feat(refactor): ready for merge

2025-10-14 21:50:44 +02:00
parent 63f495fa0d
commit 07333b4544
15 changed files with 125 additions and 85 deletions
--- a/modules/home/programs/hyprlock/default.nix
+++ b/modules/home/programs/hyprlock/default.nix
@@ -3,7 +3,7 @@
  pkgs,
  lib,
  osConfig,
-  cLib,
+  clib,
  ...
 }: let
  inherit (lib) mkIf mkEnableOption;
@@ -13,7 +13,7 @@
  # hyprlockPkg = pkgs.hyprlock;
  #
  bg = osConfig.settings.theme.background;
-  inherit (cLib.theme.bgs) resolve;
+  inherit (clib.theme.bgs) resolve;
 in {
  config = mkIf cfg.enable {
    programs.hyprlock = {
--- a/modules/home/services/hyprpaper/default.nix
+++ b/modules/home/services/hyprpaper/default.nix
@@ -3,7 +3,7 @@
  pkgs,
  inputs,
  osConfig,
-  cLib,
+  clib,
  ...
 }: let
  inherit (lib) mkIf;
@@ -11,7 +11,7 @@
  cfg = osConfig.nixos.programs.hyprland;
  hyprpaperFlake = inputs.hyprpaper.packages.${pkgs.system}.default;
  bg = osConfig.settings.theme.background;
-  bgs = cLib.theme.bgs;
+  bgs = clib.theme.bgs;

  monitorMappings = [
    {
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -1,6 +1,14 @@
-{self, ...}: {
+{
+  self,
+  lib,
+  ...
+}: let
+  clib = import "${self}/lib/server" {inherit lib;};
+in {
  imports = [
-    "${self}/lib/server"
+    {
+      _module.args.clib = clib;
+    }
    ./options.nix
    ./infra
    ./services
--- a/modules/server/infra/traefik/default.nix
+++ b/modules/server/infra/traefik/default.nix
@@ -1,5 +1,6 @@
 {
  lib,
+  clib,
  config,
  pkgs,
  self,
@@ -29,21 +30,21 @@
  #       }
  #   ) (lib.filterAttrs (name: service: service.enable) services);

-  generateRouters = services:
+  generateRouters = services: config:
    lib.mapAttrs' (
      name: service:
-        lib.nameValuePair "${service.subdomain}" {
+        lib.nameValuePair name {
          entryPoints = ["websecure"];
-          rule = "Host(`${config.clib.server.mkServiceUrl service}`)";
-          service = service.subdomain;
+          # FIX 3: Use backticks for the Host rule and interpolation
+          rule = "Host(`${clib.server.mkFullDomain config service}`)";
+          service = name;
          tls.certResolver = "letsencrypt";
        }
    ) (lib.filterAttrs (_: s: s.enable) services);

-  # Generates all Traefik backend services
  generateServices = services:
    lib.mapAttrs' (name: service:
-      lib.nameValuePair "${service.subdomain}" {
+      lib.nameValuePair name {
        loadBalancer.servers = [{url = "http://localhost:${toString service.port}";}];
      }) (lib.filterAttrs (name: service: service.enable) services);

@@ -168,12 +169,10 @@ in {

        dynamicConfigOptions = {
          http = {
-            # Generate the services from your central list
            services = generateServices srv.services;

-            # Generate the routers and manually add the special 'api' router
            routers =
-              (generateRouters srv.services)
+              (generateRouters srv.services config)
              // {
                api = {
                  entryPoints = ["websecure"];
--- a/modules/server/infra/unbound/default.nix
+++ b/modules/server/infra/unbound/default.nix
@@ -8,10 +8,22 @@
  cfg = config.server.infra.${unit};
  srv = config.server;

-  generateLocalRecords = services:
-    lib.mapAttrsToList (
-      name: service: "local-data: \"${service.subdomain}.${srv.domain}. A ${srv.ip}\""
-    ) (lib.filterAttrs (name: service: service.enable) services);
+  svcNames = lib.attrNames srv.services;
+
+  localARecords = builtins.concatLists (map (
+      name: let
+        s = srv.services.${name};
+      in
+        if s != null && s.enable && s.subdomain != null
+        then [''"${s.subdomain}.${srv.domain}. A ${srv.ip}"'']
+        else []
+    )
+    svcNames);
+
+  revParts = lib.lists.reverseList (lib.splitString "." srv.ip);
+  revName = lib.concatStringsSep "." revParts;
+
+  localPTRs = ["${revName}.in-addr.arpa. PTR traefik.${srv.domain}"];

  hostIp = hostname:
    if hostname == "ziggy"
@@ -104,10 +116,10 @@ in {
              "255.255.255.255/32"
              "2001:db8::/32"
            ];
-            local-data = generateLocalRecords srv.services;
-            local-data-ptr = [
-              "local-data: \"traefik.${srv.domain}. A ${srv.ip}\""
-            ];
+            local-data = localARecords;
+
+            # Example PTR entry: "14.88.168.192.in-addr.arpa. PTR traefik.cnix.dev."
+            # local-data-ptr = localPTRs;
          };
        };
      };
--- a/modules/server/services/gitea/default.nix
+++ b/modules/server/services/gitea/default.nix
@@ -12,16 +12,13 @@ in {
    age.secrets.giteaCloudflared.file = "${self}/secrets/giteaCloudflared.age";

    server.infra = {
-      fail2ban.jails.unit = {
+      fail2ban.jails.${unit} = {
        serviceName = "${unit}";
-        failRegex = ''
-          .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).*
-          from <HOST>
-        '';
+        failRegex = ''.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>'';
      };

      postgresql.databases = [
-        {database = unit;}
+        {database = "gitea";}
      ];
    };

--- a/modules/server/services/homepage-dashboard/default.nix
+++ b/modules/server/services/homepage-dashboard/default.nix
@@ -2,6 +2,7 @@
  config,
  lib,
  self,
+  clib,
  ...
 }: let
  unit = "homepage-dashboard";
@@ -90,9 +91,10 @@ in {
            "Downloads"
            "Services"
          ];
-
          allServices = srv.services;

+          getDomain = s: clib.server.mkHostDomain config s;
+
          homepageServicesFor = category:
            lib.filterAttrs
            (
@@ -108,12 +110,15 @@ in {
            "${cat}" =
              lib.lists.forEach
              (lib.attrsets.mapAttrsToList (name: _value: name) (homepageServicesFor cat))
-              (x: {
-                "${allServices.${x}.homepage.name}" = {
-                  icon = allServices.${x}.homepage.icon;
-                  description = allServices.${x}.homepage.description;
-                  href = "https://${allServices.${x}.url}";
-                  siteMonitor = "https://${allServices.${x}.url}";
+              (x: let
+                service = allServices.${x};
+                domain = getDomain service;
+              in {
+                "${service.homepage.name}" = {
+                  icon = service.homepage.icon;
+                  description = service.homepage.description;
+                  href = "https://${domain}";
+                  siteMonitor = "https://${domain}";
                };
              });
          })
--- a/modules/settings/accounts/default.nix
+++ b/modules/settings/accounts/default.nix
@@ -2,8 +2,7 @@
  lib,
  config,
  ...
-}:
-let
+}: let
  inherit (lib) mkOption types;

  sshKeys = {
@@ -16,14 +15,14 @@ let
  keyName = config.settings.accounts.sshUser or null;

  selectedKey =
-    if keyName != null then
+    if keyName != null
+    then
      lib.attrByPath [
        keyName
-      ] (builtins.abort "No SSH key defined for hostname/key '${toString keyName}'") sshKeys
-    else
-      builtins.abort "No accounts.sshUser provided, cannot select SSH key.";
-in
-{
+      ] (builtins.abort "No SSH key defined for hostname/key '${toString keyName}'")
+      sshKeys
+    else builtins.abort "No accounts.sshUser provided, cannot select SSH key.";
+in {
  options.settings.accounts = {
    username = mkOption {
      type = types.str;
@@ -46,5 +45,21 @@ in
      default = null;
      description = "Optional override for selecting an SSH key by name";
    };
+    domains = lib.mkOption {
+      type = lib.types.submodule {
+        options = {
+          local = lib.mkOption {
+            type = lib.types.str;
+            default = "127.0.0.1";
+            description = "The local domain of the host";
+          };
+          public = lib.mkOption {
+            type = lib.types.str;
+            default = "example.com";
+            description = "The public domain of the host";
+          };
+        };
+      };
+    };
  };
 }