upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-06-16 10:05:13 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: reformated services

Browse source
This commit is contained in:
Nick 2024-11-23 20:04:38 -06:00
parent c28066d2d3
commit d73b50cb7b
19 changed files with 5 additions and 198 deletions
Download patch file Download diff file Expand all files Collapse all files

102
nixos/modules/services/castopod.nix
View file

@ -1,102 +0,0 @@
{
flake,
config,
...
}: let
inherit (flake.config.machines.devices) server;
inherit (flake.config.services.instances) castopod nginx web;
service = castopod;
localhost = web.localhost.address0;
host = "${service.subdomain}.${web.domains.url1}";
in {
services = {
castopod = {
enable = true;
localDomain = host;
configureNginx = false;
environmentFile = config.sops.secrets."${service.name}-smtp".path;
maxUploadSize = "1024M";
database = {
createLocally = true;
# passwordFile = config.sops.secrets."${name}-database".path;
};
poolSettings = {
pm = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
};
settings = {
"email.fromEmail" = service.email.address0;
"email.protocol" = "smtp";
"email.SMTPHost" = localhost;
"email.SMTPPort" = 587;
"email.SMTPUser" = "smtp.protonmail.ch";
};
};
nginx = {
enable = true;
virtualHosts = {
"${host}" = {
};
};
};
caddy = {
virtualHosts = {
"${host}" = {
extraConfig = ''
reverse_proxy ${localhost}:${toString service.ports.port0}
tls ${service.ssl.cert} ${service.ssl.key}
'';
};
};
};
};
sops = let
sopsPath = secret: {
path = "${service.sops.path0}/${service.name}-${secret}";
owner = service.name;
mode = "600";
};
in {
secrets = builtins.listToAttrs (
map
(secret: {
name = "${service.name}-${secret}";
value = sopsPath secret;
})
[
"smtp"
"database"
]
);
};
fileSystems."/var/lib/${service.name}" = {
device = service.paths.path0;
fsType = "none";
options = ["bind"];
depends = [server.storage0.mount];
};
systemd.tmpfiles.rules = [
"Z ${service.paths.path0} 755 ${service.name} ${service.name} -"
"Z ${service.sops.path0} 755 ${service.name} ${service.name} -"
];
networking = {
firewall = {
allowedTCPPorts = [
service.ports.port0
nginx.ports.port0
];
};
};
users.groups.nginx = {};
}

0
nixos/modules/services/acme.nix → nixos/modules/services/config/acme.nix
View file

0
nixos/modules/services/caddy.nix → nixos/modules/services/config/caddy.nix
View file

0
nixos/modules/services/forgejo.nix → nixos/modules/services/config/forgejo.nix
View file

0
nixos/modules/services/jellyfin.nix → nixos/modules/services/config/jellyfin.nix
View file

0
nixos/modules/services/logrotate.nix → nixos/modules/services/config/logrotate.nix
View file

0
nixos/modules/services/mastodon/chars.patch → nixos/modules/services/config/mastodon/chars.patch
View file

0
nixos/modules/services/mastodon/default.nix → nixos/modules/services/config/mastodon/default.nix
View file

0
nixos/modules/services/mastodon/twitter.txt → nixos/modules/services/config/mastodon/twitter.txt
View file

0
nixos/modules/services/minecraft.nix → nixos/modules/services/config/minecraft.nix
View file

0
nixos/modules/services/nextcloud.nix → nixos/modules/services/config/nextcloud.nix
View file

0
nixos/modules/services/ollama.nix → nixos/modules/services/config/ollama.nix
View file

0
nixos/modules/services/owncast.nix → nixos/modules/services/config/owncast.nix
View file

0
nixos/modules/services/peertube.nix → nixos/modules/services/config/peertube.nix
View file

0
nixos/modules/services/postgresql.nix → nixos/modules/services/config/postgresql.nix
View file

0
nixos/modules/services/samba.nix → nixos/modules/services/config/samba.nix
View file

0
nixos/modules/services/vaultwarden.nix → nixos/modules/services/config/vaultwarden.nix
View file

10
nixos/modules/services/default.nix
View file

@ -1,12 +1,14 @@
{ {
imports = imports = let
configPath = ./config;
in
(map (map
(folder: ./${folder}) (folder: (configPath + ./${folder}))
[ [
"mastodon" "mastodon"
]) ])
++ (map ++ (map
(file: ./${file}.nix) (file: (configPath + ./${file}.nix))
[ [
"acme" "acme"
"caddy" "caddy"
@ -19,9 +21,7 @@
"owncast" "owncast"
"samba" "samba"
"vaultwarden" "vaultwarden"
"wiki"
# "forgejo" # "forgejo"
# "castopod"
# "nextcloud" # "nextcloud"
]); ]);
} }

91
nixos/modules/services/wiki.nix
View file

@ -1,91 +0,0 @@
{
flake,
config,
...
}: let
inherit (flake.config.machines.devices) server;
inherit (flake.config.services.instances) web wiki;
service = wiki;
localhost = web.localhost.address1;
host = "${service.subdomain}.${web.domains.url1}";
in {
services = {
wiki-js = {
enable = true;
environmentFile = config.sops.secrets."${service.name}/pass".path;
settings = {
port = service.ports.port0;
bindIP = localhost;
db = {
db = "wiki-js";
host = "/run/postgresql";
type = "postgres";
user = "wiki-js";
};
};
};
caddy = {
virtualHosts = {
"${host}" = {
extraConfig = ''
reverse_proxy ${localhost}:${toString service.ports.port0}
tls ${service.ssl.cert} ${service.ssl.key}
'';
};
};
};
postgresql = {
ensureDatabases = [service.name];
ensureUsers = [
{
name = service.name;
ensureDBOwnership = true;
}
];
};
};
sops = let
sopsPath = secret: {
path = "${service.sops.path0}/${secret}";
owner = "root";
mode = "600";
};
in {
secrets = builtins.listToAttrs (
map
(secret: {
name = "${service.name}/${secret}";
value = sopsPath secret;
})
[
"pass"
"ssh"
]
);
};
fileSystems."/var/lib/${service.name}" = {
device = service.paths.path0;
fsType = "none";
options = ["bind"];
depends = [server.storage0.mount];
};
systemd.tmpfiles.rules = [
"Z ${service.paths.path0} 755 ${service.name} ${service.name} -"
"Z ${service.sops.path0} 755 ${service.name} ${service.name} -"
];
networking = {
firewall = {
allowedTCPPorts = [
service.ports.port0
service.ports.port1
];
};
};
}