swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add globals system

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-06-29 22:43:04 +02:00
parent 6cac368378
commit 2aa5e0095c
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
31 changed files with 833 additions and 528 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/nixos/server/ankisync.nix
View file

@ -12,11 +12,13 @@ in
sops.secrets.swarsel = { owner = "root"; };
topology.self.services.anki = {
topology.self.services.${serviceName} = {
name = lib.mkForce "Anki Sync Server";
info = "https://${serviceDomain}";
};
globals.services.${serviceName}.domain = serviceDomain;
services.anki-sync-server = {
enable = true;
port = servicePort;

3
modules/nixos/server/atuin.nix
View file

@ -8,7 +8,8 @@ in
options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
topology.self.services.atuin.info = "https://${serviceDomain}";
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
globals.services.${serviceName}.domain = serviceDomain;
services.atuin = {
enable = true;

3
modules/nixos/server/croc.nix
View file

@ -30,7 +30,8 @@ in
};
};
topology.self.services.croc.info = "https://${serviceDomain}";
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
globals.services.${serviceName}.domain = serviceDomain;
services.croc = {
enable = true;

13
modules/nixos/server/firefly-iii.nix
View file

@ -1,7 +1,7 @@
{ self, lib, config, ... }:
let
cfg = config.services.firefly-iii;
fireflyDomain = "stonks.swarsel.win";
serviceDomain = "stonks.swarsel.win";
fireflyUser = "firefly-iii";
serviceName = "firefly";
in
@ -22,9 +22,10 @@ in
topology.self.services.firefly-iii = {
name = "Firefly-III";
info = "https://${fireflyDomain}";
info = "https://${serviceDomain}";
icon = "${self}/topology/images/firefly-iii.png";
};
globals.services.${serviceName}.domain = serviceDomain;
services = {
firefly-iii = {
@ -34,7 +35,7 @@ in
dataDir = "/Vault/data/firefly-iii";
settings = {
TZ = config.repo.secrets.common.location.timezone;
APP_URL = "https://${fireflyDomain}";
APP_URL = "https://${serviceDomain}";
APP_KEY_FILE = config.sops.secrets.firefly-iii-app-key.path;
APP_ENV = "local";
DB_CONNECTION = "sqlite";
@ -45,12 +46,12 @@ in
# AUTHENTICATION_GUARD_EMAIL = "X-Email";
};
enableNginx = true;
virtualHost = fireflyDomain;
virtualHost = serviceDomain;
};
nginx = {
virtualHosts = {
"${fireflyDomain}" = {
"${serviceDomain}" = {
locations = {
"/api" = {
setOauth2Headers = false;
@ -75,7 +76,7 @@ in
};
};
virtualHosts = {
"${fireflyDomain}" = {
"${serviceDomain}" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;

2
modules/nixos/server/forgejo.nix
View file

@ -23,6 +23,8 @@ in
kanidm-forgejo-client = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
};
globals.services.${serviceName}.domain = serviceDomain;
services.forgejo = {
enable = true;
user = serviceUser;

4
modules/nixos/server/freshrss.nix
View file

@ -44,12 +44,14 @@ in
# };
};
topology.self.services.freshrss = {
topology.self.services.${serviceName} = {
name = "FreshRSS";
info = "https://${serviceDomain}";
icon = "${self}/topology/images/freshrss.png";
};
globals.services.${serviceName}.domain = serviceDomain;
services.freshrss = {
enable = true;
virtualHost = serviceDomain;

5
modules/nixos/server/immich.nix
View file

@ -1,4 +1,4 @@
{ lib, config, ... }:
{ lib, config, globals, ... }:
let
serviceDomain = "shots.swarsel.win";
servicePort = 3001;
@ -13,7 +13,8 @@ in
extraGroups = [ "video" "render" "users" ];
};
topology.self.services.immich.info = "https://${serviceDomain}";
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
globals.services.${serviceName}.domain = serviceDomain;
services.immich = {
enable = true;

3
modules/nixos/server/jellyfin.nix
View file

@ -24,7 +24,8 @@ in
];
};
topology.self.services.jellyfin.info = "https://${serviceDomain}";
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
globals.services.${serviceName}.domain = serviceDomain;
services.jellyfin = {
enable = true;

6
modules/nixos/server/kanidm.nix
View file

@ -1,4 +1,4 @@
{ self, lib, pkgs, config, ... }:
{ self, lib, pkgs, config, globals, ... }:
let
certsSopsFile = self + /secrets/certs/secrets.yaml;
serviceDomain = "sso.swarsel.win";
@ -6,7 +6,7 @@ let
serviceUser = "kanidm";
serviceGroup = serviceUser;
serviceName = "kanidm";
oauth2ProxyDomain = "soauth.swarsel.win";
oauth2ProxyDomain = globals.services.oauth2Proxy.domain;
in
{
options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
@ -37,6 +37,8 @@ in
networking.firewall.allowedTCPPorts = [ servicePort ];
globals.services.${serviceName}.domain = serviceDomain;
services = {
kanidm = {
package = pkgs.kanidmWithSecretProvisioning;

3
modules/nixos/server/kavita.nix
View file

@ -2,7 +2,7 @@
let
serviceName = "kavita";
serviceUser = "kavita";
serviceDomain = "scroll.swarsel.win";
serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
servicePort = 8080;
in
{
@ -25,6 +25,7 @@ in
info = "https://${serviceDomain}";
icon = "${self}/topology/images/kavita.png";
};
globals.services.${serviceName}.domain = serviceDomain;
services.kavita = {
enable = true;

1
modules/nixos/server/koillection.nix
View file

@ -23,6 +23,7 @@ in
info = "https://${serviceDomain}";
icon = "${self}/topology/images/koillection.png";
};
globals.services.${serviceName}.domain = serviceDomain;
virtualisation.oci-containers.containers = {
koillection = {

2
modules/nixos/server/matrix.nix
View file

@ -87,6 +87,8 @@ in
};
};
globals.services.${serviceName}.domain = matrixDomain;
services = {
postgresql = {
enable = true;

3
modules/nixos/server/microbin.nix
View file

@ -42,7 +42,8 @@ in
};
};
topology.self.services."${serviceName}".info = "https://${serviceDomain}";
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
globals.services.${serviceName}.domain = serviceDomain;
services."${serviceName}" = {
enable = true;

1
modules/nixos/server/monitoring.nix
View file

@ -35,6 +35,7 @@ in
networking.firewall.allowedTCPPorts = [ servicePort prometheusPort ];
topology.self.services.prometheus.info = "https://${serviceDomain}/${prometheusWebRoot}";
globals.services.${moduleName}.domain = serviceDomain;
services = {
grafana = {

2
modules/nixos/server/navidrome.nix
View file

@ -38,6 +38,8 @@ in
networking.firewall.allowedTCPPorts = [ 4040 ];
globals.services.${serviceName}.domain = serviceDomain;
services.navidrome = {
enable = true;
openFirewall = true;

3
modules/nixos/server/nextcloud.nix
View file

@ -22,6 +22,9 @@ in
};
};
globals.services.${serviceName}.domain = serviceDomain;
services = {
nextcloud = {
enable = true;

6
modules/nixos/server/oauth2-proxy.nix
View file

@ -1,6 +1,6 @@
{ lib, config, ... }:
{ lib, config, globals, ... }:
let
kanidmDomain = "sso.swarsel.win";
kanidmDomain = globals.services.kanidm.domain;
oauth2ProxyDomain = "soauth.swarsel.win";
oauth2ProxyPort = 3004;
in
@ -137,6 +137,8 @@ in
networking.firewall.allowedTCPPorts = [ oauth2ProxyPort ];
globals.services.oauth2Proxy.domain = oauth2ProxyDomain;
services = {
oauth2-proxy = {
enable = true;

2
modules/nixos/server/paperless.nix
View file

@ -25,6 +25,8 @@ in
networking.firewall.allowedTCPPorts = [ servicePort ];
globals.services.${serviceName}.domain = serviceDomain;
services = {
paperless = {
enable = true;

3
modules/nixos/server/radicale.nix
View file

@ -29,7 +29,8 @@ in
};
};
topology.self.services.radicale.info = "https://${serviceDomain}";
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
globals.services.${serviceName}.domain = serviceDomain;
services.radicale = {
enable = true;

3
modules/nixos/server/shlink.nix
View file

@ -48,6 +48,9 @@ in
{ directory = "/var/lib/containers"; }
];
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
globals.services.${serviceName}.domain = serviceDomain;
services.nginx = {
upstreams = {
"${serviceName}" = {

2
modules/nixos/server/syncthing.nix
View file

@ -21,6 +21,8 @@ in
networking.firewall.allowedTCPPorts = [ servicePort ];
globals.services.${serviceName}.domain = serviceDomain;
services.syncthing = {
enable = true;
user = serviceUser;

2
modules/nixos/server/transmission.nix
View file

@ -85,6 +85,8 @@ in
prowlarr.info = "https://${serviceDomain}/prowlarr";
};
globals.services.transmission.domain = serviceDomain;
services = {
radarr = {
enable = true;