aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Hevana: auto-detect subdomains; General: break out util functions into separate file

Browse source
This commit is contained in:
Aires 2024-12-03 18:05:57 -05:00
parent 052fb00606
commit 37f311cb63
10 changed files with 84 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
hosts/Hevana/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
# Do not change this value! This tracks when NixOS was installed on your system.
@ -18,17 +23,20 @@ let
''}";
};
# List of subdomains to add to the TLS certificate
subdomains = with config.secrets.services; [
binary-cache.url
forgejo.url
gremlin-lab.url
jellyfin.url
languagetool.url
netdata.url
qbittorrent.url
rss.url
];
/*
Add subdomains from enabled services to TLS certificate.
This doesn't _exactly_ check for enabled services, only:
1. Services that aren't ACME
2. Services with an "enable" attribute.
It still works though, so ¯\_()_/¯
*/
serviceList = lib.attrsets.collect (
x: x != "acme" && builtins.hasAttr "enable" x
) config.aux.system.services;
subdomains = builtins.catAttrs "url" serviceList;
in
{
imports = [ ./hardware-configuration.nix ];

79
modules/common.nix
View file

@ -1,62 +1,45 @@
# Modules common to all systems
{
inputs,
lib,
pkgs,
...
}:
{
config = {
# Install base packages
aux.system.packages = with pkgs; [
fastfetch # Show a neat system statistics screen when opening a terminal
htop # System monitor
lm_sensors # System temperature monitoring
zellij # Terminal multiplexer
];
# Install base packages
aux.system.packages = with pkgs; [
fastfetch # Show a neat system statistics screen when opening a terminal
htop # System monitor
lm_sensors # System temperature monitoring
zellij # Terminal multiplexer
];
# Install the nos helper script
aux.system.nixos-operations-script.enable = true;
# Install the nos helper script
aux.system.nixos-operations-script.enable = true;
nixpkgs.overlays = [
(final: _prev: {
# Allow packages from the unstable repo by using 'pkgs.unstable'
unstable = import inputs.nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
# Allow packages from the unstable repo by using 'pkgs.unstable'
nixpkgs.overlays = [
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
})
];
# Define custom functions using 'pkgs.util'
util = {
# Parses the domain from a URL
getDomainFromURL =
url:
let
parsedURL = (lib.strings.splitString "." url);
in
builtins.concatStringsSep "." [
(builtins.elemAt parsedURL 1)
(builtins.elemAt parsedURL 2)
];
};
})
];
programs = {
# Install ZSH for all users
zsh.enable = true;
programs = {
# Install ZSH for all users
zsh.enable = true;
# Configure nano
nano.nanorc = ''
set tabsize 4
set softwrap
set autoindent
set indicator
'';
};
# Set ZSH as the default shell
users.defaultUserShell = pkgs.zsh;
# Configure nano
nano.nanorc = ''
set tabsize 4
set softwrap
set autoindent
set indicator
'';
};
# Set ZSH as the default shell
users.defaultUserShell = pkgs.zsh;
}

2
modules/services/binary-cache.nix
View file

@ -49,7 +49,7 @@ in
};
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true;
basicAuth = {
"${cfg.auth.user}" = cfg.auth.password;

4
modules/services/forgejo.nix
View file

@ -32,7 +32,7 @@ in
enable = true;
settings = {
server = {
DOMAIN = pkgs.util.getDomainFromURL cfg.url;
DOMAIN = pkgs.util.getDomainFromURI cfg.url;
ROOT_URL = cfg.url;
HTTP_PORT = 3000;
};
@ -42,7 +42,7 @@ in
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";

2
modules/services/jellyfin.nix
View file

@ -34,7 +34,7 @@ in
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8096";

2
modules/services/languagetool.nix
View file

@ -56,7 +56,7 @@ in
};
# Create Nginx virtualhost
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true;
basicAuth = {
"${cfg.auth.user}" = cfg.auth.password;

2
modules/services/netdata.nix
View file

@ -50,7 +50,7 @@ in
(lib.mkIf (cfg.enable && cfg.type == "parent") {
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true;
basicAuth = {
"${cfg.auth.user}" = cfg.auth.password;

2
modules/services/qbittorrent.nix
View file

@ -58,7 +58,7 @@ in
config = lib.mkIf cfg.enable {
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${cfg.port}";

2
modules/services/rss.nix
View file

@ -56,7 +56,7 @@ in
};
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true;
};
};

25
modules/util.nix Normal file
View file

@ -0,0 +1,25 @@
# Utility and helper functions
{
lib,
...
}:
{
nixpkgs.overlays = [
(final: _prev: {
# Define custom functions using 'pkgs.util'
util = {
# Parses the domain from a URI
getDomainFromURI =
url:
let
parsedURL = (lib.strings.splitString "." url);
in
builtins.concatStringsSep "." [
(builtins.elemAt parsedURL 1)
(builtins.elemAt parsedURL 2)
];
};
})
];
}