feat: niri, new winters ip, mail fixes

2025-12-06 09:07:21 +01:00 · 2025-08-24 14:56:50 +02:00 · 2025-08-24 14:56:50 +02:00 · 915bf256da
commit 915bf256da
parent 6ea3851e72
61 changed files with 1814 additions and 965 deletions
--- a/modules/nixos/server/ankisync.nix
+++ b/modules/nixos/server/ankisync.nix
@ -5,6 +5,7 @@ let
  servicePort = 27701;
  serviceName = "ankisync";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  ankiUser = globals.user.name;
 in
@ -41,7 +42,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/atuin.nix
+++ b/modules/nixos/server/atuin.nix
@ -1,8 +1,9 @@
-{ lib, config, ... }:
+{ lib, config, globals, ... }:
 let
  servicePort = 8888;
  serviceName = "atuin";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -23,7 +24,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/firefly-iii.nix
+++ b/modules/nixos/server/firefly-iii.nix
@ -1,10 +1,11 @@
-{ self, lib, config, ... }:
+{ self, lib, config, globals, ... }:
 let
  servicePort = 80;
  serviceUser = "firefly-iii";
  serviceGroup = serviceUser;
  serviceName = "firefly-iii";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  nginxGroup = "nginx";

@ -81,7 +82,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/forgejo.nix
+++ b/modules/nixos/server/forgejo.nix
@ -7,6 +7,7 @@ let
  serviceGroup = serviceUser;
  serviceName = "forgejo";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  kanidmDomain = globals.services.kanidm.domain;
 in
@ -132,7 +133,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/freshrss.nix
+++ b/modules/nixos/server/freshrss.nix
@ -1,10 +1,11 @@
-{ self, lib, config, ... }:
+{ self, lib, config, globals, ... }:
 let
  servicePort = 80;
  serviceName = "freshrss";
  serviceUser = "freshrss";
  serviceGroup = serviceName;
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  inherit (config.swarselsystems) sopsFile;
 in
@ -77,7 +78,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/immich.nix
+++ b/modules/nixos/server/immich.nix
@ -4,6 +4,7 @@ let
  serviceUser = "immich";
  serviceName = "immich";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -33,7 +34,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/jellyfin.nix
+++ b/modules/nixos/server/jellyfin.nix
@ -1,9 +1,10 @@
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, config, globals, ... }:
 let
  servicePort = 8096;
  serviceName = "jellyfin";
  serviceUser = "jellyfin";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -37,7 +38,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/jenkins.nix
+++ b/modules/nixos/server/jenkins.nix
@ -1,8 +1,9 @@
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, config, globals, ... }:
 let
  servicePort = 8088;
  serviceName = "jenkins";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -21,7 +22,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/kanidm.nix
+++ b/modules/nixos/server/kanidm.nix
@ -8,6 +8,7 @@ let
  serviceGroup = serviceUser;
  serviceName = "kanidm";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  oauth2ProxyDomain = globals.services.oauth2Proxy.domain;
  immichDomain = globals.services.immich.domain;
@ -237,7 +238,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/kavita.nix
+++ b/modules/nixos/server/kavita.nix
@ -1,4 +1,4 @@
-{ self, lib, config, pkgs, ... }:
+{ self, lib, config, pkgs, globals, ... }:
 let
  inherit (config.swarselsystems) sopsFile;

@ -6,6 +6,7 @@ let
  serviceName = "kavita";
  serviceUser = "kavita";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -41,7 +42,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/koillection.nix
+++ b/modules/nixos/server/koillection.nix
@ -1,4 +1,4 @@
-{ self, lib, config, ... }:
+{ self, lib, config, globals, ... }:
 let
  serviceUser = "koillection";
  serviceDB = "koillection";
@ -6,6 +6,7 @@ let
  servicePort = 2282;
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
  serviceDir = "/Vault/data/koillection";
+  serviceAddress = globals.hosts.winters.ipv4;

  postgresUser = config.systemd.services.postgresql.serviceConfig.User; # postgres
  postgresPort = config.services.postgresql.settings.port; # 5432
@ -107,7 +108,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/matrix.nix
+++ b/modules/nixos/server/matrix.nix
@ -1,4 +1,4 @@
-{ lib, config, pkgs, ... }:
+{ lib, config, pkgs, globals, ... }:
 let
  inherit (config.swarselsystems) sopsFile;

@ -6,6 +6,7 @@ let
  serviceName = "matrix";
  serviceDomain = config.repo.secrets.common.services.domains.matrix;
  serviceUser = "matrix-synapse";
+  serviceAddress = globals.hosts.winters.ipv4;

  federationPort = 8448;
  whatsappPort = 29318;
@ -293,7 +294,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/monitoring.nix
+++ b/modules/nixos/server/monitoring.nix
@ -5,6 +5,7 @@ let
  serviceGroup = serviceUser;
  serviceName = "grafana";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  prometheusPort = 9090;
  prometheusUser = "prometheus";
@ -209,12 +210,12 @@ in
      upstreams = {
        "${grafanaUpstream}" = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
        "${prometheusUpstream}" = {
          servers = {
-            "192.168.1.2:${builtins.toString prometheusPort}" = { };
+            "${serviceAddress}:${builtins.toString prometheusPort}" = { };
          };
        };
      };
--- a/modules/nixos/server/navidrome.nix
+++ b/modules/nixos/server/navidrome.nix
@ -1,10 +1,11 @@
-{ pkgs, config, lib, ... }:
+{ pkgs, config, lib, globals, ... }:
 let
  servicePort = 4040;
  serviceName = "navidrome";
  serviceUser = "navidrome";
  serviceGroup = serviceUser;
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -84,7 +85,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/nextcloud.nix
+++ b/modules/nixos/server/nextcloud.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, config, globals, ... }:
 let
  inherit (config.repo.secrets.local.nextcloud) adminuser;
  inherit (config.swarselsystems) sopsFile;
@ -8,6 +8,7 @@ let
  serviceGroup = serviceUser;
  serviceName = "nextcloud";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;
 in
 {
  options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -51,7 +52,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/paperless.nix
+++ b/modules/nixos/server/paperless.nix
@ -7,6 +7,7 @@ let
  serviceGroup = serviceUser;
  serviceName = "paperless";
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  tikaPort = 9998;
  gotenbergPort = 3002;
@ -101,7 +102,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/radicale.nix
+++ b/modules/nixos/server/radicale.nix
@ -1,4 +1,4 @@
-{ self, lib, config, ... }:
+{ self, lib, config, globals, ... }:
 let
  sopsFile = self + /secrets/winters/secrets2.yaml;

@ -7,6 +7,7 @@ let
  serviceUser = "radicale";
  serviceGroup = serviceUser;
  serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
+  serviceAddress = globals.hosts.winters.ipv4;

  cfg = config.services.${serviceName};
 in
@ -85,7 +86,7 @@ in
      upstreams = {
        ${serviceName} = {
          servers = {
-            "192.168.1.2:${builtins.toString servicePort}" = { };
+            "${serviceAddress}:${builtins.toString servicePort}" = { };
          };
        };
      };
--- a/modules/nixos/server/syncthing.nix
+++ b/modules/nixos/server/syncthing.nix
@ -1,12 +1,14 @@
-{ lib, config, configName, ... }:
+{ lib, config, configName, globals, ... }:
 let
+  inherit (config.swarselsystems.syncthing) serviceDomain;
+  inherit (config.swarselsystems.syncthing) serviceIP;
+
  servicePort = 8384;
  serviceUser = "syncthing";
  serviceGroup = serviceUser;
  serviceName = "syncthing";
+  serviceAddress = globals.hosts.winters.ipv4;
  specificServiceName = "syncthing-${configName}";
-  inherit (config.swarselsystems.syncthing) serviceDomain;
-  inherit (config.swarselsystems.syncthing) serviceIP;

  cfg = config.services.${serviceName};
  devices = config.swarselsystems.syncthing.syncDevices;
@ -22,7 +24,7 @@ in
      };
      serviceIP = lib.mkOption {
        type = lib.types.str;
-        default = "192.168.1.2";
+        default = "${serviceAddress}";
      };
      syncDevices = lib.mkOption {
        type = lib.types.listOf lib.types.str;