cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

chore(misc): removing dead code and small insignificant changes

Browse Source
This commit is contained in:
cnst
2025-09-26 20:41:26 +02:00
parent e721a2088b
commit 68f1cb9b09
9 changed files with 108 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/sobotka/default.nix
View File

@@ -39,6 +39,7 @@ in {
"share" "share"
"jellyfin" "jellyfin"
"render" "render"
"traefik"
]; ];
}; };

3
hosts/sobotka/server.nix
View File

@@ -24,9 +24,6 @@
unbound = { unbound = {
enable = true; enable = true;
}; };
acme = {
enable = false;
};
homepage-dashboard = { homepage-dashboard = {
enable = true; enable = true;
}; };

3
hosts/ziggy/server.nix
View File

@@ -11,9 +11,6 @@
unbound = { unbound = {
enable = true; enable = true;
}; };
acme = {
enable = true;
};
homepage-dashboard = { homepage-dashboard = {
enable = false; enable = false;
}; };

2
modules/default.nix
View File

@@ -100,7 +100,6 @@
./nixos/services/virtualisation ./nixos/services/virtualisation
./nixos/services/locate ./nixos/services/locate
./nixos/services/mullvad ./nixos/services/mullvad
./nixos/services/mullvad-netns
./nixos/services/nfs ./nixos/services/nfs
./nixos/services/nix-ld ./nixos/services/nix-ld
./nixos/services/openssh ./nixos/services/openssh
@@ -123,7 +122,6 @@
server = { server = {
imports = [ imports = [
./server ./server
./server/acme
./server/fail2ban ./server/fail2ban
./server/homepage-dashboard ./server/homepage-dashboard
./server/nextcloud ./server/nextcloud

1
modules/nixos/services/agenix/default.nix
View File

@@ -78,7 +78,6 @@ in {
nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age"; nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age"; vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age"; vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
pihole.file = "${self}/secrets/pihole.age"; pihole.file = "${self}/secrets/pihole.age";
slskd.file = "${self}/secrets/slskd.age"; slskd.file = "${self}/secrets/slskd.age";
}; };

50
modules/nixos/services/mullvad-netns/default.nix
View File

@@ -1,50 +0,0 @@
{ self, pkgs, ... }:
{
age.secrets.wgCredentials = {
file = "${self}/secrets/wgCredentials.age";
mode = "0400";
owner = "root";
group = "root";
path = "/etc/wireguard/mullvad.conf";
};
systemd.services.mullvad-netns = {
description = "WireGuard Mullvad netns for VMs";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.writeShellScript "mullvad-netns-up" ''
set -euo pipefail
ip netns add mullvad || true
ip link add veth0 type veth peer name veth1 || true
ip link set veth1 netns mullvad
ip addr add 10.250.0.1/24 dev veth0 || true
ip link set veth0 up
ip netns exec mullvad ip addr add 10.250.0.2/24 dev veth1 || true
ip netns exec mullvad ip link set veth1 up
ip netns exec mullvad wg-quick up /etc/wireguard/mullvad.conf
ip netns exec mullvad ip route add default dev wg0 || true
nft add table ip mullvad-nat || true
nft add chain ip mullvad-nat postrouting { type nat hook postrouting priority 100 \; } || true
nft add rule ip mullvad-nat postrouting ip saddr 10.250.0.0/24 oif "wg0" masquerade || true
''}";
ExecStop = "${pkgs.writeShellScript "mullvad-netns-down" ''
set -euo pipefail
ip netns exec mullvad wg-quick down /etc/wireguard/mullvad.conf || true
ip link delete veth0 || true
ip netns delete mullvad || true
nft delete table ip mullvad-nat || true
''}";
};
# no wantedBy here -> won't start at boot
};
}

84
modules/server/acme/default.nix
View File

@@ -1,84 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.server.acme;
getCloudflareCredentials = hostname:
if hostname == "ziggy"
then config.age.secrets.cloudflareDnsCredentialsZiggy.path
else if hostname == "sobotka"
then config.age.secrets.cloudflareDnsCredentials.path
else throw "Unknown hostname: ${hostname}";
in {
options = {
server.acme.enable = mkEnableOption "Enables ACME";
};
config = mkIf cfg.enable {
networking.firewall = let
ports = [
80
443
];
in {
allowedTCPPorts = ports;
};
security.acme = {
acceptTerms = true;
defaults.email = config.server.email;
certs.${config.server.domain} = {
reloadServices = ["caddy.service"];
domain = "${config.server.domain}";
extraDomainNames = ["*.${config.server.domain}"];
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
group = config.services.caddy.group;
environmentFile = getCloudflareCredentials config.networking.hostName;
};
certs.${config.server.www.url} = {
reloadServices = ["caddy.service"];
domain = "${config.server.www.url}";
extraDomainNames = ["*.${config.server.www.url}"];
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
group = config.services.caddy.group;
environmentFile = getCloudflareCredentials config.networking.hostName;
};
};
services.caddy = {
enable = true;
globalConfig = ''
auto_https off
'';
virtualHosts = {
"http://${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://*.${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://${config.server.www.url}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://*.${config.server.www.url}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
};
};
};
}

54
modules/server/homepage-dashboard/default.nix
View File

@@ -1,14 +1,13 @@
{ {
config, config,
lib, lib,
self,
... ...
}: }: let
let
unit = "homepage-dashboard"; unit = "homepage-dashboard";
cfg = config.server.homepage-dashboard; cfg = config.server.homepage-dashboard;
srv = config.server; srv = config.server;
in in {
{
options.server.homepage-dashboard = { options.server.homepage-dashboard = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${unit}"; description = "Enable ${unit}";
@@ -38,11 +37,16 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets = {
homepageEnvironment = {
file = "${self}/secrets/homepageEnvironment.age";
};
};
services = { services = {
glances.enable = true; glances.enable = true;
${unit} = { ${unit} = {
enable = true; enable = true;
allowedHosts = srv.domain; environmentFile = config.age.secrets.homepageEnvironment.path;
settings = { settings = {
layout = [ layout = [
{ {
@@ -81,7 +85,6 @@ in
statusStyle = "dot"; statusStyle = "dot";
hideVersion = "true"; hideVersion = "true";
}; };
widgets = [ widgets = [
{ {
openmeteo = { openmeteo = {
@@ -93,47 +96,28 @@ in
longitude = 16.324541; longitude = 16.324541;
}; };
} }
{
datetime = {
text_size = "x1";
format = {
hour12 = false;
timeStyle = "short";
dateStyle = "long";
};
};
}
{ {
resources = { resources = {
label = "root"; label = "SYSTEM";
memory = true; memory = true;
disk = [ "/dev/dm-1" ]; cpu = true;
}; uptime = true;
}
{
resources = {
label = "zfs";
memory = true;
disk = [ "/mnt/data" ];
}; };
} }
]; ];
services = services = let
let
homepageCategories = [ homepageCategories = [
"Arr" "Arr"
"Media" "Media"
"Downloads" "Downloads"
"Services" "Services"
"Smart Home"
]; ];
hl = config.server; hl = config.server;
mergedServices = hl // hl.podman; mergedServices = hl // hl.podman;
homepageServices = homepageServices = x: (lib.attrsets.filterAttrs (
x:
(lib.attrsets.filterAttrs (
name: value: value ? homepage && value.homepage.category == x name: value: value ? homepage && value.homepage.category == x
) mergedServices); )
mergedServices);
in in
lib.lists.forEach homepageCategories (cat: { lib.lists.forEach homepageCategories (cat: {
"${cat}" = "${cat}" =
@@ -155,11 +139,9 @@ in
++ [{Misc = cfg.misc;}] ++ [{Misc = cfg.misc;}]
++ [ ++ [
{ {
Glances = Glances = let
let
port = toString config.services.glances.port; port = toString config.services.glances.port;
in in [
[
{ {
Info = { Info = {
widget = { widget = {

BIN
secrets/homepageEnvironment.age
View File

Binary file not shown.