diff --git a/nixos/modules/services/castopod.nix b/nixos/modules/services/castopod.nix deleted file mode 100755 index 88a619e..0000000 --- a/nixos/modules/services/castopod.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ - flake, - config, - ... -}: let - inherit (flake.config.machines.devices) server; - inherit (flake.config.services.instances) castopod nginx web; - service = castopod; - localhost = web.localhost.address0; - host = "${service.subdomain}.${web.domains.url1}"; -in { - services = { - castopod = { - enable = true; - localDomain = host; - configureNginx = false; - environmentFile = config.sops.secrets."${service.name}-smtp".path; - maxUploadSize = "1024M"; - database = { - createLocally = true; - # passwordFile = config.sops.secrets."${name}-database".path; - }; - poolSettings = { - pm = "dynamic"; - "pm.max_children" = "32"; - "pm.max_requests" = "500"; - "pm.max_spare_servers" = "4"; - "pm.min_spare_servers" = "2"; - "pm.start_servers" = "2"; - }; - settings = { - "email.fromEmail" = service.email.address0; - "email.protocol" = "smtp"; - "email.SMTPHost" = localhost; - "email.SMTPPort" = 587; - "email.SMTPUser" = "smtp.protonmail.ch"; - }; - }; - - nginx = { - enable = true; - virtualHosts = { - "${host}" = { - }; - }; - }; - - caddy = { - virtualHosts = { - "${host}" = { - extraConfig = '' - reverse_proxy ${localhost}:${toString service.ports.port0} - - tls ${service.ssl.cert} ${service.ssl.key} - ''; - }; - }; - }; - }; - - sops = let - sopsPath = secret: { - path = "${service.sops.path0}/${service.name}-${secret}"; - owner = service.name; - mode = "600"; - }; - in { - secrets = builtins.listToAttrs ( - map - (secret: { - name = "${service.name}-${secret}"; - value = sopsPath secret; - }) - [ - "smtp" - "database" - ] - ); - }; - - fileSystems."/var/lib/${service.name}" = { - device = service.paths.path0; - fsType = "none"; - options = ["bind"]; - depends = [server.storage0.mount]; - }; - - systemd.tmpfiles.rules = [ - "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" - "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" - ]; - - networking = { - firewall = { - allowedTCPPorts = [ - service.ports.port0 - nginx.ports.port0 - ]; - }; - }; - users.groups.nginx = {}; -} diff --git a/nixos/modules/services/acme.nix b/nixos/modules/services/config/acme.nix similarity index 100% rename from nixos/modules/services/acme.nix rename to nixos/modules/services/config/acme.nix diff --git a/nixos/modules/services/caddy.nix b/nixos/modules/services/config/caddy.nix similarity index 100% rename from nixos/modules/services/caddy.nix rename to nixos/modules/services/config/caddy.nix diff --git a/nixos/modules/services/forgejo.nix b/nixos/modules/services/config/forgejo.nix similarity index 100% rename from nixos/modules/services/forgejo.nix rename to nixos/modules/services/config/forgejo.nix diff --git a/nixos/modules/services/jellyfin.nix b/nixos/modules/services/config/jellyfin.nix similarity index 100% rename from nixos/modules/services/jellyfin.nix rename to nixos/modules/services/config/jellyfin.nix diff --git a/nixos/modules/services/logrotate.nix b/nixos/modules/services/config/logrotate.nix similarity index 100% rename from nixos/modules/services/logrotate.nix rename to nixos/modules/services/config/logrotate.nix diff --git a/nixos/modules/services/mastodon/chars.patch b/nixos/modules/services/config/mastodon/chars.patch similarity index 100% rename from nixos/modules/services/mastodon/chars.patch rename to nixos/modules/services/config/mastodon/chars.patch diff --git a/nixos/modules/services/mastodon/default.nix b/nixos/modules/services/config/mastodon/default.nix similarity index 100% rename from nixos/modules/services/mastodon/default.nix rename to nixos/modules/services/config/mastodon/default.nix diff --git a/nixos/modules/services/mastodon/twitter.txt b/nixos/modules/services/config/mastodon/twitter.txt similarity index 100% rename from nixos/modules/services/mastodon/twitter.txt rename to nixos/modules/services/config/mastodon/twitter.txt diff --git a/nixos/modules/services/minecraft.nix b/nixos/modules/services/config/minecraft.nix similarity index 100% rename from nixos/modules/services/minecraft.nix rename to nixos/modules/services/config/minecraft.nix diff --git a/nixos/modules/services/nextcloud.nix b/nixos/modules/services/config/nextcloud.nix similarity index 100% rename from nixos/modules/services/nextcloud.nix rename to nixos/modules/services/config/nextcloud.nix diff --git a/nixos/modules/services/ollama.nix b/nixos/modules/services/config/ollama.nix similarity index 100% rename from nixos/modules/services/ollama.nix rename to nixos/modules/services/config/ollama.nix diff --git a/nixos/modules/services/owncast.nix b/nixos/modules/services/config/owncast.nix similarity index 100% rename from nixos/modules/services/owncast.nix rename to nixos/modules/services/config/owncast.nix diff --git a/nixos/modules/services/peertube.nix b/nixos/modules/services/config/peertube.nix similarity index 100% rename from nixos/modules/services/peertube.nix rename to nixos/modules/services/config/peertube.nix diff --git a/nixos/modules/services/postgresql.nix b/nixos/modules/services/config/postgresql.nix similarity index 100% rename from nixos/modules/services/postgresql.nix rename to nixos/modules/services/config/postgresql.nix diff --git a/nixos/modules/services/samba.nix b/nixos/modules/services/config/samba.nix similarity index 100% rename from nixos/modules/services/samba.nix rename to nixos/modules/services/config/samba.nix diff --git a/nixos/modules/services/vaultwarden.nix b/nixos/modules/services/config/vaultwarden.nix similarity index 100% rename from nixos/modules/services/vaultwarden.nix rename to nixos/modules/services/config/vaultwarden.nix diff --git a/nixos/modules/services/default.nix b/nixos/modules/services/default.nix index 06e103e..96fbf9f 100755 --- a/nixos/modules/services/default.nix +++ b/nixos/modules/services/default.nix @@ -1,12 +1,14 @@ { - imports = + imports = let + configPath = ./config; + in (map - (folder: ./${folder}) + (folder: (configPath + ./${folder})) [ "mastodon" ]) ++ (map - (file: ./${file}.nix) + (file: (configPath + ./${file}.nix)) [ "acme" "caddy" @@ -19,9 +21,7 @@ "owncast" "samba" "vaultwarden" - "wiki" # "forgejo" - # "castopod" # "nextcloud" ]); } diff --git a/nixos/modules/services/wiki.nix b/nixos/modules/services/wiki.nix deleted file mode 100755 index 1a5a130..0000000 --- a/nixos/modules/services/wiki.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ - flake, - config, - ... -}: let - inherit (flake.config.machines.devices) server; - inherit (flake.config.services.instances) web wiki; - service = wiki; - localhost = web.localhost.address1; - host = "${service.subdomain}.${web.domains.url1}"; -in { - services = { - wiki-js = { - enable = true; - environmentFile = config.sops.secrets."${service.name}/pass".path; - settings = { - port = service.ports.port0; - bindIP = localhost; - db = { - db = "wiki-js"; - host = "/run/postgresql"; - type = "postgres"; - user = "wiki-js"; - }; - }; - }; - - caddy = { - virtualHosts = { - "${host}" = { - extraConfig = '' - reverse_proxy ${localhost}:${toString service.ports.port0} - - tls ${service.ssl.cert} ${service.ssl.key} - ''; - }; - }; - }; - - postgresql = { - ensureDatabases = [service.name]; - ensureUsers = [ - { - name = service.name; - ensureDBOwnership = true; - } - ]; - }; - }; - - sops = let - sopsPath = secret: { - path = "${service.sops.path0}/${secret}"; - owner = "root"; - mode = "600"; - }; - in { - secrets = builtins.listToAttrs ( - map - (secret: { - name = "${service.name}/${secret}"; - value = sopsPath secret; - }) - [ - "pass" - "ssh" - ] - ); - }; - - fileSystems."/var/lib/${service.name}" = { - device = service.paths.path0; - fsType = "none"; - options = ["bind"]; - depends = [server.storage0.mount]; - }; - - systemd.tmpfiles.rules = [ - "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" - "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" - ]; - - networking = { - firewall = { - allowedTCPPorts = [ - service.ports.port0 - service.ports.port1 - ]; - }; - }; -}