cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

feat(refactor): ready for merge

Browse Source
This commit is contained in:
cnst
2025-10-14 21:50:44 +02:00
parent 63f495fa0d
commit 07333b4544
15 changed files with 125 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/default.nix
View File

@@ -6,7 +6,7 @@
...
}: {
flake.nixosConfigurations = let
cLib = import ../lib inputs.nixpkgs.lib;
# clib = import ../lib inputs.nixpkgs.lib;
userConfig = "${self}/home";
systemConfig = "${self}/system";
hostConfig = "${self}/hosts";
@@ -22,7 +22,7 @@
specialArgs = {
inherit
cLib
# clib
inputs
outputs
self

15
hosts/sobotka/server.nix
View File

@@ -57,12 +57,14 @@
services = {
homepage-dashboard = {
enable = true;
subdomain = "";
subdomain = "dash";
exposure = "local";
port = 8082;
};
n8n = {
enable = true;
subdomain = "n8n";
exposure = "local";
port = 5678;
homepage = {
name = "n8n";
@@ -74,6 +76,7 @@
bazarr = {
enable = true;
subdomain = "bazarr";
exposure = "local";
port = 6767;
homepage = {
name = "Bazarr";
@@ -85,6 +88,7 @@
prowlarr = {
enable = true;
subdomain = "prowlarr";
exposure = "local";
port = 9696;
homepage = {
name = "prowlarr";
@@ -96,6 +100,7 @@
flaresolverr = {
enable = true;
subdomain = "flaresolverr";
exposure = "local";
port = 8191;
homepage = {
name = "FlareSolverr";
@@ -107,6 +112,7 @@
lidarr = {
enable = true;
subdomain = "lidarr";
exposure = "local";
port = 8686;
homepage = {
name = "Lidarr";
@@ -118,6 +124,7 @@
sonarr = {
enable = true;
subdomain = "sonarr";
exposure = "local";
port = 8989;
homepage = {
name = "Sonarr";
@@ -129,6 +136,7 @@
radarr = {
enable = true;
subdomain = "radarr";
exposure = "local";
port = 7878;
homepage = {
name = "Radarr";
@@ -140,6 +148,7 @@
jellyseerr = {
enable = true;
subdomain = "jellyseerr";
exposure = "local";
port = 5055;
homepage = {
name = "Jellyseerr";
@@ -163,6 +172,7 @@
uptime-kuma = {
enable = true;
subdomain = "uptime";
exposure = "local";
port = 3001;
homepage = {
name = "Uptime Kuma";
@@ -218,6 +228,7 @@
qbittorrent = {
enable = true;
subdomain = "qbt";
exposure = "local";
port = 8080;
homepage = {
name = "qBittorrent";
@@ -229,6 +240,7 @@
slskd = {
enable = true;
subdomain = "slskd";
exposure = "local";
port = 5030;
homepage = {
name = "Soulseek";
@@ -240,6 +252,7 @@
pihole = {
enable = true;
subdomain = "pihole";
exposure = "local";
port = 8053;
homepage = {
name = "PiHole";

4
hosts/sobotka/settings.nix
View File

@@ -4,6 +4,10 @@
username = "cnst";
mail = "adam@cnst.dev";
sshUser = "sobotka";
domains = {
local = "cnix.dev";
public = "cnst.dev";
};
};
};
}

29
lib/server/default.nix
View File

@@ -1,5 +1,26 @@
{
imports = [
./serviceurl
];
{lib}: let
server = {
mkDomain = config: service: let
localDomain = config.settings.accounts.domains.local;
publicDomain = config.settings.accounts.domains.public;
tailscaleDomain = "ts.${publicDomain}";
in
if service.exposure == "tunnel"
then publicDomain
else if service.exposure == "tailscale"
then tailscaleDomain
else localDomain;
mkFullDomain = config: service: let
domain = server.mkDomain config service;
in "${service.subdomain}.${domain}";
mkHostDomain = config: service: let
domain = server.mkDomain config service;
in "${domain}";
mkSubDomain = config: service: "${service.subdomain}";
};
in {
server = server;
}

23
lib/server/serviceurl/default.nix
View File

@@ -1,23 +0,0 @@
{
lib,
config,
...
}: let
mkServiceUrl' = import ./serviceurl.nix {inherit config;};
in {
options.clib = {
server = {
mkServiceUrl = lib.mkOption {
type = lib.types.function;
readOnly = true;
description = "Helper function to generate a service URL.";
};
};
};
config.clib = {
server = {
mkServiceUrl = mkServiceUrl';
};
};
}

11
lib/server/serviceurl/serviceurl.nix
View File

@@ -1,11 +0,0 @@
{config}: service: let
mainDomain = config.server.networking.domain;
tailscaleDomain = "ts.${mainDomain}";
domain =
if service.exposure == "tunnel"
then mainDomain
else if service.exposure == "tailscale"
then tailscaleDomain
else (service.domain or mainDomain);
in "${service.subdomain}.${domain}"

4
modules/home/programs/hyprlock/default.nix
View File

@@ -3,7 +3,7 @@
pkgs,
lib,
osConfig,
cLib,
clib,
...
}: let
inherit (lib) mkIf mkEnableOption;
@@ -13,7 +13,7 @@
# hyprlockPkg = pkgs.hyprlock;
#
bg = osConfig.settings.theme.background;
inherit (cLib.theme.bgs) resolve;
inherit (clib.theme.bgs) resolve;
in {
config = mkIf cfg.enable {
programs.hyprlock = {

4
modules/home/services/hyprpaper/default.nix
View File

@@ -3,7 +3,7 @@
pkgs,
inputs,
osConfig,
cLib,
clib,
...
}: let
inherit (lib) mkIf;
@@ -11,7 +11,7 @@
cfg = osConfig.nixos.programs.hyprland;
hyprpaperFlake = inputs.hyprpaper.packages.${pkgs.system}.default;
bg = osConfig.settings.theme.background;
bgs = cLib.theme.bgs;
bgs = clib.theme.bgs;
monitorMappings = [
{

12
modules/server/default.nix
View File

@@ -1,6 +1,14 @@
{self, ...}: {
{
self,
lib,
...
}: let
clib = import "${self}/lib/server" {inherit lib;};
in {
imports = [
"${self}/lib/server"
{
_module.args.clib = clib;
}
./options.nix
./infra
./services

17
modules/server/infra/traefik/default.nix
View File

@@ -1,5 +1,6 @@
{
lib,
clib,
config,
pkgs,
self,
@@ -29,21 +30,21 @@
# }
# ) (lib.filterAttrs (name: service: service.enable) services);
generateRouters = services:
generateRouters = services: config:
lib.mapAttrs' (
name: service:
lib.nameValuePair "${service.subdomain}" {
lib.nameValuePair name {
entryPoints = ["websecure"];
rule = "Host(`${config.clib.server.mkServiceUrl service}`)";
service = service.subdomain;
# FIX 3: Use backticks for the Host rule and interpolation
rule = "Host(`${clib.server.mkFullDomain config service}`)";
service = name;
tls.certResolver = "letsencrypt";
}
) (lib.filterAttrs (_: s: s.enable) services);
# Generates all Traefik backend services
generateServices = services:
lib.mapAttrs' (name: service:
lib.nameValuePair "${service.subdomain}" {
lib.nameValuePair name {
loadBalancer.servers = [{url = "http://localhost:${toString service.port}";}];
}) (lib.filterAttrs (name: service: service.enable) services);
@@ -168,12 +169,10 @@ in {
dynamicConfigOptions = {
http = {
# Generate the services from your central list
services = generateServices srv.services;
# Generate the routers and manually add the special 'api' router
routers =
(generateRouters srv.services)
(generateRouters srv.services config)
// {
api = {
entryPoints = ["websecure"];

28
modules/server/infra/unbound/default.nix
View File

@@ -8,10 +8,22 @@
cfg = config.server.infra.${unit};
srv = config.server;
generateLocalRecords = services:
lib.mapAttrsToList (
name: service: "local-data: \"${service.subdomain}.${srv.domain}. A ${srv.ip}\""
) (lib.filterAttrs (name: service: service.enable) services);
svcNames = lib.attrNames srv.services;
localARecords = builtins.concatLists (map (
name: let
s = srv.services.${name};
in
if s != null && s.enable && s.subdomain != null
then [''"${s.subdomain}.${srv.domain}. A ${srv.ip}"'']
else []
)
svcNames);
revParts = lib.lists.reverseList (lib.splitString "." srv.ip);
revName = lib.concatStringsSep "." revParts;
localPTRs = ["${revName}.in-addr.arpa. PTR traefik.${srv.domain}"];
hostIp = hostname:
if hostname == "ziggy"
@@ -104,10 +116,10 @@ in {
"255.255.255.255/32"
"2001:db8::/32"
];
local-data = generateLocalRecords srv.services;
local-data-ptr = [
"local-data: \"traefik.${srv.domain}. A ${srv.ip}\""
];
local-data = localARecords;
# Example PTR entry: "14.88.168.192.in-addr.arpa. PTR traefik.cnix.dev."
# local-data-ptr = localPTRs;
};
};
};

9
modules/server/services/gitea/default.nix
View File

@@ -12,16 +12,13 @@ in {
age.secrets.giteaCloudflared.file = "${self}/secrets/giteaCloudflared.age";
server.infra = {
fail2ban.jails.unit = {
fail2ban.jails.${unit} = {
serviceName = "${unit}";
failRegex = ''
.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).*
from <HOST>
'';
failRegex = ''.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>'';
};
postgresql.databases = [
{database = unit;}
{database = "gitea";}
];
};

19
modules/server/services/homepage-dashboard/default.nix
View File

@@ -2,6 +2,7 @@
config,
lib,
self,
clib,
...
}: let
unit = "homepage-dashboard";
@@ -90,9 +91,10 @@ in {
"Downloads"
"Services"
];
allServices = srv.services;
getDomain = s: clib.server.mkHostDomain config s;
homepageServicesFor = category:
lib.filterAttrs
(
@@ -108,12 +110,15 @@ in {
"${cat}" =
lib.lists.forEach
(lib.attrsets.mapAttrsToList (name: _value: name) (homepageServicesFor cat))
(x: {
"${allServices.${x}.homepage.name}" = {
icon = allServices.${x}.homepage.icon;
description = allServices.${x}.homepage.description;
href = "https://${allServices.${x}.url}";
siteMonitor = "https://${allServices.${x}.url}";
(x: let
service = allServices.${x};
domain = getDomain service;
in {
"${service.homepage.name}" = {
icon = service.homepage.icon;
description = service.homepage.description;
href = "https://${domain}";
siteMonitor = "https://${domain}";
};
});
})

31
modules/settings/accounts/default.nix
View File

@@ -2,8 +2,7 @@
lib,
config,
...
}:
let
}: let
inherit (lib) mkOption types;
sshKeys = {
@@ -16,14 +15,14 @@ let
keyName = config.settings.accounts.sshUser or null;
selectedKey =
if keyName != null then
if keyName != null
then
lib.attrByPath [
keyName
] (builtins.abort "No SSH key defined for hostname/key '${toString keyName}'") sshKeys
else
builtins.abort "No accounts.sshUser provided, cannot select SSH key.";
in
{
] (builtins.abort "No SSH key defined for hostname/key '${toString keyName}'")
sshKeys
else builtins.abort "No accounts.sshUser provided, cannot select SSH key.";
in {
options.settings.accounts = {
username = mkOption {
type = types.str;
@@ -46,5 +45,21 @@ in
default = null;
description = "Optional override for selecting an SSH key by name";
};
domains = lib.mkOption {
type = lib.types.submodule {
options = {
local = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1";
description = "The local domain of the host";
};
public = lib.mkOption {
type = lib.types.str;
default = "example.com";
description = "The public domain of the host";
};
};
};
};
};
}

BIN
secrets/homepageEnvironment.age
View File

Binary file not shown.