chore(misc): removing dead code and small insignificant changes

2025-09-26 20:41:26 +02:00
parent e721a2088b
commit 68f1cb9b09
9 changed files with 108 additions and 268 deletions
--- a/hosts/sobotka/default.nix
+++ b/hosts/sobotka/default.nix
@@ -39,6 +39,7 @@ in {
      "share"
      "jellyfin"
      "render"
      "traefik"
    ];
  };
--- a/hosts/sobotka/server.nix
+++ b/hosts/sobotka/server.nix
@@ -24,9 +24,6 @@
    unbound = {
      enable = true;
    };
    acme = {
      enable = false;
    };
    homepage-dashboard = {
      enable = true;
    };
--- a/hosts/ziggy/server.nix
+++ b/hosts/ziggy/server.nix
@@ -11,9 +11,6 @@
    unbound = {
      enable = true;
    };
    acme = {
      enable = true;
    };
    homepage-dashboard = {
      enable = false;
    };
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -100,7 +100,6 @@
        ./nixos/services/virtualisation
        ./nixos/services/locate
        ./nixos/services/mullvad
        ./nixos/services/mullvad-netns
        ./nixos/services/nfs
        ./nixos/services/nix-ld
        ./nixos/services/openssh
@@ -123,7 +122,6 @@
    server = {
      imports = [
        ./server
        ./server/acme
        ./server/fail2ban
        ./server/homepage-dashboard
        ./server/nextcloud
--- a/modules/nixos/services/agenix/default.nix
+++ b/modules/nixos/services/agenix/default.nix
@@ -78,7 +78,6 @@ in {
          nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
          vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
          vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
          homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
          pihole.file = "${self}/secrets/pihole.age";
          slskd.file = "${self}/secrets/slskd.age";
        };
--- a/modules/nixos/services/mullvad-netns/default.nix
+++ b/modules/nixos/services/mullvad-netns/default.nix
@@ -1,50 +0,0 @@
 { self, pkgs, ... }:
 {
  age.secrets.wgCredentials = {
    file = "${self}/secrets/wgCredentials.age";
    mode = "0400";
    owner = "root";
    group = "root";
    path = "/etc/wireguard/mullvad.conf";
  };
  systemd.services.mullvad-netns = {
    description = "WireGuard Mullvad netns for VMs";
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
      ExecStart = "${pkgs.writeShellScript "mullvad-netns-up" ''
        set -euo pipefail
        ip netns add mullvad || true
        ip link add veth0 type veth peer name veth1 || true
        ip link set veth1 netns mullvad
        ip addr add 10.250.0.1/24 dev veth0 || true
        ip link set veth0 up
        ip netns exec mullvad ip addr add 10.250.0.2/24 dev veth1 || true
        ip netns exec mullvad ip link set veth1 up
        ip netns exec mullvad wg-quick up /etc/wireguard/mullvad.conf
        ip netns exec mullvad ip route add default dev wg0 || true
        nft add table ip mullvad-nat || true
        nft add chain ip mullvad-nat postrouting { type nat hook postrouting priority 100 \; } || true
        nft add rule ip mullvad-nat postrouting ip saddr 10.250.0.0/24 oif "wg0" masquerade || true
      ''}";
      ExecStop = "${pkgs.writeShellScript "mullvad-netns-down" ''
        set -euo pipefail
        ip netns exec mullvad wg-quick down /etc/wireguard/mullvad.conf || true
        ip link delete veth0 || true
        ip netns delete mullvad || true
        nft delete table ip mullvad-nat || true
      ''}";
    };
    # no wantedBy here -> won't start at boot
  };
 }
--- a/modules/server/acme/default.nix
+++ b/modules/server/acme/default.nix
@@ -1,84 +0,0 @@
 {
  config,
  lib,
  ...
 }: let
  inherit (lib) mkIf mkEnableOption;
  cfg = config.server.acme;
  getCloudflareCredentials = hostname:
    if hostname == "ziggy"
    then config.age.secrets.cloudflareDnsCredentialsZiggy.path
    else if hostname == "sobotka"
    then config.age.secrets.cloudflareDnsCredentials.path
    else throw "Unknown hostname: ${hostname}";
 in {
  options = {
    server.acme.enable = mkEnableOption "Enables ACME";
  };
  config = mkIf cfg.enable {
    networking.firewall = let
      ports = [
        80
        443
      ];
    in {
      allowedTCPPorts = ports;
    };
    security.acme = {
      acceptTerms = true;
      defaults.email = config.server.email;
      certs.${config.server.domain} = {
        reloadServices = ["caddy.service"];
        domain = "${config.server.domain}";
        extraDomainNames = ["*.${config.server.domain}"];
        dnsProvider = "cloudflare";
        dnsResolver = "1.1.1.1:53";
        dnsPropagationCheck = true;
        group = config.services.caddy.group;
        environmentFile = getCloudflareCredentials config.networking.hostName;
      };
      certs.${config.server.www.url} = {
        reloadServices = ["caddy.service"];
        domain = "${config.server.www.url}";
        extraDomainNames = ["*.${config.server.www.url}"];
        dnsProvider = "cloudflare";
        dnsResolver = "1.1.1.1:53";
        dnsPropagationCheck = true;
        group = config.services.caddy.group;
        environmentFile = getCloudflareCredentials config.networking.hostName;
      };
    };
    services.caddy = {
      enable = true;
      globalConfig = ''
        auto_https off
      '';
      virtualHosts = {
        "http://${config.server.domain}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
        "http://*.${config.server.domain}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
        "http://${config.server.www.url}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
        "http://*.${config.server.www.url}" = {
          extraConfig = ''
            redir https://{host}{uri}
          '';
        };
      };
    };
  };
 }
--- a/modules/server/homepage-dashboard/default.nix
+++ b/modules/server/homepage-dashboard/default.nix
@@ -1,20 +1,19 @@
 {
  config,
  lib,
  self,
  ...
-}:
+}: let
 let
  unit = "homepage-dashboard";
  cfg = config.server.homepage-dashboard;
  srv = config.server;
-in
+in {
 {
  options.server.homepage-dashboard = {
    enable = lib.mkEnableOption {
      description = "Enable ${unit}";
    };
    misc = lib.mkOption {
-      default = [ ];
+      default = [];
      type = lib.types.listOf (
        lib.types.attrsOf (
          lib.types.submodule {
@@ -38,11 +37,16 @@ in
    };
  };
  config = lib.mkIf cfg.enable {
    age.secrets = {
      homepageEnvironment = {
        file = "${self}/secrets/homepageEnvironment.age";
      };
    };
    services = {
      glances.enable = true;
      ${unit} = {
        enable = true;
-        allowedHosts = srv.domain;
+        environmentFile = config.age.secrets.homepageEnvironment.path;
        settings = {
          layout = [
            {
@@ -81,7 +85,6 @@ in
          statusStyle = "dot";
          hideVersion = "true";
        };
        widgets = [
          {
            openmeteo = {
@@ -93,47 +96,28 @@ in
              longitude = 16.324541;
            };
          }
          {
            datetime = {
              text_size = "x1";
              format = {
                hour12 = false;
                timeStyle = "short";
                dateStyle = "long";
              };
            };
          }
          {
            resources = {
-              label = "root";
+              label = "SYSTEM";
              memory = true;
-              disk = [ "/dev/dm-1" ];
+              cpu = true;
-            };
+              uptime = true;
          }
          {
            resources = {
              label = "zfs";
              memory = true;
              disk = [ "/mnt/data" ];
            };
          }
        ];
-        services =
+        services = let
          let
          homepageCategories = [
            "Arr"
            "Media"
            "Downloads"
            "Services"
              "Smart Home"
          ];
          hl = config.server;
          mergedServices = hl // hl.podman;
-            homepageServices =
+          homepageServices = x: (lib.attrsets.filterAttrs (
              x:
              (lib.attrsets.filterAttrs (
              name: value: value ? homepage && value.homepage.category == x
-              ) mergedServices);
+            )
            mergedServices);
        in
          lib.lists.forEach homepageCategories (cat: {
            "${cat}" =
@@ -152,14 +136,12 @@ in
                };
              });
          })
-          ++ [ { Misc = cfg.misc; } ]
+          ++ [{Misc = cfg.misc;}]
          ++ [
            {
-              Glances =
+              Glances = let
                let
                port = toString config.services.glances.port;
-                in
+              in [
                [
                {
                  Info = {
                    widget = {
@@ -235,11 +217,11 @@ in
        dynamicConfigOptions = {
          http = {
            services.homepage.loadBalancer.servers = [
-              { url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}"; }
+              {url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}
            ];
            routers = {
              homepage = {
-                entryPoints = [ "websecure" ];
+                entryPoints = ["websecure"];
                rule = "Host(`cnix.dev`)";
                service = "homepage";
                tls.certResolver = "letsencrypt";
--- a/secrets/homepageEnvironment.age
+++ b/secrets/homepageEnvironment.age