diff --git a/hosts/vps-monitor/default.nix b/hosts/vps-monitor/default.nix index 03bbcca..0ffdcb4 100644 --- a/hosts/vps-monitor/default.nix +++ b/hosts/vps-monitor/default.nix @@ -20,16 +20,16 @@ boot.loader.grub.enable = true; - services = + services.tailscale = { + enable = true; + ssh.enable = true; + }; + + web-services = let tailscaleDomain = config.custom.services.tailscale.domain; in { - tailscale = { - enable = true; - ssh.enable = true; - }; - gatus = { enable = true; domain = "status.${tailscaleDomain}"; diff --git a/hosts/vps-private/default.nix b/hosts/vps-private/default.nix index 95e52d6..e63db19 100644 --- a/hosts/vps-private/default.nix +++ b/hosts/vps-private/default.nix @@ -13,23 +13,24 @@ ports.validate = true; }; - custom = { - persistence.enable = true; + custom = + let + tailscaleDomain = config.custom.services.tailscale.domain; + in + { + persistence.enable = true; - sops.enable = true; + sops.enable = true; - boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.enable = true; - services = - let - tailscaleDomain = config.custom.services.tailscale.domain; - in - { + services = { tailscale = { enable = true; ssh.enable = true; exitNode.enable = true; }; + nebula.node = { enable = true; address = "10.254.250.2"; @@ -44,7 +45,9 @@ deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD"; gui.domain = "syncthing.${tailscaleDomain}"; }; + }; + web-services = { filebrowser = { enable = true; domain = "files.${tailscaleDomain}"; @@ -80,5 +83,5 @@ domain = "alloy-${config.networking.hostName}.${tailscaleDomain}"; }; }; - }; + }; } diff --git a/hosts/vps-public/default.nix b/hosts/vps-public/default.nix index 9b0d7fa..a5f77d3 100644 --- a/hosts/vps-public/default.nix +++ b/hosts/vps-public/default.nix @@ -20,22 +20,25 @@ boot.loader.systemd-boot.enable = true; - services = + services = { + tailscale = { + enable = true; + ssh.enable = true; + }; + + crowdsec = { + enable = true; + bouncers.firewall = true; + }; + + }; + + web-services = let sstorkDomain = "sstork.dev"; sproutedDomain = "sprouted.cloud"; in { - tailscale = { - enable = true; - ssh.enable = true; - }; - - crowdsec = { - enable = true; - bouncers.firewall = true; - }; - personal-blog = { enable = true; domain = sstorkDomain; diff --git a/modules/system/web-services/actualbudget.nix b/modules/system/web-services/actualbudget.nix index 8cf0ff7..126726f 100644 --- a/modules/system/web-services/actualbudget.nix +++ b/modules/system/web-services/actualbudget.nix @@ -1,11 +1,11 @@ { config, lib, ... }: let - cfg = config.custom.services.actualbudget; + cfg = config.custom.web-services.actualbudget; inherit (config.services.actual.settings) dataDir; in { - options.custom.services.actualbudget = { + options.custom.web-services.actualbudget = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/alloy.nix b/modules/system/web-services/alloy.nix index e8709e0..854077a 100644 --- a/modules/system/web-services/alloy.nix +++ b/modules/system/web-services/alloy.nix @@ -1,9 +1,9 @@ { config, lib, ... }: let - cfg = config.custom.services.alloy; + cfg = config.custom.web-services.alloy; in { - options.custom.services.alloy = { + options.custom.web-services.alloy = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; @@ -121,7 +121,7 @@ in text = '' prometheus.scrape "victorialogs" { targets = [{ - __address__ = "localhost:${toString config.custom.services.victorialogs.port}", + __address__ = "localhost:${toString config.custom.web-services.victorialogs.port}", job = "victorialogs", instance = constants.hostname, }] diff --git a/modules/system/web-services/filebrowser.nix b/modules/system/web-services/filebrowser.nix index 50175b4..09423ce 100644 --- a/modules/system/web-services/filebrowser.nix +++ b/modules/system/web-services/filebrowser.nix @@ -7,12 +7,12 @@ ... }: let - cfg = config.custom.services.filebrowser; + cfg = config.custom.web-services.filebrowser; dataDir = "/var/lib/filebrowser"; in { - options.custom.services.filebrowser = { + options.custom.web-services.filebrowser = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/forgejo/default.nix b/modules/system/web-services/forgejo/default.nix index 86b506f..6888e07 100644 --- a/modules/system/web-services/forgejo/default.nix +++ b/modules/system/web-services/forgejo/default.nix @@ -1,9 +1,9 @@ { config, lib, ... }: let - cfg = config.custom.services.forgejo; + cfg = config.custom.web-services.forgejo; in { - options.custom.services.forgejo = { + options.custom.web-services.forgejo = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/forgejo/ssh.nix b/modules/system/web-services/forgejo/ssh.nix index 3670208..b54c908 100644 --- a/modules/system/web-services/forgejo/ssh.nix +++ b/modules/system/web-services/forgejo/ssh.nix @@ -1,9 +1,9 @@ { config, lib, ... }: let - cfg = config.custom.services.forgejo.ssh; + cfg = config.custom.web-services.forgejo.ssh; in { - options.custom.services.forgejo.ssh = { + options.custom.web-services.forgejo.ssh = { enable = lib.mkEnableOption ""; port = lib.mkOption { type = lib.types.port; diff --git a/modules/system/web-services/freshrss.nix b/modules/system/web-services/freshrss.nix index 58d0dfc..d47f1be 100644 --- a/modules/system/web-services/freshrss.nix +++ b/modules/system/web-services/freshrss.nix @@ -5,12 +5,12 @@ ... }: let - cfg = config.custom.services.freshrss; + cfg = config.custom.web-services.freshrss; inherit (config.services.freshrss) dataDir; in { - options.custom.services.freshrss = { + options.custom.web-services.freshrss = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/gatus.nix b/modules/system/web-services/gatus.nix index ef2a16e..6dff1f0 100644 --- a/modules/system/web-services/gatus.nix +++ b/modules/system/web-services/gatus.nix @@ -6,11 +6,11 @@ ... }: let - cfg = config.custom.services.gatus; + cfg = config.custom.web-services.gatus; dataDir = "/var/lib/gatus"; in { - options.custom.services.gatus = { + options.custom.web-services.gatus = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; @@ -169,40 +169,38 @@ in systemd.services.gatus.environment.GATUS_DELAY_START_SECONDS = "5"; custom = { - services = { - gatus.endpoints = - let - defaultEndpoints = - self.nixosConfigurations - |> lib.mapAttrs (_: value: value.config.meta.domains.local) - |> lib.concatMapAttrs ( - hostName: domains: - domains - |> lib.filter (domain: domain != cfg.domain) - |> lib.map ( - domain: - lib.nameValuePair (lib'.subdomainOf domain) { - inherit domain; - group = hostName; - } - ) - |> lib.listToAttrs - ); - in - lib.mkIf cfg.generateDefaultEndpoints ( - defaultEndpoints - // { - "healthchecks.io" = { - group = "external"; - domain = "hc-ping.com"; - path = "/\${HEALTHCHECKS_PING_KEY}/${config.networking.hostName}-gatus-uptime?create=1"; - interval = "2h"; - }; - } - ); + web-services.gatus.endpoints = + let + defaultEndpoints = + self.nixosConfigurations + |> lib.mapAttrs (_: value: value.config.meta.domains.local) + |> lib.concatMapAttrs ( + hostName: domains: + domains + |> lib.filter (domain: domain != cfg.domain) + |> lib.map ( + domain: + lib.nameValuePair (lib'.subdomainOf domain) { + inherit domain; + group = hostName; + } + ) + |> lib.listToAttrs + ); + in + lib.mkIf cfg.generateDefaultEndpoints ( + defaultEndpoints + // { + "healthchecks.io" = { + group = "external"; + domain = "hc-ping.com"; + path = "/\${HEALTHCHECKS_PING_KEY}/${config.networking.hostName}-gatus-uptime?create=1"; + interval = "2h"; + }; + } + ); - caddy.virtualHosts.${cfg.domain}.port = cfg.port; - }; + services.caddy.virtualHosts.${cfg.domain}.port = cfg.port; persistence.directories = [ dataDir ]; }; diff --git a/modules/system/web-services/grafana.nix b/modules/system/web-services/grafana.nix index ff63267..3e2bcd9 100644 --- a/modules/system/web-services/grafana.nix +++ b/modules/system/web-services/grafana.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.custom.services.grafana; + cfg = config.custom.web-services.grafana; in { - options.custom.services.grafana = { + options.custom.web-services.grafana = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/it-tools.nix b/modules/system/web-services/it-tools.nix index 3ec376c..728bea7 100644 --- a/modules/system/web-services/it-tools.nix +++ b/modules/system/web-services/it-tools.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.custom.services.it-tools; + cfg = config.custom.web-services.it-tools; in { - options.custom.services.it-tools = { + options.custom.web-services.it-tools = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/memos.nix b/modules/system/web-services/memos.nix index 25c856d..8704e67 100644 --- a/modules/system/web-services/memos.nix +++ b/modules/system/web-services/memos.nix @@ -5,12 +5,12 @@ ... }: let - cfg = config.custom.services.memos; + cfg = config.custom.web-services.memos; dataDir = config.services.memos.settings.MEMOS_DATA; in { - options.custom.services.memos = { + options.custom.web-services.memos = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/ntfy.nix b/modules/system/web-services/ntfy.nix index da24247..a8f6eec 100644 --- a/modules/system/web-services/ntfy.nix +++ b/modules/system/web-services/ntfy.nix @@ -1,9 +1,9 @@ { config, lib, ... }: let - cfg = config.custom.services.ntfy; + cfg = config.custom.web-services.ntfy; in { - options.custom.services.ntfy = { + options.custom.web-services.ntfy = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/outline.nix b/modules/system/web-services/outline.nix index 7620ec3..3f7179a 100644 --- a/modules/system/web-services/outline.nix +++ b/modules/system/web-services/outline.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.custom.services.outline; + cfg = config.custom.web-services.outline; in { - options.custom.services.outline = { + options.custom.web-services.outline = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/personal-blog.nix b/modules/system/web-services/personal-blog.nix index 0acb4c6..a4ff641 100644 --- a/modules/system/web-services/personal-blog.nix +++ b/modules/system/web-services/personal-blog.nix @@ -5,12 +5,12 @@ ... }: let - cfg = config.custom.services.personal-blog; + cfg = config.custom.web-services.personal-blog; dataDir = "/var/lib/personal-blog"; in { - options.custom.services.personal-blog = { + options.custom.web-services.personal-blog = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/privatebin.nix b/modules/system/web-services/privatebin.nix index 75cc0bc..3751b52 100644 --- a/modules/system/web-services/privatebin.nix +++ b/modules/system/web-services/privatebin.nix @@ -1,9 +1,9 @@ { config, lib, ... }: let - cfg = config.custom.services.privatebin; + cfg = config.custom.web-services.privatebin; in { - options.custom.services.privatebin = { + options.custom.web-services.privatebin = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/radicale.nix b/modules/system/web-services/radicale.nix index 375288d..ce371b9 100644 --- a/modules/system/web-services/radicale.nix +++ b/modules/system/web-services/radicale.nix @@ -6,12 +6,12 @@ ... }: let - cfg = config.custom.services.radicale; + cfg = config.custom.web-services.radicale; dataDir = config.services.radicale.settings.storage.filesystem_folder; in { - options.custom.services.radicale = { + options.custom.web-services.radicale = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/stirling-pdf.nix b/modules/system/web-services/stirling-pdf.nix index ba4d094..4212ac6 100644 --- a/modules/system/web-services/stirling-pdf.nix +++ b/modules/system/web-services/stirling-pdf.nix @@ -1,9 +1,9 @@ { config, lib, ... }: let - cfg = config.custom.services.stirling-pdf; + cfg = config.custom.web-services.stirling-pdf; in { - options.custom.services.stirling-pdf = { + options.custom.web-services.stirling-pdf = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/uptime-kuma.nix b/modules/system/web-services/uptime-kuma.nix index 01f008b..13f6763 100644 --- a/modules/system/web-services/uptime-kuma.nix +++ b/modules/system/web-services/uptime-kuma.nix @@ -1,9 +1,9 @@ { config, lib, ... }: let - cfg = config.custom.services.uptime-kuma; + cfg = config.custom.web-services.uptime-kuma; in { - options.custom.services.uptime-kuma = { + options.custom.web-services.uptime-kuma = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/victorialogs.nix b/modules/system/web-services/victorialogs.nix index b8550c8..40f3090 100644 --- a/modules/system/web-services/victorialogs.nix +++ b/modules/system/web-services/victorialogs.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.custom.services.victorialogs; + cfg = config.custom.web-services.victorialogs; in { - options.custom.services.victorialogs = { + options.custom.web-services.victorialogs = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr; diff --git a/modules/system/web-services/victoriametrics.nix b/modules/system/web-services/victoriametrics.nix index 9cf27f6..b88d524 100644 --- a/modules/system/web-services/victoriametrics.nix +++ b/modules/system/web-services/victoriametrics.nix @@ -5,10 +5,10 @@ ... }: let - cfg = config.custom.services.victoriametrics; + cfg = config.custom.web-services.victoriametrics; in { - options.custom.services.victoriametrics = { + options.custom.web-services.victoriametrics = { enable = lib.mkEnableOption ""; domain = lib.mkOption { type = lib.types.nonEmptyStr;