kiri/lux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: centralize host and user metadata

Browse Source
This commit is contained in:
Jelle Spreeuwenberg
2026-04-21 12:12:43 +02:00
parent 5cfd4d01c8
commit 6332c96d3e
33 changed files with 805 additions and 479 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/features/services/actual.nix
+20 -12
View File
@@ -1,17 +1,25 @@
{ config, ... }:
let
metaLib = config.meta.lib;
in
{
flake.modules.nixos.actual =
{ config, ... }:
{
services.actual = {
enable = true;
openFirewall = false;
settings = {
port = 3000;
hostname = "127.0.0.1";
{ lib, ... }:
lib.mkMerge [
{
services.actual = {
enable = true;
openFirewall = false;
settings = {
port = 3000;
hostname = "127.0.0.1";
};
};
};
}
services.caddy.virtualHosts."finance.jelles.net".extraConfig =
"reverse_proxy :${toString config.services.actual.settings.port}";
};
(metaLib.mkCaddyReverseProxy {
domain = "finance.jelles.net";
port = 3000;
})
];
}
modules/features/services/deluge.nix
+2 -2
View File
@@ -1,5 +1,5 @@
{
flake.modules.nixos.delugeService =
flake.modules.nixos."deluge-service" =
{ ... }:
{
sops.secrets.deluge-auth-file = { };
@@ -10,7 +10,7 @@
};
};
flake.modules.homeManager.delugeClient =
flake.modules.homeManager."deluge-client" =
{ pkgs, ... }:
{
home.packages = [ pkgs.deluge ];
modules/features/services/gitea.nix
+29 -19
View File
@@ -1,28 +1,38 @@
{ config, ... }:
let
metaLib = config.meta.lib;
in
{
flake.modules.nixos.gitea =
{ config, ... }:
{
services.gitea = {
enable = true;
{ lib, ... }:
lib.mkMerge [
{
services.gitea = {
enable = true;
settings = {
server = {
DOMAIN = "git.jelles.net";
ROOT_URL = "https://git.jelles.net/";
HTTP_PORT = 3001;
HTTP_ADDR = "127.0.0.1";
settings = {
server = {
DOMAIN = "git.jelles.net";
ROOT_URL = "https://git.jelles.net/";
HTTP_PORT = 3001;
HTTP_ADDR = "127.0.0.1";
START_SSH_SERVER = false;
SSH_PORT = 22;
START_SSH_SERVER = false;
SSH_PORT = 22;
};
service.DISABLE_REGISTRATION = true;
};
service.DISABLE_REGISTRATION = true;
};
};
}
services.openssh.settings.AllowUsers = [ "gitea" ];
{
services.openssh.settings.AllowUsers = [ "gitea" ];
}
services.caddy.virtualHosts."git.jelles.net".extraConfig =
"reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}";
};
(metaLib.mkCaddyReverseProxy {
domain = "git.jelles.net";
port = 3001;
})
];
}
modules/features/services/openssh.nix
+9 -6
View File
@@ -1,17 +1,20 @@
{ ... }:
{
flake.modules.nixos."ssh-agent-auth" = {
security.pam = {
sshAgentAuth.enable = true;
services.sudo.sshAgentAuth = true;
};
};
flake.modules.nixos.openssh =
{
config,
hostType ? "desktop",
lib,
...
}:
let
isServer = hostType == "server";
hostUserNames = builtins.attrNames (
lib.filterAttrs (_: user: user.isNormalUser or false) config.users.users
);
isServer = config.meta.host.kind == "server";
hostUserNames = builtins.attrNames config.meta.host.users;
in
{
services.openssh = {
modules/features/services/radicale.nix
+38 -20
View File
@@ -1,27 +1,45 @@
{ config, ... }:
let
metaLib = config.meta.lib;
in
{
flake.modules.nixos.radicale =
{ ... }:
{
services.radicale = {
enable = true;
settings = {
server.hosts = [ "127.0.0.1:5232" ];
{ lib, ... }:
lib.mkMerge [
{
services.radicale = {
enable = true;
settings = {
server.hosts = [ "127.0.0.1:5232" ];
auth = {
type = "htpasswd";
htpasswd_filename = "/var/lib/radicale/users";
htpasswd_encryption = "bcrypt";
auth = {
type = "htpasswd";
htpasswd_filename = "/var/lib/radicale/users";
htpasswd_encryption = "bcrypt";
};
storage.filesystem_folder = "/var/lib/radicale/collections";
};
storage.filesystem_folder = "/var/lib/radicale/collections";
};
};
}
services.caddy.virtualHosts."radicale.jelles.net".extraConfig = ''
reverse_proxy :5232 {
header_up X-Script-Name /
header_up X-Forwarded-For {remote}
header_up X-Remote-User {http.auth.user.id}
}'';
};
(metaLib.mkCaddyReverseProxy {
domain = "radicale.jelles.net";
port = 5232;
extraHeaders = [
{
name = "X-Script-Name";
value = "/";
}
{
name = "X-Forwarded-For";
value = "{remote}";
}
{
name = "X-Remote-User";
value = "{http.auth.user.id}";
}
];
})
];
}
modules/features/services/vaultwarden.nix
+22 -14
View File
@@ -1,19 +1,27 @@
{ config, ... }:
let
metaLib = config.meta.lib;
in
{
flake.modules.nixos.vaultwarden =
{ config, ... }:
{
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
config = {
DOMAIN = "https://vault.jelles.net";
SIGNUPS_ALLOWED = false;
ROCKET_PORT = 8100;
ROCKET_LOG = "critical";
{ lib, ... }:
lib.mkMerge [
{
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
config = {
DOMAIN = "https://vault.jelles.net";
SIGNUPS_ALLOWED = false;
ROCKET_PORT = 8100;
ROCKET_LOG = "critical";
};
};
};
}
services.caddy.virtualHosts."vault.jelles.net".extraConfig =
"reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
(metaLib.mkCaddyReverseProxy {
domain = "vault.jelles.net";
port = 8100;
})
];
}