From 37f311cb6301dec10f9ef6ebaa5c870b86310e79 Mon Sep 17 00:00:00 2001 From: Andre Date: Tue, 3 Dec 2024 18:05:57 -0500 Subject: [PATCH] Hevana: auto-detect subdomains; General: break out util functions into separate file --- hosts/Hevana/default.nix | 32 ++++++++----- modules/common.nix | 79 ++++++++++++------------------- modules/services/binary-cache.nix | 2 +- modules/services/forgejo.nix | 4 +- modules/services/jellyfin.nix | 2 +- modules/services/languagetool.nix | 2 +- modules/services/netdata.nix | 2 +- modules/services/qbittorrent.nix | 2 +- modules/services/rss.nix | 2 +- modules/util.nix | 25 ++++++++++ 10 files changed, 84 insertions(+), 68 deletions(-) create mode 100644 modules/util.nix diff --git a/hosts/Hevana/default.nix b/hosts/Hevana/default.nix index 394ffec..a04a2dd 100644 --- a/hosts/Hevana/default.nix +++ b/hosts/Hevana/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let # Do not change this value! This tracks when NixOS was installed on your system. @@ -18,17 +23,20 @@ let ''}"; }; - # List of subdomains to add to the TLS certificate - subdomains = with config.secrets.services; [ - binary-cache.url - forgejo.url - gremlin-lab.url - jellyfin.url - languagetool.url - netdata.url - qbittorrent.url - rss.url - ]; + /* + Add subdomains from enabled services to TLS certificate. + + This doesn't _exactly_ check for enabled services, only: + 1. Services that aren't ACME + 2. Services with an "enable" attribute. + + It still works though, so ¯\_(ツ)_/¯ + */ + serviceList = lib.attrsets.collect ( + x: x != "acme" && builtins.hasAttr "enable" x + ) config.aux.system.services; + subdomains = builtins.catAttrs "url" serviceList; + in { imports = [ ./hardware-configuration.nix ]; diff --git a/modules/common.nix b/modules/common.nix index bf5581b..a3a3959 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -1,62 +1,45 @@ # Modules common to all systems { inputs, - lib, pkgs, ... }: { - config = { - # Install base packages - aux.system.packages = with pkgs; [ - fastfetch # Show a neat system statistics screen when opening a terminal - htop # System monitor - lm_sensors # System temperature monitoring - zellij # Terminal multiplexer - ]; + # Install base packages + aux.system.packages = with pkgs; [ + fastfetch # Show a neat system statistics screen when opening a terminal + htop # System monitor + lm_sensors # System temperature monitoring + zellij # Terminal multiplexer + ]; - # Install the nos helper script - aux.system.nixos-operations-script.enable = true; + # Install the nos helper script + aux.system.nixos-operations-script.enable = true; - nixpkgs.overlays = [ - (final: _prev: { - # Allow packages from the unstable repo by using 'pkgs.unstable' - unstable = import inputs.nixpkgs-unstable { - system = final.system; - config.allowUnfree = true; - }; + # Allow packages from the unstable repo by using 'pkgs.unstable' + nixpkgs.overlays = [ + (final: _prev: { + unstable = import inputs.nixpkgs-unstable { + system = final.system; + config.allowUnfree = true; + }; + }) + ]; - # Define custom functions using 'pkgs.util' - util = { - # Parses the domain from a URL - getDomainFromURL = - url: - let - parsedURL = (lib.strings.splitString "." url); - in - builtins.concatStringsSep "." [ - (builtins.elemAt parsedURL 1) - (builtins.elemAt parsedURL 2) - ]; - }; - }) - ]; + programs = { + # Install ZSH for all users + zsh.enable = true; - programs = { - # Install ZSH for all users - zsh.enable = true; - - # Configure nano - nano.nanorc = '' - set tabsize 4 - set softwrap - set autoindent - set indicator - ''; - }; - - # Set ZSH as the default shell - users.defaultUserShell = pkgs.zsh; + # Configure nano + nano.nanorc = '' + set tabsize 4 + set softwrap + set autoindent + set indicator + ''; }; + + # Set ZSH as the default shell + users.defaultUserShell = pkgs.zsh; } diff --git a/modules/services/binary-cache.nix b/modules/services/binary-cache.nix index 9ec5e74..452dfa5 100644 --- a/modules/services/binary-cache.nix +++ b/modules/services/binary-cache.nix @@ -49,7 +49,7 @@ in }; nginx.virtualHosts."${cfg.url}" = { - useACMEHost = pkgs.util.getDomainFromURL cfg.url; + useACMEHost = pkgs.util.getDomainFromURI cfg.url; forceSSL = true; basicAuth = { "${cfg.auth.user}" = cfg.auth.password; diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index a5527a4..00a7f30 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -32,7 +32,7 @@ in enable = true; settings = { server = { - DOMAIN = pkgs.util.getDomainFromURL cfg.url; + DOMAIN = pkgs.util.getDomainFromURI cfg.url; ROOT_URL = cfg.url; HTTP_PORT = 3000; }; @@ -42,7 +42,7 @@ in } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; }; nginx.virtualHosts."${cfg.url}" = { - useACMEHost = pkgs.util.getDomainFromURL cfg.url; + useACMEHost = pkgs.util.getDomainFromURI cfg.url; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:3000"; diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix index 022cbcc..d36fd29 100644 --- a/modules/services/jellyfin.nix +++ b/modules/services/jellyfin.nix @@ -34,7 +34,7 @@ in services = { nginx.virtualHosts."${cfg.url}" = { - useACMEHost = pkgs.util.getDomainFromURL cfg.url; + useACMEHost = pkgs.util.getDomainFromURI cfg.url; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8096"; diff --git a/modules/services/languagetool.nix b/modules/services/languagetool.nix index 2ec7180..6e00fad 100644 --- a/modules/services/languagetool.nix +++ b/modules/services/languagetool.nix @@ -56,7 +56,7 @@ in }; # Create Nginx virtualhost nginx.virtualHosts."${cfg.url}" = { - useACMEHost = pkgs.util.getDomainFromURL cfg.url; + useACMEHost = pkgs.util.getDomainFromURI cfg.url; forceSSL = true; basicAuth = { "${cfg.auth.user}" = cfg.auth.password; diff --git a/modules/services/netdata.nix b/modules/services/netdata.nix index d273933..154c9f5 100644 --- a/modules/services/netdata.nix +++ b/modules/services/netdata.nix @@ -50,7 +50,7 @@ in (lib.mkIf (cfg.enable && cfg.type == "parent") { services = { nginx.virtualHosts."${cfg.url}" = { - useACMEHost = pkgs.util.getDomainFromURL cfg.url; + useACMEHost = pkgs.util.getDomainFromURI cfg.url; forceSSL = true; basicAuth = { "${cfg.auth.user}" = cfg.auth.password; diff --git a/modules/services/qbittorrent.nix b/modules/services/qbittorrent.nix index e71c0a2..5ca2fa2 100644 --- a/modules/services/qbittorrent.nix +++ b/modules/services/qbittorrent.nix @@ -58,7 +58,7 @@ in config = lib.mkIf cfg.enable { services = { nginx.virtualHosts."${cfg.url}" = { - useACMEHost = pkgs.util.getDomainFromURL cfg.url; + useACMEHost = pkgs.util.getDomainFromURI cfg.url; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${cfg.port}"; diff --git a/modules/services/rss.nix b/modules/services/rss.nix index 97b723c..7aa7bec 100644 --- a/modules/services/rss.nix +++ b/modules/services/rss.nix @@ -56,7 +56,7 @@ in }; nginx.virtualHosts."${cfg.url}" = { - useACMEHost = pkgs.util.getDomainFromURL cfg.url; + useACMEHost = pkgs.util.getDomainFromURI cfg.url; forceSSL = true; }; }; diff --git a/modules/util.nix b/modules/util.nix new file mode 100644 index 0000000..9509110 --- /dev/null +++ b/modules/util.nix @@ -0,0 +1,25 @@ +# Utility and helper functions +{ + lib, + ... +}: + +{ + nixpkgs.overlays = [ + (final: _prev: { + # Define custom functions using 'pkgs.util' + util = { + # Parses the domain from a URI + getDomainFromURI = + url: + let + parsedURL = (lib.strings.splitString "." url); + in + builtins.concatStringsSep "." [ + (builtins.elemAt parsedURL 1) + (builtins.elemAt parsedURL 2) + ]; + }; + }) + ]; +}