feat: full nix-topology

2025-12-06 09:07:21 +01:00 · 2025-06-16 00:21:41 +02:00 · 2025-06-16 00:21:41 +02:00 · c7132d2d85
commit c7132d2d85
parent ed15ef02bb
38 changed files with 2464 additions and 807 deletions
--- a/modules/nixos/common/meta.nix
+++ b/modules/nixos/common/meta.nix
@ -1,12 +1,16 @@
 { lib, ... }:
 {
-  options.node.secretsDir = lib.mkOption {
-    description = "Path to the secrets directory for this node.";
-    type = lib.types.path;
-    default = ./.;
-  };
-  options.node.name = lib.mkOption {
-    description = "Node Name.";
-    type = lib.types.str;
+  options = {
+    node = {
+      secretsDir = lib.mkOption {
+        description = "Path to the secrets directory for this node.";
+        type = lib.types.path;
+        default = ./.;
+      };
+      name = lib.mkOption {
+        description = "Node Name.";
+        type = lib.types.str;
+      };
+    };
  };
 }
--- a/modules/nixos/common/packages.nix
+++ b/modules/nixos/common/packages.nix
@ -72,6 +72,8 @@
      zls
      ansible-language-server

+      elk-to-svg
+
    ];

    nixpkgs.config.permittedInsecurePackages = [
--- a/modules/nixos/common/topology.nix
+++ b/modules/nixos/common/topology.nix
@ -0,0 +1,14 @@
+{ self, lib, config, ... }:
+{
+  options.swarselsystems.info = lib.mkOption {
+    type = lib.types.str;
+    default = "";
+  };
+  config.topology = {
+    id = config.node.name;
+    self = {
+      hardware.info = config.swarselsystems.info;
+      icon = lib.mkIf config.swarselsystems.isLaptop "devices.laptop";
+    };
+  };
+}
--- a/modules/nixos/server/ankisync.nix
+++ b/modules/nixos/server/ankisync.nix
@ -1,4 +1,7 @@
 { lib, config, ... }:
+let
+  serviceDomain = "synki.swarsel.win";
+in
 {
  options.swarselsystems.modules.server.ankisync = lib.mkEnableOption "enable ankisync on server";
  config = lib.mkIf config.swarselsystems.modules.server.ankisync {
@ -7,6 +10,11 @@

    sops.secrets.swarsel = { owner = "root"; };

+    topology.self.services.anki = {
+      name = lib.mkForce "Anki Sync Server";
+      info = "https://${serviceDomain}";
+    };
+
    services.anki-sync-server = {
      enable = true;
      port = 27701;
@ -22,7 +30,7 @@

    services.nginx = {
      virtualHosts = {
-        "synki.swarsel.win" = {
+        "${serviceDomain}" = {
          enableACME = true;
          forceSSL = true;
          acmeRoot = null;
--- a/modules/nixos/server/firefly-iii.nix
+++ b/modules/nixos/server/firefly-iii.nix
@ -1,4 +1,4 @@
-{ lib, config, ... }:
+{ self, lib, config, ... }:
 let
  cfg = config.services.firefly-iii;
  fireflyDomain = "stonks.swarsel.win";
@ -20,6 +20,12 @@ in
      };
    };

+    topology.self.services.firefly-iii = {
+      name = "Firefly-III";
+      info = "https://${fireflyDomain}";
+      icon = "${self}/topology/images/firefly-iii.png";
+    };
+
    services = {
      firefly-iii = {
        enable = true;
--- a/modules/nixos/server/freshrss.nix
+++ b/modules/nixos/server/freshrss.nix
@ -1,6 +1,7 @@
-{ lib, config, ... }:
+{ self, lib, config, ... }:
 let
  serviceName = "freshrss";
+  serviceDomain = "signpost.swarsel.win";
 in
 {
  options.swarselsystems.modules.server.freshrss = lib.mkEnableOption "enable freshrss on server";
@ -41,10 +42,16 @@ in
      #   };
    };

+    topology.self.services.freshrss = {
+      name = "FreshRSS";
+      info = "https://${serviceDomain}";
+      icon = "${self}/topology/images/freshrss.png";
+    };
+
    services.freshrss = {
      enable = true;
-      virtualHost = "signpost.swarsel.win";
-      baseUrl = "https://signpost.swarsel.win";
+      virtualHost = serviceDomain;
+      baseUrl = "https://${serviceDomain}";
      authType = "form";
      dataDir = "/Vault/data/tt-rss";
      defaultUser = "Swarsel";
@ -64,7 +71,7 @@ in
        };
      };
      virtualHosts = {
-        "signpost.swarsel.win" = {
+        "${serviceDomain}" = {
          enableACME = true;
          forceSSL = true;
          acmeRoot = null;
@ -110,6 +117,9 @@ in
                proxy_pass_request_body           off;
              '';
            };
+            "/api" = {
+              proxyPass = "http://${serviceName}";
+            };
          };
        };
      };
--- a/modules/nixos/server/immich.nix
+++ b/modules/nixos/server/immich.nix
@ -13,6 +13,8 @@ in
      extraGroups = [ "video" "render" "users" ];
    };

+    topology.self.services.immich.info = "https://${serviceDomain}";
+
    services.immich = {
      enable = true;
      host = "0.0.0.0";
--- a/modules/nixos/server/jellyfin.nix
+++ b/modules/nixos/server/jellyfin.nix
@ -23,6 +23,9 @@ in
        libvdpau-va-gl
      ];
    };
+
+    topology.self.services.jellyfin.info = "https://${serviceDomain}";
+
    services.jellyfin = {
      enable = true;
      user = serviceUser;
--- a/modules/nixos/server/kavita.nix
+++ b/modules/nixos/server/kavita.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, config, ... }:
+{ self, lib, config, pkgs, ... }:
 let
  serviceName = "kavita";
  serviceUser = "kavita";
@ -20,6 +20,12 @@ in

    networking.firewall.allowedTCPPorts = [ 8080 ];

+    topology.self.services.kavita = {
+      name = "Kavita";
+      info = "https://${serviceDomain}";
+      icon = "${self}/topology/images/kavita.png";
+    };
+
    services.kavita = {
      enable = true;
      user = serviceUser;
--- a/modules/nixos/server/koillection.nix
+++ b/modules/nixos/server/koillection.nix
@ -1,4 +1,4 @@
-{ lib, config, ... }:
+{ self, lib, config, ... }:
 let
  serviceDomain = "swag.swarsel.win";
  serviceUser = "koillection";
@ -18,6 +18,12 @@ in
      koillection-env-file = { };
    };

+    topology.self.services.koillection = {
+      name = "Koillection";
+      info = "https://${serviceDomain}";
+      icon = "${self}/topology/images/koillection.png";
+    };
+
    virtualisation.oci-containers.containers = {
      koillection = {
        image = "koillection/koillection@${containerRev}";
--- a/modules/nixos/server/monitoring.nix
+++ b/modules/nixos/server/monitoring.nix
@ -34,6 +34,8 @@ in

    networking.firewall.allowedTCPPorts = [ servicePort prometheusPort ];

+    topology.self.services.prometheus.info = "https://${serviceDomain}/${prometheusWebRoot}";
+
    services = {
      grafana = {
        enable = true;
--- a/modules/nixos/server/mpd.nix
+++ b/modules/nixos/server/mpd.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, config, ... }:
+{ self, lib, config, pkgs, ... }:
 {
  options.swarselsystems.modules.server.mpd = lib.mkEnableOption "enable mpd on server";
  config = lib.mkIf config.swarselsystems.modules.server.mpd {
@ -26,6 +26,12 @@
      mpv
    ];

+    topology.self.services.mpd = {
+      name = "MPD";
+      info = "http://localhost:3254";
+      icon = "${self}/topology/images/mpd.png";
+    };
+
    services.mpd = {
      enable = true;
      musicDirectory = "/media";
--- a/modules/nixos/server/transmission.nix
+++ b/modules/nixos/server/transmission.nix
@ -1,4 +1,7 @@
-{ pkgs, lib, config, ... }:
+{ self, pkgs, lib, config, ... }:
+let
+  serviceDomain = "store.swarsel.win";
+in
 {
  options.swarselsystems.modules.server.transmission = lib.mkEnableOption "enable transmission and friends on server";
  config = lib.mkIf config.swarselsystems.modules.server.transmission {
@ -55,6 +58,18 @@
      docker
    ];

+    topology.self.services = {
+      radarr.info = "https://${serviceDomain}/radarr";
+      readarr = {
+        name = "Readarr";
+        info = "https://${serviceDomain}/readarr";
+        icon = "${self}/topology/images/readarr.png";
+      };
+      sonarr.info = "https://${serviceDomain}/sonarr";
+      lidarr.info = "https://${serviceDomain}/lidarr";
+      prowlarr.info = "https://${serviceDomain}/prowlarr";
+    };
+
    services = {
      radarr = {
        enable = true;