diff --git a/modules/homelab/.default.nix.template.nix b/modules/homelab/.default.nix.template.nix new file mode 100644 index 0000000..db34b5f --- /dev/null +++ b/modules/homelab/.default.nix.template.nix @@ -0,0 +1,127 @@ +{ + pkgs, + config, + lib, + ... +}: + +let + service = ""; + cfg = config.modules.services.${service}; + sec = config.sops.secrets; + homelab = config.modules.homelab; +in +{ + options.modules.services.${service} = { + enable = lib.mkEnableOption "enables ${service}"; + + # set port options + port = lib.mkOption { + type = lib.types.int; + default = ; + description = "set port for ${service} (default: ${toString cfg.port}"; + }; + url = lib.mkOption { + type = lib.types.str; + default = "${service}.${homelab.base_domain}"; + description = "set domain for ${service}"; + }; + data_dir = lib.mkOption { + type = lib.types.str; + default = "/var/lib/${service}"; + description = "set data directory for ${service}"; + }; + ids = lib.mkOption { + type = lib.types.int; + default = cfg.port; + description = "set uid and pid of ${service} user (matches port by default)"; + }; + backup = lib.mkOption { + type = lib.types.bool; + default = true; + description = "enable backups for ${service}"; + }; + }; + + config = lib.mkIf cfg.enable { + + # declare ${service} group + users.groups.${service} = { + gid = lib.mkForce cfg.ids; + }; + + # declare ${service} user + users.users.${service} = { + description = "${service} server user"; + uid = lib.mkForce cfg.ids; + isSystemUser = true; + home = cfg.data_dir; + createHome = true; + group = service; + extraGroups = [ "media" ]; + }; + + # enable the ${service} service + services.${service} = { + enable = true; + openFirewall = true; + user = service; + group = service; + dataDir = cfg.data_dir; + settings = { + server.port = cfg.port; + }; + }; + + # override umask to make permissions work out + systemd.services.${service}.serviceConfig = { + UMask = lib.mkForce "0007"; + # User = service; + # Group = service; + }; + + # # open firewall + # networking.firewall.allowedTCPPorts = [ cfg.port ]; + + # add to caddy for reverse proxy + services.caddy.virtualHosts."${cfg.url}" = { + serverAliases = [ "${service}.${homelab.public_domain}" ]; + extraConfig = '' + tls /etc/ssl/blakedheld.xyz.crt /etc/ssl/blakedheld.xyz.key + reverse_proxy 127.0.0.1:${toString cfg.port} + ''; + }; + + #--------------------------------------------------------------------------- + # # add to glance (public service) + # modules.services.glance.links. = [{ + # title = service; + # url = "https://${service}.${homelab.public_domain}"; + # error-url = "http://${homelab.host_ip}:${toString cfg.port}"; + # check-url = "http://${homelab.host_ip}:${toString cfg.port}"; + # icon = "di:${service}"; }]; + #--------------------------------------------------------------------------- + # # add to glance (local service) + # modules.services.glance.links. = [{ + # title = service; + # url = "https://${cfg.url}"; + # error-url = "http://${homelab.host_ip}:${toString cfg.port}"; + # check-url = "http://${homelab.host_ip}:${toString cfg.port}"; + # icon = "di:${service}"; }]; + #--------------------------------------------------------------------------- + # + # sops.secrets = { + # "${service}_" = { + # owner = ; + # group = ; + # }; + # }; + + # add to backups + modules.system.backups.baks = { + ${service} = { + paths = [ cfg.data_dir ]; + }; + }; + }; +} diff --git a/modules/homelab/glance/default.nix b/modules/homelab/glance/default.nix index 01e3174..52ee0ce 100644 --- a/modules/homelab/glance/default.nix +++ b/modules/homelab/glance/default.nix @@ -172,7 +172,7 @@ in { type = "search"; autofocus = true; - search-engine = "https://www.ecosia.org/search?q={QUERY}"; + search-engine = "https://duckduckgo.com/?q={QUERY}"; new-tab = true; bangs = [ {