea;
in
{
flake.modules.nixos.gitea =
{ lib, ... }:
lib.mkMerge [
{
services.gitea = {
enable = true;
settings = {
server = {
DOMAIN = service.domain;
ROOT_URL = service.url;
HTTP_PORT = service.port;
HTTP_ADDR = service.host;
START_SSH_SERVER = false;
SSH_PORT = 22;
};
service.DISABLE_REGISTRATION = true;
};
};
}
{
services.openssh.settings.AllowUsers = [ "gitea" ];
}
(repoHelpers.mkCaddyReverseProxy {
inherit (service)
domain
port
;
})
];
}
modules/capabilities/services/openssh.nix
+34
View File
@@ -0,0 +1,34 @@
{ config, lib, ... }:
let
account = config.repo.account;
personalPublicKeys =
machines:
map (machine: machine.sshKeys.personal.publicKey) (
lib.filter (machine: machine.sshKeys ? personal) (builtins.attrValues machines)
);
in
{
flake.modules.nixos.ssh-agent-auth = {
security.pam = {
rssh.enable = true;
services.sudo.rssh = true;
};
};
flake.modules.nixos.openssh =
{ ... }:
{
services.openssh.openFirewall = true;
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
AllowUsers = [ account.name ];
};
};
users.users.${account.name}.openssh.authorizedKeys.keys = personalPublicKeys config.repo.machines;
};
}
modules/capabilities/services/radicale.nix
+49
View File
@@ -0,0 +1,49 @@
{ config, ... }:
let
repo = config.repo;
repoHelpers = repo.helpers;
service = repo.services.radicale;
in
{
flake.modules.nixos.radicale =
{ lib, ... }:
lib.mkMerge [
{
services.radicale = {
enable = true;
settings = {
server.hosts = [ "${service.host}:${toString service.port}" ];
auth = {
type = "htpasswd";
htpasswd_filename = "/var/lib/radicale/users";
htpasswd_encryption = "bcrypt";
};
storage.filesystem_folder = "/var/lib/radicale/collections";
};
};
}
(repoHelpers.mkCaddyReverseProxy {
inherit (service)
domain
port
;
extraHeaders = [
{
name = "X-Script-Name";
value = "/";
}
{
name = "X-Forwarded-For";
value = "{remote}";
}
{
name = "X-Remote-User";
value = "{http.auth.user.id}";
}
];
})
];
}
modules/capabilities/services/vaultwarden.nix
+31
View File
@@ -0,0 +1,31 @@
{ config, ... }:
let
repo = config.repo;
repoHelpers = repo.helpers;
service = repo.services.vaultwarden;
in
{
flake.modules.nixos.vaultwarden =
{ lib, ... }:
lib.mkMerge [
{
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
config = {
DOMAIN = service.url;
SIGNUPS_ALLOWED = false;
ROCKET_PORT = service.port;
ROCKET_LOG = "critical";
};
};
}
(repoHelpers.mkCaddyReverseProxy {
inherit (service)
domain
port
;
})
];
}