cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

chore(misc): removing dead code and small insignificant changes

Browse Source
This commit is contained in:
cnst
2025-09-26 20:41:26 +02:00
parent e721a2088b
commit 68f1cb9b09
9 changed files with 108 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/sobotka/default.nix
View File

@@ -39,6 +39,7 @@ in {
"share"
"jellyfin"
"render"
"traefik"
];
};

3
hosts/sobotka/server.nix
View File

@@ -24,9 +24,6 @@
unbound = {
enable = true;
};
acme = {
enable = false;
};
homepage-dashboard = {
enable = true;
};

3
hosts/ziggy/server.nix
View File

@@ -11,9 +11,6 @@
unbound = {
enable = true;
};
acme = {
enable = true;
};
homepage-dashboard = {
enable = false;
};

2
modules/default.nix
View File

@@ -100,7 +100,6 @@
./nixos/services/virtualisation
./nixos/services/locate
./nixos/services/mullvad
./nixos/services/mullvad-netns
./nixos/services/nfs
./nixos/services/nix-ld
./nixos/services/openssh
@@ -123,7 +122,6 @@
server = {
imports = [
./server
./server/acme
./server/fail2ban
./server/homepage-dashboard
./server/nextcloud

1
modules/nixos/services/agenix/default.nix
View File

@@ -78,7 +78,6 @@ in {
nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
pihole.file = "${self}/secrets/pihole.age";
slskd.file = "${self}/secrets/slskd.age";
};

50
modules/nixos/services/mullvad-netns/default.nix
View File

@@ -1,50 +0,0 @@
{ self, pkgs, ... }:
{
age.secrets.wgCredentials = {
file = "${self}/secrets/wgCredentials.age";
mode = "0400";
owner = "root";
group = "root";
path = "/etc/wireguard/mullvad.conf";
};
systemd.services.mullvad-netns = {
description = "WireGuard Mullvad netns for VMs";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.writeShellScript "mullvad-netns-up" ''
set -euo pipefail
ip netns add mullvad || true
ip link add veth0 type veth peer name veth1 || true
ip link set veth1 netns mullvad
ip addr add 10.250.0.1/24 dev veth0 || true
ip link set veth0 up
ip netns exec mullvad ip addr add 10.250.0.2/24 dev veth1 || true
ip netns exec mullvad ip link set veth1 up
ip netns exec mullvad wg-quick up /etc/wireguard/mullvad.conf
ip netns exec mullvad ip route add default dev wg0 || true
nft add table ip mullvad-nat || true
nft add chain ip mullvad-nat postrouting { type nat hook postrouting priority 100 \; } || true
nft add rule ip mullvad-nat postrouting ip saddr 10.250.0.0/24 oif "wg0" masquerade || true
''}";
ExecStop = "${pkgs.writeShellScript "mullvad-netns-down" ''
set -euo pipefail
ip netns exec mullvad wg-quick down /etc/wireguard/mullvad.conf || true
ip link delete veth0 || true
ip netns delete mullvad || true
nft delete table ip mullvad-nat || true
''}";
};
# no wantedBy here -> won't start at boot
};
}

84
modules/server/acme/default.nix
View File

@@ -1,84 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.server.acme;
getCloudflareCredentials = hostname:
if hostname == "ziggy"
then config.age.secrets.cloudflareDnsCredentialsZiggy.path
else if hostname == "sobotka"
then config.age.secrets.cloudflareDnsCredentials.path
else throw "Unknown hostname: ${hostname}";
in {
options = {
server.acme.enable = mkEnableOption "Enables ACME";
};
config = mkIf cfg.enable {
networking.firewall = let
ports = [
80
443
];
in {
allowedTCPPorts = ports;
};
security.acme = {
acceptTerms = true;
defaults.email = config.server.email;
certs.${config.server.domain} = {
reloadServices = ["caddy.service"];
domain = "${config.server.domain}";
extraDomainNames = ["*.${config.server.domain}"];
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
group = config.services.caddy.group;
environmentFile = getCloudflareCredentials config.networking.hostName;
};
certs.${config.server.www.url} = {
reloadServices = ["caddy.service"];
domain = "${config.server.www.url}";
extraDomainNames = ["*.${config.server.www.url}"];
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
group = config.services.caddy.group;
environmentFile = getCloudflareCredentials config.networking.hostName;
};
};
services.caddy = {
enable = true;
globalConfig = ''
auto_https off
'';
virtualHosts = {
"http://${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://*.${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://${config.server.www.url}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://*.${config.server.www.url}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
};
};
};
}

62
modules/server/homepage-dashboard/default.nix
View File

@@ -1,20 +1,19 @@
{
config,
lib,
self,
...
}:
let
}: let
unit = "homepage-dashboard";
cfg = config.server.homepage-dashboard;
srv = config.server;
in
{
in {
options.server.homepage-dashboard = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
misc = lib.mkOption {
default = [ ];
default = [];
type = lib.types.listOf (
lib.types.attrsOf (
lib.types.submodule {
@@ -38,11 +37,16 @@ in
};
};
config = lib.mkIf cfg.enable {
age.secrets = {
homepageEnvironment = {
file = "${self}/secrets/homepageEnvironment.age";
};
};
services = {
glances.enable = true;
${unit} = {
enable = true;
allowedHosts = srv.domain;
environmentFile = config.age.secrets.homepageEnvironment.path;
settings = {
layout = [
{
@@ -81,7 +85,6 @@ in
statusStyle = "dot";
hideVersion = "true";
};
widgets = [
{
openmeteo = {
@@ -93,47 +96,28 @@ in
longitude = 16.324541;
};
}
{
datetime = {
text_size = "x1";
format = {
hour12 = false;
timeStyle = "short";
dateStyle = "long";
};
};
}
{
resources = {
label = "root";
label = "SYSTEM";
memory = true;
disk = [ "/dev/dm-1" ];
};
}
{
resources = {
label = "zfs";
memory = true;
disk = [ "/mnt/data" ];
cpu = true;
uptime = true;
};
}
];
services =
let
services = let
homepageCategories = [
"Arr"
"Media"
"Downloads"
"Services"
"Smart Home"
];
hl = config.server;
mergedServices = hl // hl.podman;
homepageServices =
x:
(lib.attrsets.filterAttrs (
homepageServices = x: (lib.attrsets.filterAttrs (
name: value: value ? homepage && value.homepage.category == x
) mergedServices);
)
mergedServices);
in
lib.lists.forEach homepageCategories (cat: {
"${cat}" =
@@ -152,14 +136,12 @@ in
};
});
})
++ [ { Misc = cfg.misc; } ]
++ [{Misc = cfg.misc;}]
++ [
{
Glances =
let
Glances = let
port = toString config.services.glances.port;
in
[
in [
{
Info = {
widget = {
@@ -235,11 +217,11 @@ in
dynamicConfigOptions = {
http = {
services.homepage.loadBalancer.servers = [
{ url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}"; }
{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}
];
routers = {
homepage = {
entryPoints = [ "websecure" ];
entryPoints = ["websecure"];
rule = "Host(`cnix.dev`)";
service = "homepage";
tls.certResolver = "letsencrypt";

BIN
secrets/homepageEnvironment.age
View File

Binary file not shown.