chore(misc): removing dead code and small insignificant changes
This commit is contained in:
@@ -100,7 +100,6 @@
|
||||
./nixos/services/virtualisation
|
||||
./nixos/services/locate
|
||||
./nixos/services/mullvad
|
||||
./nixos/services/mullvad-netns
|
||||
./nixos/services/nfs
|
||||
./nixos/services/nix-ld
|
||||
./nixos/services/openssh
|
||||
@@ -123,7 +122,6 @@
|
||||
server = {
|
||||
imports = [
|
||||
./server
|
||||
./server/acme
|
||||
./server/fail2ban
|
||||
./server/homepage-dashboard
|
||||
./server/nextcloud
|
||||
|
||||
@@ -78,7 +78,6 @@ in {
|
||||
nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
|
||||
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
|
||||
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
|
||||
homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
|
||||
pihole.file = "${self}/secrets/pihole.age";
|
||||
slskd.file = "${self}/secrets/slskd.age";
|
||||
};
|
||||
|
||||
@@ -1,50 +0,0 @@
|
||||
{ self, pkgs, ... }:
|
||||
{
|
||||
age.secrets.wgCredentials = {
|
||||
file = "${self}/secrets/wgCredentials.age";
|
||||
mode = "0400";
|
||||
owner = "root";
|
||||
group = "root";
|
||||
path = "/etc/wireguard/mullvad.conf";
|
||||
};
|
||||
|
||||
systemd.services.mullvad-netns = {
|
||||
description = "WireGuard Mullvad netns for VMs";
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
|
||||
ExecStart = "${pkgs.writeShellScript "mullvad-netns-up" ''
|
||||
set -euo pipefail
|
||||
|
||||
ip netns add mullvad || true
|
||||
|
||||
ip link add veth0 type veth peer name veth1 || true
|
||||
ip link set veth1 netns mullvad
|
||||
ip addr add 10.250.0.1/24 dev veth0 || true
|
||||
ip link set veth0 up
|
||||
ip netns exec mullvad ip addr add 10.250.0.2/24 dev veth1 || true
|
||||
ip netns exec mullvad ip link set veth1 up
|
||||
|
||||
ip netns exec mullvad wg-quick up /etc/wireguard/mullvad.conf
|
||||
ip netns exec mullvad ip route add default dev wg0 || true
|
||||
|
||||
nft add table ip mullvad-nat || true
|
||||
nft add chain ip mullvad-nat postrouting { type nat hook postrouting priority 100 \; } || true
|
||||
nft add rule ip mullvad-nat postrouting ip saddr 10.250.0.0/24 oif "wg0" masquerade || true
|
||||
''}";
|
||||
|
||||
ExecStop = "${pkgs.writeShellScript "mullvad-netns-down" ''
|
||||
set -euo pipefail
|
||||
|
||||
ip netns exec mullvad wg-quick down /etc/wireguard/mullvad.conf || true
|
||||
ip link delete veth0 || true
|
||||
ip netns delete mullvad || true
|
||||
nft delete table ip mullvad-nat || true
|
||||
''}";
|
||||
};
|
||||
|
||||
# no wantedBy here -> won't start at boot
|
||||
};
|
||||
}
|
||||
@@ -1,84 +0,0 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) mkIf mkEnableOption;
|
||||
cfg = config.server.acme;
|
||||
|
||||
getCloudflareCredentials = hostname:
|
||||
if hostname == "ziggy"
|
||||
then config.age.secrets.cloudflareDnsCredentialsZiggy.path
|
||||
else if hostname == "sobotka"
|
||||
then config.age.secrets.cloudflareDnsCredentials.path
|
||||
else throw "Unknown hostname: ${hostname}";
|
||||
in {
|
||||
options = {
|
||||
server.acme.enable = mkEnableOption "Enables ACME";
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
networking.firewall = let
|
||||
ports = [
|
||||
80
|
||||
443
|
||||
];
|
||||
in {
|
||||
allowedTCPPorts = ports;
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = config.server.email;
|
||||
certs.${config.server.domain} = {
|
||||
reloadServices = ["caddy.service"];
|
||||
domain = "${config.server.domain}";
|
||||
extraDomainNames = ["*.${config.server.domain}"];
|
||||
dnsProvider = "cloudflare";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
dnsPropagationCheck = true;
|
||||
group = config.services.caddy.group;
|
||||
environmentFile = getCloudflareCredentials config.networking.hostName;
|
||||
};
|
||||
certs.${config.server.www.url} = {
|
||||
reloadServices = ["caddy.service"];
|
||||
domain = "${config.server.www.url}";
|
||||
extraDomainNames = ["*.${config.server.www.url}"];
|
||||
dnsProvider = "cloudflare";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
dnsPropagationCheck = true;
|
||||
group = config.services.caddy.group;
|
||||
environmentFile = getCloudflareCredentials config.networking.hostName;
|
||||
};
|
||||
};
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
globalConfig = ''
|
||||
auto_https off
|
||||
'';
|
||||
virtualHosts = {
|
||||
"http://${config.server.domain}" = {
|
||||
extraConfig = ''
|
||||
redir https://{host}{uri}
|
||||
'';
|
||||
};
|
||||
"http://*.${config.server.domain}" = {
|
||||
extraConfig = ''
|
||||
redir https://{host}{uri}
|
||||
'';
|
||||
};
|
||||
|
||||
"http://${config.server.www.url}" = {
|
||||
extraConfig = ''
|
||||
redir https://{host}{uri}
|
||||
'';
|
||||
};
|
||||
"http://*.${config.server.www.url}" = {
|
||||
extraConfig = ''
|
||||
redir https://{host}{uri}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,20 +1,19 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
self,
|
||||
...
|
||||
}:
|
||||
let
|
||||
}: let
|
||||
unit = "homepage-dashboard";
|
||||
cfg = config.server.homepage-dashboard;
|
||||
srv = config.server;
|
||||
in
|
||||
{
|
||||
in {
|
||||
options.server.homepage-dashboard = {
|
||||
enable = lib.mkEnableOption {
|
||||
description = "Enable ${unit}";
|
||||
};
|
||||
misc = lib.mkOption {
|
||||
default = [ ];
|
||||
default = [];
|
||||
type = lib.types.listOf (
|
||||
lib.types.attrsOf (
|
||||
lib.types.submodule {
|
||||
@@ -38,11 +37,16 @@ in
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets = {
|
||||
homepageEnvironment = {
|
||||
file = "${self}/secrets/homepageEnvironment.age";
|
||||
};
|
||||
};
|
||||
services = {
|
||||
glances.enable = true;
|
||||
${unit} = {
|
||||
enable = true;
|
||||
allowedHosts = srv.domain;
|
||||
environmentFile = config.age.secrets.homepageEnvironment.path;
|
||||
settings = {
|
||||
layout = [
|
||||
{
|
||||
@@ -81,7 +85,6 @@ in
|
||||
statusStyle = "dot";
|
||||
hideVersion = "true";
|
||||
};
|
||||
|
||||
widgets = [
|
||||
{
|
||||
openmeteo = {
|
||||
@@ -93,140 +96,119 @@ in
|
||||
longitude = 16.324541;
|
||||
};
|
||||
}
|
||||
{
|
||||
datetime = {
|
||||
text_size = "x1";
|
||||
format = {
|
||||
hour12 = false;
|
||||
timeStyle = "short";
|
||||
dateStyle = "long";
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
resources = {
|
||||
label = "root";
|
||||
label = "SYSTEM";
|
||||
memory = true;
|
||||
disk = [ "/dev/dm-1" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
resources = {
|
||||
label = "zfs";
|
||||
memory = true;
|
||||
disk = [ "/mnt/data" ];
|
||||
cpu = true;
|
||||
uptime = true;
|
||||
};
|
||||
}
|
||||
];
|
||||
services =
|
||||
let
|
||||
homepageCategories = [
|
||||
"Arr"
|
||||
"Media"
|
||||
"Downloads"
|
||||
"Services"
|
||||
"Smart Home"
|
||||
];
|
||||
hl = config.server;
|
||||
mergedServices = hl // hl.podman;
|
||||
homepageServices =
|
||||
x:
|
||||
(lib.attrsets.filterAttrs (
|
||||
name: value: value ? homepage && value.homepage.category == x
|
||||
) mergedServices);
|
||||
in
|
||||
services = let
|
||||
homepageCategories = [
|
||||
"Arr"
|
||||
"Media"
|
||||
"Downloads"
|
||||
"Services"
|
||||
];
|
||||
hl = config.server;
|
||||
mergedServices = hl // hl.podman;
|
||||
homepageServices = x: (lib.attrsets.filterAttrs (
|
||||
name: value: value ? homepage && value.homepage.category == x
|
||||
)
|
||||
mergedServices);
|
||||
in
|
||||
lib.lists.forEach homepageCategories (cat: {
|
||||
"${cat}" =
|
||||
lib.lists.forEach
|
||||
(lib.attrsets.mapAttrsToList (name: value: {
|
||||
inherit name;
|
||||
url = value.url;
|
||||
homepage = value.homepage;
|
||||
}) (homepageServices "${cat}"))
|
||||
(x: {
|
||||
"${x.homepage.name}" = {
|
||||
icon = x.homepage.icon;
|
||||
description = x.homepage.description;
|
||||
href = "https://${x.url}${x.homepage.path or ""}";
|
||||
siteMonitor = "https://${x.url}${x.homepage.path or ""}";
|
||||
};
|
||||
});
|
||||
(lib.attrsets.mapAttrsToList (name: value: {
|
||||
inherit name;
|
||||
url = value.url;
|
||||
homepage = value.homepage;
|
||||
}) (homepageServices "${cat}"))
|
||||
(x: {
|
||||
"${x.homepage.name}" = {
|
||||
icon = x.homepage.icon;
|
||||
description = x.homepage.description;
|
||||
href = "https://${x.url}${x.homepage.path or ""}";
|
||||
siteMonitor = "https://${x.url}${x.homepage.path or ""}";
|
||||
};
|
||||
});
|
||||
})
|
||||
++ [ { Misc = cfg.misc; } ]
|
||||
++ [{Misc = cfg.misc;}]
|
||||
++ [
|
||||
{
|
||||
Glances =
|
||||
let
|
||||
port = toString config.services.glances.port;
|
||||
in
|
||||
[
|
||||
{
|
||||
Info = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "info";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
Glances = let
|
||||
port = toString config.services.glances.port;
|
||||
in [
|
||||
{
|
||||
Info = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "info";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
}
|
||||
{
|
||||
"CPU Temp" = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "sensor:Tctl";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
"CPU Temp" = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "sensor:Tctl";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
}
|
||||
{
|
||||
"GPU Radeon" = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "sensor:junction";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
"GPU Radeon" = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "sensor:junction";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
}
|
||||
{
|
||||
"GPU Intel" = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "sensor:pkg";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
"GPU Intel" = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "sensor:pkg";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
}
|
||||
{
|
||||
Processes = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "process";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
Processes = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "process";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
}
|
||||
{
|
||||
Network = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "network:enp6s0";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
Network = {
|
||||
widget = {
|
||||
type = "glances";
|
||||
url = "http://localhost:${port}";
|
||||
metric = "network:enp6s0";
|
||||
chart = false;
|
||||
version = 4;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
@@ -235,11 +217,11 @@ in
|
||||
dynamicConfigOptions = {
|
||||
http = {
|
||||
services.homepage.loadBalancer.servers = [
|
||||
{ url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}"; }
|
||||
{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}
|
||||
];
|
||||
routers = {
|
||||
homepage = {
|
||||
entryPoints = [ "websecure" ];
|
||||
entryPoints = ["websecure"];
|
||||
rule = "Host(`cnix.dev`)";
|
||||
service = "homepage";
|
||||
tls.certResolver = "letsencrypt";
|
||||
|
||||
Reference in New Issue
Block a user