From 962f44f05ee665634d0e22c675c95d9953dc3c2c Mon Sep 17 00:00:00 2001 From: blake Date: Mon, 13 Oct 2025 22:18:10 -0500 Subject: [PATCH] FUCK YOU MODULES HOMELAB RULES --- hosts/snowbelle/configuration.nix | 84 ++++++------ modules/homelab/arr/bazarr/default.nix | 10 +- modules/homelab/arr/flaresolverr/default.nix | 6 +- modules/homelab/arr/prowlarr/default.nix | 10 +- modules/homelab/arr/radarr/default.nix | 10 +- modules/homelab/arr/sonarr/default.nix | 10 +- modules/homelab/audiobookshelf/default.nix | 10 +- modules/homelab/caddy/default.nix | 8 +- modules/homelab/default.nix | 4 +- modules/homelab/fileshare/nfs/default.nix | 4 +- modules/homelab/fileshare/smb/default.nix | 4 +- modules/homelab/fileshare/zfs/default.nix | 4 +- modules/homelab/gitea/default.nix | 10 +- modules/homelab/glance/default.nix | 12 +- .../homelab/home/homeassistant/default.nix | 10 +- modules/homelab/home/mosquitto/default.nix | 8 +- modules/homelab/home/zigbee2mqtt/default.nix | 10 +- modules/homelab/immich/default.nix | 10 +- modules/homelab/jellyfin/default.nix | 10 +- modules/homelab/minecraft_recpro/default.nix | 29 +--- modules/homelab/qbittorrent/default.nix | 10 +- .../services/.default.nix.template.nix | 127 ------------------ .../services/.unused/nginx-proxy/default.nix | 92 ------------- modules/homelab/services/default.nix | 13 -- modules/homelab/uptime-kuma/default.nix | 10 +- modules/homelab/vaultwarden/default.nix | 10 +- modules/homelab/yacreader/default.nix | 10 +- modules/system/backups.nix | 4 +- modules/system/backups.nix.bak | 102 -------------- modules/system/docker.nix | 4 +- modules/system/nvidia.nix | 4 +- modules/system/podman.nix | 4 +- modules/system/sops.nix | 4 +- modules/system/ssh.nix | 4 +- modules/system/syncthing.nix | 19 +-- modules/system/tailscale.nix | 4 +- modules/system/vpn-confinement.nix | 4 +- modules/system/vpns.nix | 4 +- 38 files changed, 157 insertions(+), 535 deletions(-) delete mode 100644 modules/homelab/services/.default.nix.template.nix delete mode 100644 modules/homelab/services/.unused/nginx-proxy/default.nix delete mode 100644 modules/homelab/services/default.nix delete mode 100644 modules/system/backups.nix.bak diff --git a/hosts/snowbelle/configuration.nix b/hosts/snowbelle/configuration.nix index 4d414fa..203a314 100644 --- a/hosts/snowbelle/configuration.nix +++ b/hosts/snowbelle/configuration.nix @@ -14,46 +14,44 @@ in ../../modules/homelab/minecraft_recpro ]; - modules = { - system = { - ssh.enable = true; - backups.enable = true; - backups.repo = "/holocron/backups"; - sops.enable = true; - podman.enable = true; - syncthing.enable = true; - tailscale.enable = true; - nvidia.enable = true; - }; - fileshare = { - zfs.enable = true; - smb.enable = true; - nfs.enable = true; - }; - homelab.enable = true; - services = { - gitea.enable = true; - glance.enable = true; - immich.enable = true; - hass.enable = true; - jellyfin.enable = true; - audiobookshelf.enable = true; - yacreader.enable = true; - qbittorrent.enable = true; - sonarr.enable = true; - radarr.enable = true; - bazarr.enable = true; - prowlarr.enable = true; - flaresolverr.enable = true; - zigbee2mqtt.enable = true; - mosquitto.enable = true; - caddy.enable = true; - uptime-kuma.enable = true; - vaultwarden.enable = true; - }; - gameservers = { - minecraft_recpro.enable = true; - }; + system = { + ssh.enable = true; + backups.enable = true; + backups.repo = "/holocron/backups"; + sops.enable = true; + podman.enable = true; + syncthing.enable = true; + tailscale.enable = true; + nvidia.enable = true; + }; + fileshare = { + zfs.enable = true; + smb.enable = true; + nfs.enable = true; + }; + homelab = { + enable = true; + gitea.enable = true; + glance.enable = true; + immich.enable = true; + hass.enable = true; + jellyfin.enable = true; + audiobookshelf.enable = true; + yacreader.enable = true; + qbittorrent.enable = true; + sonarr.enable = true; + radarr.enable = true; + bazarr.enable = true; + prowlarr.enable = true; + flaresolverr.enable = true; + zigbee2mqtt.enable = true; + mosquitto.enable = true; + caddy.enable = true; + uptime-kuma.enable = true; + vaultwarden.enable = true; + }; + gameservers = { + minecraft_recpro.enable = true; }; # configure users & groups @@ -129,12 +127,6 @@ in # allow proprietary packages nixpkgs.config.allowUnfree = true; - # ld fix - programs.nix-ld.enable = true; - programs.nix-ld.libraries = with pkgs; [ - # Add any missing dynamic libraries for unpackaged - # programs here, NOT in environment.systemPackages - ]; # enable flakes nix.settings.experimental-features = [ "nix-command" "flakes" ]; diff --git a/modules/homelab/arr/bazarr/default.nix b/modules/homelab/arr/bazarr/default.nix index 154567d..1591d51 100644 --- a/modules/homelab/arr/bazarr/default.nix +++ b/modules/homelab/arr/bazarr/default.nix @@ -2,12 +2,12 @@ let service = "bazarr"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -80,7 +80,7 @@ in }; # add to glance - modules.services.glance.links.mediastack = [{ + homelab.glance.links.mediastack = [{ title = service; url = "https://${cfg.url}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -88,7 +88,7 @@ in icon = "di:${service}"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/arr/flaresolverr/default.nix b/modules/homelab/arr/flaresolverr/default.nix index 53f49c3..4c60c73 100644 --- a/modules/homelab/arr/flaresolverr/default.nix +++ b/modules/homelab/arr/flaresolverr/default.nix @@ -2,12 +2,12 @@ let service = "flaresolverr"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options diff --git a/modules/homelab/arr/prowlarr/default.nix b/modules/homelab/arr/prowlarr/default.nix index c2f0bfc..7dfc0ec 100644 --- a/modules/homelab/arr/prowlarr/default.nix +++ b/modules/homelab/arr/prowlarr/default.nix @@ -2,12 +2,12 @@ let service = "prowlarr"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -82,7 +82,7 @@ in }; # add to glance - modules.services.glance.links.mediastack = [{ + homelab.glance.links.mediastack = [{ title = service; url = "https://${cfg.url}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -90,7 +90,7 @@ in icon = "di:${service}"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/arr/radarr/default.nix b/modules/homelab/arr/radarr/default.nix index 5b96e51..7b43633 100644 --- a/modules/homelab/arr/radarr/default.nix +++ b/modules/homelab/arr/radarr/default.nix @@ -2,12 +2,12 @@ let service = "radarr"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -85,7 +85,7 @@ in }; # add to glance - modules.services.glance.links.mediastack = [{ + homelab.glance.links.mediastack = [{ title = service; url = "https://${cfg.url}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -93,7 +93,7 @@ in icon = "di:${service}"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/arr/sonarr/default.nix b/modules/homelab/arr/sonarr/default.nix index 66883a8..5651ef7 100644 --- a/modules/homelab/arr/sonarr/default.nix +++ b/modules/homelab/arr/sonarr/default.nix @@ -2,12 +2,12 @@ let service = "sonarr"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -83,7 +83,7 @@ in }; # add to glance - modules.services.glance.links.mediastack = [{ + homelab.glance.links.mediastack = [{ title = service; url = "https://${cfg.url}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -91,7 +91,7 @@ in icon = "di:${service}"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/audiobookshelf/default.nix b/modules/homelab/audiobookshelf/default.nix index fdb6011..30ff8dc 100644 --- a/modules/homelab/audiobookshelf/default.nix +++ b/modules/homelab/audiobookshelf/default.nix @@ -2,12 +2,12 @@ let service = "audiobookshelf"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -86,7 +86,7 @@ in }; # add to glance public service - modules.services.glance.links.mediastack = [{ + homelab.glance.links.mediastack = [{ title = service; url = "https://abs.${homelab.public_domain}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -94,7 +94,7 @@ in icon = "di:${service}"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/caddy/default.nix b/modules/homelab/caddy/default.nix index c0287b4..2f1a20a 100644 --- a/modules/homelab/caddy/default.nix +++ b/modules/homelab/caddy/default.nix @@ -2,12 +2,12 @@ let service = "caddy"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -91,7 +91,7 @@ in # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/default.nix b/modules/homelab/default.nix index ac8a9aa..96827dc 100644 --- a/modules/homelab/default.nix +++ b/modules/homelab/default.nix @@ -2,10 +2,10 @@ let - cfg = config.modules.homelab; + cfg = config.homelab; in { - options.modules.homelab = { + options.homelab = { enable = lib.mkEnableOption "enable homelab services and configuration"; media_user = lib.mkOption { default = "media"; diff --git a/modules/homelab/fileshare/nfs/default.nix b/modules/homelab/fileshare/nfs/default.nix index 268b79d..75f2cdf 100644 --- a/modules/homelab/fileshare/nfs/default.nix +++ b/modules/homelab/fileshare/nfs/default.nix @@ -6,13 +6,13 @@ }: # define nfs exports let - cfg = config.modules.fileshare.nfs; + cfg = config.fileshare.nfs; nfs_exports = '' /holocron/media *(ro,sync,no_subtree_check) ''; #/holocron/vault *(rw,sync,no_subtree_check,no_root_squash) in { - options.modules.fileshare.nfs = { + options.fileshare.nfs = { enable = lib.mkEnableOption "enables nfs"; }; diff --git a/modules/homelab/fileshare/smb/default.nix b/modules/homelab/fileshare/smb/default.nix index 13266d4..5dac2a9 100644 --- a/modules/homelab/fileshare/smb/default.nix +++ b/modules/homelab/fileshare/smb/default.nix @@ -6,7 +6,7 @@ }: # define smb shares let - cfg = config.modules.fileshare.smb; + cfg = config.fileshare.smb; smb_shares = { vault = { path = "/holocron/vault"; @@ -22,7 +22,7 @@ let }; }; in { - options.modules.fileshare.smb = { + options.fileshare.smb = { enable = lib.mkEnableOption "enables smb"; }; diff --git a/modules/homelab/fileshare/zfs/default.nix b/modules/homelab/fileshare/zfs/default.nix index 64d6984..3f97e88 100644 --- a/modules/homelab/fileshare/zfs/default.nix +++ b/modules/homelab/fileshare/zfs/default.nix @@ -4,9 +4,9 @@ lib, ... }: let - cfg = config.modules.fileshare.zfs; + cfg = config.fileshare.zfs; in { - options.modules.fileshare.zfs = { + options.fileshare.zfs = { enable = lib.mkEnableOption "enables zfs"; }; diff --git a/modules/homelab/gitea/default.nix b/modules/homelab/gitea/default.nix index 5ec0144..9905600 100644 --- a/modules/homelab/gitea/default.nix +++ b/modules/homelab/gitea/default.nix @@ -2,12 +2,12 @@ let service = "gitea"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -102,7 +102,7 @@ in }; # add to glance - modules.services.glance.links.services = [{ + homelab.glance.links.services = [{ title = service; url = "https://git.${homelab.public_domain}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -118,7 +118,7 @@ in }; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/glance/default.nix b/modules/homelab/glance/default.nix index 8c35028..01e3174 100644 --- a/modules/homelab/glance/default.nix +++ b/modules/homelab/glance/default.nix @@ -12,7 +12,7 @@ | <8yy> | V V # add to glance - modules.services.glance.links.mediastack = [{ + homelab.glance.links.mediastack = [{ title = service; url = "https://${cfg.url}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -23,15 +23,15 @@ let service = "glance"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; uptimekuma_url = "localhost:7901"; uptimekuma_page = "glance"; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -288,14 +288,14 @@ in }; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; # add to udr to glance - modules.services.glance.links.system = [{ + homelab.glance.links.system = [{ title = "bebe"; url = "https://bebe.lan"; error-url = "https://10.10.0.1"; diff --git a/modules/homelab/home/homeassistant/default.nix b/modules/homelab/home/homeassistant/default.nix index a1b40b9..63ea988 100644 --- a/modules/homelab/home/homeassistant/default.nix +++ b/modules/homelab/home/homeassistant/default.nix @@ -3,12 +3,12 @@ let nixservice = "home-assistant"; service = "hass"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -97,7 +97,7 @@ in }; # add to glance - modules.services.glance.links.services = [{ + homelab.glance.links.services = [{ title = "home assistant"; url = "https://hass.${homelab.public_domain}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -105,7 +105,7 @@ in icon = "di:${nixservice}"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/home/mosquitto/default.nix b/modules/homelab/home/mosquitto/default.nix index 7b56871..e4428da 100644 --- a/modules/homelab/home/mosquitto/default.nix +++ b/modules/homelab/home/mosquitto/default.nix @@ -2,12 +2,12 @@ let service = "mosquitto"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -88,7 +88,7 @@ in }; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/home/zigbee2mqtt/default.nix b/modules/homelab/home/zigbee2mqtt/default.nix index 03f7215..0ab777f 100644 --- a/modules/homelab/home/zigbee2mqtt/default.nix +++ b/modules/homelab/home/zigbee2mqtt/default.nix @@ -2,12 +2,12 @@ let service = "zigbee2mqtt"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -104,7 +104,7 @@ in }; # add to glance - modules.services.glance.links.services = [{ + homelab.glance.links.services = [{ title = service; url = "https://${cfg.url}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -119,7 +119,7 @@ in }; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/immich/default.nix b/modules/homelab/immich/default.nix index df041c0..da941c7 100644 --- a/modules/homelab/immich/default.nix +++ b/modules/homelab/immich/default.nix @@ -2,12 +2,12 @@ let service = "immich"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -85,7 +85,7 @@ in }; # add to glance - modules.services.glance.links.services = [{ + homelab.glance.links.services = [{ title = service; url = "https://photos.${homelab.public_domain}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -93,7 +93,7 @@ in icon = "di:${service}"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir "/var/lib/redis-immich" ]; }; }; }; diff --git a/modules/homelab/jellyfin/default.nix b/modules/homelab/jellyfin/default.nix index b18366b..60d48d2 100644 --- a/modules/homelab/jellyfin/default.nix +++ b/modules/homelab/jellyfin/default.nix @@ -2,12 +2,12 @@ let service = "jellyfin"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -81,7 +81,7 @@ in }; # add to glance - modules.services.glance.links.mediastack = [{ + homelab.glance.links.mediastack = [{ title = service; url = "https://media.${homelab.public_domain}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -89,7 +89,7 @@ in icon = "di:${service}"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/minecraft_recpro/default.nix b/modules/homelab/minecraft_recpro/default.nix index 3aa31a5..9a89bbb 100644 --- a/modules/homelab/minecraft_recpro/default.nix +++ b/modules/homelab/minecraft_recpro/default.nix @@ -2,7 +2,7 @@ let service = "minecraft_recpro"; - cfg = config.modules.gameservers.${service}; + cfg = config.gameservers.${service}; sec = config.sops.secrets; servers = { velocity = { data_dir = "/var/lib/gameservers/minecraft_recpro/velocity"; ram = "2G"; }; @@ -12,7 +12,7 @@ let }; in { - options.modules.gameservers.${service} = { + options.gameservers.${service} = { enable = lib.mkEnableOption "enables ${service}"; url = lib.mkOption { type = lib.types.str; @@ -66,15 +66,13 @@ in WorkingDirectory = srv.data_dir; UMask = "0007"; ExecStart = "${pkgs.openjdk21}/bin/java -Xmx${srv.ram} -jar server.jar nogui"; -# ExecStart = "${pkgs.tmux}/bin/tmux new-session -d -s mc-${name} '${pkgs.openjdk21}/bin/java -Xmx${srv.ram} -jar server.jar nogui'"; -# ExecStop = "${pkgs.tmux}/bin/tmux send-keys -t mc-${name} C-c"; Restart = "on-failure"; KillMode = "process"; }; wantedBy = [ "multi-user.target" ]; }) servers; - environment.systemPackages = with pkgs; [ openjdk21 mcrcon tmux ]; + environment.systemPackages = with pkgs; [ openjdk21 mcrcon ]; services.mysql = { enable = true; @@ -96,25 +94,6 @@ in # open firewall networking.firewall.allowedTCPPorts = [ 25777 25565 25566 25567 ]; -# # internal reverse proxy entry -# services.nginx.virtualHosts."${cfg.url}" = { -# forceSSL = true; -# sslCertificate = sec."ssl_blakedheld_crt".path; -# sslCertificateKey = sec."ssl_blakedheld_key".path; -# locations."/" = { -# proxyPass = "http://127.0.0.1:${toString cfg.port}"; -# }; -# }; -# # external reverse proxy entry -# services.nginx.virtualHosts."${service}.blakedheld.xyz" = { -# forceSSL = true; -# sslCertificate = sec."ssl_blakedheld_crt".path; -# sslCertificateKey = sec."ssl_blakedheld_key".path; -# locations."/" = { -# proxyPass = "http://127.0.0.1:${toString cfg.port}"; -# }; -# }; -# sops.secrets = { "velocity_forwarding" = { owner = "minecraft"; @@ -130,7 +109,7 @@ in }; # add to backups - modules.system.backups.baks = lib.listToAttrs ( + system.backups.baks = lib.listToAttrs ( lib.mapAttrsToList (srv_name: cfg: { name = srv_name; # attribute key diff --git a/modules/homelab/qbittorrent/default.nix b/modules/homelab/qbittorrent/default.nix index 37d15fb..d2111cb 100644 --- a/modules/homelab/qbittorrent/default.nix +++ b/modules/homelab/qbittorrent/default.nix @@ -2,12 +2,12 @@ let service = "qbittorrent"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -119,7 +119,7 @@ in }; # add to glance - modules.services.glance.links.mediastack = [{ + homelab.glance.links.mediastack = [{ title = service; url = "https://${cfg.url}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -127,7 +127,7 @@ in icon = "di:${service}"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/services/.default.nix.template.nix b/modules/homelab/services/.default.nix.template.nix deleted file mode 100644 index db34b5f..0000000 --- a/modules/homelab/services/.default.nix.template.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: - -let - service = ""; - cfg = config.modules.services.${service}; - sec = config.sops.secrets; - homelab = config.modules.homelab; -in -{ - options.modules.services.${service} = { - enable = lib.mkEnableOption "enables ${service}"; - - # set port options - port = lib.mkOption { - type = lib.types.int; - default = ; - description = "set port for ${service} (default: ${toString cfg.port}"; - }; - url = lib.mkOption { - type = lib.types.str; - default = "${service}.${homelab.base_domain}"; - description = "set domain for ${service}"; - }; - data_dir = lib.mkOption { - type = lib.types.str; - default = "/var/lib/${service}"; - description = "set data directory for ${service}"; - }; - ids = lib.mkOption { - type = lib.types.int; - default = cfg.port; - description = "set uid and pid of ${service} user (matches port by default)"; - }; - backup = lib.mkOption { - type = lib.types.bool; - default = true; - description = "enable backups for ${service}"; - }; - }; - - config = lib.mkIf cfg.enable { - - # declare ${service} group - users.groups.${service} = { - gid = lib.mkForce cfg.ids; - }; - - # declare ${service} user - users.users.${service} = { - description = "${service} server user"; - uid = lib.mkForce cfg.ids; - isSystemUser = true; - home = cfg.data_dir; - createHome = true; - group = service; - extraGroups = [ "media" ]; - }; - - # enable the ${service} service - services.${service} = { - enable = true; - openFirewall = true; - user = service; - group = service; - dataDir = cfg.data_dir; - settings = { - server.port = cfg.port; - }; - }; - - # override umask to make permissions work out - systemd.services.${service}.serviceConfig = { - UMask = lib.mkForce "0007"; - # User = service; - # Group = service; - }; - - # # open firewall - # networking.firewall.allowedTCPPorts = [ cfg.port ]; - - # add to caddy for reverse proxy - services.caddy.virtualHosts."${cfg.url}" = { - serverAliases = [ "${service}.${homelab.public_domain}" ]; - extraConfig = '' - tls /etc/ssl/blakedheld.xyz.crt /etc/ssl/blakedheld.xyz.key - reverse_proxy 127.0.0.1:${toString cfg.port} - ''; - }; - - #--------------------------------------------------------------------------- - # # add to glance (public service) - # modules.services.glance.links. = [{ - # title = service; - # url = "https://${service}.${homelab.public_domain}"; - # error-url = "http://${homelab.host_ip}:${toString cfg.port}"; - # check-url = "http://${homelab.host_ip}:${toString cfg.port}"; - # icon = "di:${service}"; }]; - #--------------------------------------------------------------------------- - # # add to glance (local service) - # modules.services.glance.links. = [{ - # title = service; - # url = "https://${cfg.url}"; - # error-url = "http://${homelab.host_ip}:${toString cfg.port}"; - # check-url = "http://${homelab.host_ip}:${toString cfg.port}"; - # icon = "di:${service}"; }]; - #--------------------------------------------------------------------------- - # - # sops.secrets = { - # "${service}_" = { - # owner = ; - # group = ; - # }; - # }; - - # add to backups - modules.system.backups.baks = { - ${service} = { - paths = [ cfg.data_dir ]; - }; - }; - }; -} diff --git a/modules/homelab/services/.unused/nginx-proxy/default.nix b/modules/homelab/services/.unused/nginx-proxy/default.nix deleted file mode 100644 index c08f4d1..0000000 --- a/modules/homelab/services/.unused/nginx-proxy/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ pkgs, config, lib, ... }: - -/* -no longer in use, replaced by caddy if -wanting to use again here is the boilerplate -for whatt o put in for each service - - # internal reverse proxy entry - services.nginx.virtualHosts."${cfg.url}" = { - forceSSL = true; - sslCertificate = sec."ssl_blakedheld_crt".path; - sslCertificateKey = sec."ssl_blakedheld_key".path; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; - }; - }; - - # external reverse proxy entry - services.nginx.virtualHosts."${service}.blakedheld.xyz" = { - forceSSL = true; - sslCertificate = sec."ssl_blakedheld_crt".path; - sslCertificateKey = sec."ssl_blakedheld_key".path; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; - }; - }; -*/ - -let - cfg = config.modules.homelab.nginx-proxy; - sec = config.sops.secrets; - homelab = config.modules.homelab; -in -{ - options.modules.homelab.nginx-proxy = { - enable = lib.mkEnableOption "enables nginx-proxy"; - }; - - config = lib.mkIf cfg.enable { - # enable nginx proxy manager - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - commonHttpConfig = '' - error_page 404 =302 https://www.youtube.com/watch?v=dQw4w9WgXcQ; - ''; - }; - # enable acme for auto ssl certs with lets encrypt - security.acme = { - acceptTerms = true; - defaults.email = "me@blakedheld.xyz"; - }; - - systemd.tmpfiles.rules = [ - "d /var/www/keys 0755 nginx nginx -" - ]; - - # static entries - services.nginx.virtualHosts."key.${homelab.public_domain}" = { - forceSSL = true; - sslCertificate = sec."ssl_blakedheld_crt".path; - sslCertificateKey = sec."ssl_blakedheld_key".path; - root = "/var/www/keys"; - locations."/" = { - index = "klefki_pub.asc"; - extraConfig = '' - add_header Content-Disposition "attachment; filename=klefki_pub.asc"; - default_type application/pgp-keys; - ''; - }; - }; - - # nginx secrets - sops.secrets = { - "ssl_blakedheld_crt" = { - restartUnits = [ "nginx.service" ]; - owner = "nginx"; - group = "nginx"; - }; - "ssl_blakedheld_key" = { - owner = "nginx"; - group = "nginx"; - }; - "klefki_pub.asc" = { - owner = "nginx"; - group = "nginx"; - path = "/var/www/keys/klefki_pub.asc"; - }; - }; - }; -} diff --git a/modules/homelab/services/default.nix b/modules/homelab/services/default.nix deleted file mode 100644 index 7b6cd9d..0000000 --- a/modules/homelab/services/default.nix +++ /dev/null @@ -1,13 +0,0 @@ - -{ pkgs, config, lib, ... }: - -{ - - # services show up in glance in reverse import order lmao - imports = [ - ]; - - - - -} diff --git a/modules/homelab/uptime-kuma/default.nix b/modules/homelab/uptime-kuma/default.nix index 560b06f..2be02c3 100644 --- a/modules/homelab/uptime-kuma/default.nix +++ b/modules/homelab/uptime-kuma/default.nix @@ -2,12 +2,12 @@ let service = "uptime-kuma"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -81,7 +81,7 @@ in }; # add to glance - modules.services.glance.links.system = [{ + homelab.glance.links.system = [{ title = service; url = "https://${cfg.url}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -89,7 +89,7 @@ in icon = "di:${service}"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/vaultwarden/default.nix b/modules/homelab/vaultwarden/default.nix index dfe18d2..0e1914c 100644 --- a/modules/homelab/vaultwarden/default.nix +++ b/modules/homelab/vaultwarden/default.nix @@ -2,13 +2,13 @@ let service = "vaultwarden"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; domain = "https://pass.blakedheld.xyz"; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -94,7 +94,7 @@ in }; # add to glance - modules.services.glance.links.services = [{ + homelab.glance.links.services = [{ title = service; url = "https://pass.${homelab.public_domain}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -109,7 +109,7 @@ in }; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/homelab/yacreader/default.nix b/modules/homelab/yacreader/default.nix index ad1896d..924a37b 100644 --- a/modules/homelab/yacreader/default.nix +++ b/modules/homelab/yacreader/default.nix @@ -2,12 +2,12 @@ let service = "yacreader"; - cfg = config.modules.services.${service}; + cfg = config.homelab.${service}; sec = config.sops.secrets; - homelab = config.modules.homelab; + homelab = config.homelab; in { - options.modules.services.${service} = { + options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options @@ -89,7 +89,7 @@ in }; # add to glance local service - modules.services.glance.links.mediastack = [{ + homelab.glance.links.mediastack = [{ title = service; url = "https://${cfg.url}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; @@ -97,7 +97,7 @@ in icon = "di:yac-reader"; }]; # add to backups - modules.system.backups.baks = { + system.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; diff --git a/modules/system/backups.nix b/modules/system/backups.nix index cb544d8..6d99af8 100644 --- a/modules/system/backups.nix +++ b/modules/system/backups.nix @@ -15,12 +15,12 @@ in a borg archive to the specified repo */ let - cfg = config.modules.system.backups; + cfg = config.system.backups; sec = config.sops.secrets; borg = "${pkgs.borgbackup}/bin/borg"; in { - options.modules.system.backups = { + options.system.backups = { enable = lib.mkEnableOption "enables backups with borg"; baks = lib.mkOption { type = lib.types.attrsOf (lib.types.attrsOf (lib.types.listOf lib.types.path)); diff --git a/modules/system/backups.nix.bak b/modules/system/backups.nix.bak deleted file mode 100644 index e3fcb9c..0000000 --- a/modules/system/backups.nix.bak +++ /dev/null @@ -1,102 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.modules.system.backups; - borg = "${pkgs.borgbackup}/bin/borg"; - backup_paths = lib.unique config.modules.system.backups.paths; - passwd_file = config.sops.secrets."borg_passwd".path; -in -{ - options.modules.system.backups = { - enable = lib.mkEnableOption "enables backups with borg"; - paths = lib.mkOption { - type = lib.types.listOf lib.types.path; - default = []; - description = "list of directories to back up"; - }; - repo = lib.mkOption { - type = lib.types.path; - default = "/holocron/borg"; - description = "borg repository path"; - }; - passphraseFile = lib.mkOption { - type = lib.types.path; - default = passwd_file; - description = "borg repository passphrase file"; - }; - }; - - config = lib.mkIf (cfg.enable && backup_paths != []) { - -# systemd.tmpfiles.rules = [ -# "d ${cfg.repo} 0755 root root" -# ]; - - systemd.services.backups = { - description = "backup service with borg!"; - path = [ pkgs.borgbackup ]; - serviceConfig = { - Type = "oneshot"; - EnvironmentFile = config.modules.system.backups.passphraseFile; - # the actual script borg is using - ExecStart = pkgs.writeShellScript "borg-backup" '' - set -euo pipefail - export BORG_PASSPHRASE="$(cat ${passwd_file})" - export BORG_REPO="${cfg.repo}" - timestamp="$(date +'%Y-%m-%dT%H:%M:%S')" - - # Initialize repo if it doesn't exist - if ! borg info "$BORG_REPO" >/dev/null 2>&1; then - echo "init borg repo at $BORG_REPO" - borg init --encryption=repokey "$BORG_REPO" - fi - - # Create backup - echo "starting backup..." - borg create \ - --verbose \ - --filter AME \ - --list \ - --stats \ - --show-rc \ - --compression lzma,9 \ - "$BORG_REPO::${toString config.networking.hostName}-$timestamp" \ - ${lib.concatStringsSep " " cfg.paths} - - # Prune old backups according to retention policy - echo "Pruning old backups..." - borg prune -v --list "$BORG_REPO" \ - --keep-daily=7 \ - --keep-weekly=52 \ - --keep-monthly=-1 - - echo "$timestamp - backup completed successfully." - ''; - }; - }; - - # create timer to run backups daily - systemd.timers.backups = { - description = "daily borg backup timer"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - }; - }; - - # install borg binary - environment.systemPackages = [ pkgs.borgbackup ]; - - # declare secret for repo password - sops.secrets = { - "borg_passwd" = { - owner = "root"; - group = "root"; - }; - }; - }; -} - -# add to modules -# modules.system.backups.paths = lib.mkIf cfg.backups [ ]; diff --git a/modules/system/docker.nix b/modules/system/docker.nix index fad4241..4bc3531 100644 --- a/modules/system/docker.nix +++ b/modules/system/docker.nix @@ -1,10 +1,10 @@ { pkgs, config, lib, ... }: let - cfg = config.modules.system.docker; + cfg = config.system.docker; in { - options.modules.system.docker = { + options.system.docker = { enable = lib.mkEnableOption "enables docker"; }; diff --git a/modules/system/nvidia.nix b/modules/system/nvidia.nix index 8db2293..d331571 100644 --- a/modules/system/nvidia.nix +++ b/modules/system/nvidia.nix @@ -1,10 +1,10 @@ { pkgs, config, lib, ... }: let - cfg = config.modules.system.nvidia; + cfg = config.system.nvidia; in { - options.modules.system.nvidia = { + options.system.nvidia = { enable = lib.mkEnableOption "enables nvidia"; }; diff --git a/modules/system/podman.nix b/modules/system/podman.nix index c207d84..ace26fe 100644 --- a/modules/system/podman.nix +++ b/modules/system/podman.nix @@ -1,10 +1,10 @@ { pkgs, config, lib, ... }: let - cfg = config.modules.system.podman; + cfg = config.system.podman; in { - options.modules.system.podman = { + options.system.podman = { enable = lib.mkEnableOption "enables podman"; }; diff --git a/modules/system/sops.nix b/modules/system/sops.nix index 939e812..4b5ca5c 100644 --- a/modules/system/sops.nix +++ b/modules/system/sops.nix @@ -1,12 +1,12 @@ { pkgs, config, lib, inputs, ... }: let - cfg = config.modules.system.sops; + cfg = config.system.sops; in { imports = [ inputs.sops-nix.nixosModules.sops ]; - options.modules.system.sops = { + options.system.sops = { enable = lib.mkEnableOption "enables sops"; }; diff --git a/modules/system/ssh.nix b/modules/system/ssh.nix index a8cd395..8087f2a 100644 --- a/modules/system/ssh.nix +++ b/modules/system/ssh.nix @@ -1,10 +1,10 @@ { pkgs, config, lib, ... }: let - cfg = config.modules.system.ssh; + cfg = config.system.ssh; in { - options.modules.system.ssh = { + options.system.ssh = { enable = lib.mkEnableOption "enables ssh"; }; diff --git a/modules/system/syncthing.nix b/modules/system/syncthing.nix index 447e525..9f4a1fe 100644 --- a/modules/system/syncthing.nix +++ b/modules/system/syncthing.nix @@ -1,27 +1,12 @@ { pkgs, config, lib, ... }: let - cfg = config.modules.system.syncthing; + cfg = config.system.syncthing; in { - options.modules.system.syncthing = { + options.system.syncthing = { enable = lib.mkEnableOption "enables syncthing"; -# mode = lib.mkOption { -# type = lib.types.enum [ "server" "client" ]; -# default = "client"; -# description = "whether syncthing should run as a client (user) or server (system-wide)."; -# }; -# -# data_dir = lib.mkOption { -# type = lib.types.str; -# default = if cfg.mode == "server" -# then "/var/lib/syncthing" -# else "/home/blake/.local/state/syncthing"; -# description = "optional override for syncthing data directory."; -# }; - }; - config = lib.mkIf cfg.enable { # systemd.tmpfiles.rules = lib.optionals (cfg.mode == "server") ["d /var/lib/syncthing 0775 blake blake -"]; diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 8baa2a0..801bc8f 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -4,10 +4,10 @@ lib, ... }: let - cfg = config.modules.system.tailscale; + cfg = config.system.tailscale; authkey_file = config.sops.secrets."tailscale_authkey".path; in { - options.modules.system.tailscale = { + options.system.tailscale = { enable = lib.mkEnableOption "enables tailscale"; }; diff --git a/modules/system/vpn-confinement.nix b/modules/system/vpn-confinement.nix index ca7c49a..a4702e5 100644 --- a/modules/system/vpn-confinement.nix +++ b/modules/system/vpn-confinement.nix @@ -1,10 +1,10 @@ { pkgs, config, lib, ... }: let - cfg = config.modules.system.vpn-confinement; + cfg = config.system.vpn-confinement; in { - options.modules.system.vpn-confinement = { + options.system.vpn-confinement = { enable = lib.mkEnableOption "enables vpn-confinement"; # toggle for mullvad mexico w/ openvpn diff --git a/modules/system/vpns.nix b/modules/system/vpns.nix index eb9e099..9c7a931 100644 --- a/modules/system/vpns.nix +++ b/modules/system/vpns.nix @@ -1,10 +1,10 @@ { pkgs, config, lib, ... }: let - cfg = config.modules.system.vpns; + cfg = config.system.vpns; in { - options.modules.system.vpns = { + options.system.vpns = { enable = lib.mkEnableOption "enables vpns"; # toggle for pia mexico w/ openvpn