SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 12:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Refactor

Browse source
This commit is contained in:
SebastianStork 2026-01-17 13:21:16 +01:00
parent 0d7164fe0a
commit 49c918f747
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
13 changed files with 53 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

8
flake-parts/hosts.nix
View file

@ -18,15 +18,15 @@ let
++ lib.optional (lib.pathExists "${self}/users/seb/@${hostName}") "${self}/users/seb/@${hostName}"; ++ lib.optional (lib.pathExists "${self}/users/seb/@${hostName}") "${self}/users/seb/@${hostName}";
}; };
mkDeployNode = hostname: { mkDeployNode = hostName: {
hostname = "${hostname}.${ hostname = "${hostName}.${
self.nixosConfigurations.${hostname}.config.custom.networking.overlay.domain self.nixosConfigurations.${hostName}.config.custom.networking.overlay.domain
}"; }";
user = "root"; user = "root";
interactiveSudo = true; interactiveSudo = true;
profiles.system.path = profiles.system.path =
inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.${hostname}; self.nixosConfigurations.${hostName};
}; };
hostNames = "${self}/hosts" |> self.lib.listDirectoryNames; hostNames = "${self}/hosts" |> self.lib.listDirectoryNames;

11
flake-parts/sops.nix
View file

@ -25,14 +25,17 @@
hostCreationRules = hostCreationRules =
self.nixosConfigurations self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.filter (value: value.config.custom.sops.enable or false) |> lib.map (host: host.config.custom.sops)
|> lib.map (value: mkCreationRule value.config.custom.sops); |> lib.filter (sops: sops.enable)
|> lib.map (sops: mkCreationRule sops);
userCreationRules = userCreationRules =
self.nixosConfigurations self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.filter (value: value.config.home-manager.users.seb.custom.sops.enable or false) |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
|> lib.map (value: mkCreationRule value.config.home-manager.users.seb.custom.sops); |> lib.map (host: host.config.home-manager.users.seb.custom.sops)
|> lib.filter (sops: sops.enable)
|> lib.map (sops: mkCreationRule sops);
jsonConfig = { creation_rules = hostCreationRules ++ userCreationRules; } |> lib.strings.toJSON; jsonConfig = { creation_rules = hostCreationRules ++ userCreationRules; } |> lib.strings.toJSON;
in in

4
modules/system/meta/domains.nix
View file

@ -18,7 +18,7 @@ in
default = default =
self.nixosConfigurations self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.map (value: value.config.meta.domains.local) |> lib.map (host: host.config.meta.domains.local)
|> lib.concatLists; |> lib.concatLists;
readOnly = true; readOnly = true;
}; };
@ -31,7 +31,7 @@ in
duplicateDomains = duplicateDomains =
self.nixosConfigurations self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.map (value: value.options.meta.domains.local.definitionsWithLocations) |> lib.map (host: host.options.meta.domains.local.definitionsWithLocations)
|> lib.concatLists |> lib.concatLists
|> lib.concatMap ( |> lib.concatMap (
{ file, value }: { file, value }:

4
modules/system/networking.nix
View file

@ -9,7 +9,7 @@ let
in in
{ {
options.custom.networking = { options.custom.networking = {
hostname = lib.mkOption { hostName = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = config.networking.hostName; default = config.networking.hostName;
readOnly = true; readOnly = true;
@ -89,7 +89,7 @@ in
}; };
peers = lib.mkOption { peers = lib.mkOption {
type = lib.types.anything; type = lib.types.anything;
default = cfg.nodes |> lib.filter (node: node.hostname != cfg.hostname); default = cfg.nodes |> lib.filter (node: node.hostName != cfg.hostName);
readOnly = true; readOnly = true;
}; };
}; };

6
modules/system/services/caddy.nix
View file

@ -8,10 +8,10 @@ let
cfg = config.custom.services.caddy; cfg = config.custom.services.caddy;
netCfg = config.custom.networking; netCfg = config.custom.networking;
virtualHosts = cfg.virtualHosts |> lib.attrValues |> lib.filter (value: value.enable); virtualHosts = cfg.virtualHosts |> lib.attrValues |> lib.filter (vHost: vHost.enable);
publicHostsExist = virtualHosts |> lib.any (value: (!self.lib.isPrivateDomain value.domain)); publicHostsExist = virtualHosts |> lib.any (vHost: (!self.lib.isPrivateDomain vHost.domain));
privateHostsExist = virtualHosts |> lib.any (value: self.lib.isPrivateDomain value.domain); privateHostsExist = virtualHosts |> lib.any (vHost: self.lib.isPrivateDomain vHost.domain);
webPorts = [ webPorts = [
80 80

2
modules/system/services/dns.nix
View file

@ -33,7 +33,7 @@ in
let let
nodeRecords = nodeRecords =
netCfg.nodes netCfg.nodes
|> lib.map (node: "\"${node.hostname}.${node.overlay.domain}. A ${node.overlay.address}\""); |> lib.map (node: "\"${node.hostName}.${node.overlay.domain}. A ${node.overlay.address}\"");
serviceRecords = serviceRecords =
self.nixosConfigurations self.nixosConfigurations
|> lib.attrValues |> lib.attrValues

6
modules/system/services/nebula/default.nix
View file

@ -16,18 +16,18 @@ in
publicKeyPath = lib.mkOption { publicKeyPath = lib.mkOption {
type = lib.types.path; type = lib.types.path;
default = "${self}/hosts/${netCfg.hostname}/keys/nebula.pub"; default = "${self}/hosts/${netCfg.hostName}/keys/nebula.pub";
}; };
certificatePath = lib.mkOption { certificatePath = lib.mkOption {
type = lib.types.path; type = lib.types.path;
default = "${self}/hosts/${netCfg.hostname}/keys/nebula.crt"; default = "${self}/hosts/${netCfg.hostName}/keys/nebula.crt";
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
assertions = lib.singleton { assertions = lib.singleton {
assertion = netCfg.isLighthouse -> netCfg.underlay.isPublic; assertion = netCfg.isLighthouse -> netCfg.underlay.isPublic;
message = "'${netCfg.hostname}' is a Nebula lighthouse, but underlay.isPublic is not set. Lighthouses must be publicly reachable."; message = "'${netCfg.hostName}' is a Nebula lighthouse, but underlay.isPublic is not set. Lighthouses must be publicly reachable.";
}; };
custom.networking.overlay = { custom.networking.overlay = {

20
modules/system/services/restic/backups.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
let let
backups = config.custom.services.restic.backups |> lib.filterAttrs (_: value: value.enable); backups = config.custom.services.restic.backups |> lib.filterAttrs (_: backup: backup.enable);
in in
{ {
options.custom.services.restic.backups = lib.mkOption { options.custom.services.restic.backups = lib.mkOption {
@ -48,10 +48,10 @@ in
services.restic.backups = services.restic.backups =
backups backups
|> lib.mapAttrs ( |> lib.mapAttrs (
name: value: name: backup:
lib.mkMerge [ lib.mkMerge [
{ {
inherit (value) paths; inherit (backup) paths;
initialize = true; initialize = true;
repository = "s3:https://s3.eu-central-003.backblazeb2.com/stork-atlas/${name}"; repository = "s3:https://s3.eu-central-003.backblazeb2.com/stork-atlas/${name}";
environmentFile = config.sops.templates."restic/environment".path; environmentFile = config.sops.templates."restic/environment".path;
@ -66,20 +66,20 @@ in
RandomizedDelaySec = "1h"; RandomizedDelaySec = "1h";
}; };
} }
value.extraConfig backup.extraConfig
] ]
); );
systemd.services = systemd.services =
backups backups
|> lib.mapAttrs' ( |> lib.mapAttrs' (
name: value: name: backup:
lib.nameValuePair "restic-backups-${name}" ( lib.nameValuePair "restic-backups-${name}" (
lib.mkIf (value.conflictingService != null) { lib.mkIf (backup.conflictingService != null) {
unitConfig.Conflicts = [ value.conflictingService ]; unitConfig.Conflicts = [ backup.conflictingService ];
after = [ value.conflictingService ]; after = [ backup.conflictingService ];
onSuccess = [ value.conflictingService ]; onSuccess = [ backup.conflictingService ];
onFailure = [ value.conflictingService ]; onFailure = [ backup.conflictingService ];
} }
) )
); );

3
modules/system/services/restic/healthchecks.nix
View file

@ -7,8 +7,7 @@
let let
backupsWithHealthchecks = backupsWithHealthchecks =
config.custom.services.restic.backups config.custom.services.restic.backups
|> lib.filterAttrs (_: value: value.enable) |> lib.filterAttrs (_: backup: backup.enable && backup.doHealthchecks);
|> lib.filterAttrs (_: value: value.doHealthchecks);
in in
{ {
options.custom.services.restic.backups = lib.mkOption { options.custom.services.restic.backups = lib.mkOption {

9
modules/system/services/restic/restore.nix
View file

@ -7,8 +7,7 @@
let let
backupsWithRestoreCommand = backupsWithRestoreCommand =
config.custom.services.restic.backups config.custom.services.restic.backups
|> lib.filterAttrs (_: value: value.enable) |> lib.filterAttrs (_: backup: backup.enable && backup.restoreCommand.enable);
|> lib.filterAttrs (_: value: value.restoreCommand.enable);
in in
{ {
options.custom.services.restic.backups = lib.mkOption { options.custom.services.restic.backups = lib.mkOption {
@ -35,13 +34,13 @@ in
environment.systemPackages = environment.systemPackages =
backupsWithRestoreCommand backupsWithRestoreCommand
|> lib.mapAttrsToList ( |> lib.mapAttrsToList (
name: value: name: backup:
pkgs.writeShellApplication { pkgs.writeShellApplication {
name = "restic-restore-${name}"; name = "restic-restore-${name}";
text = text =
let let
inherit (value) conflictingService; inherit (backup) conflictingService;
inherit (value.restoreCommand) preRestore postRestore; inherit (backup.restoreCommand) preRestore postRestore;
hasConflictingService = conflictingService != null; hasConflictingService = conflictingService != null;
in in
'' ''

4
modules/system/services/sshd.nix
View file

@ -36,7 +36,7 @@ in
|> lib.map (client: { |> lib.map (client: {
port = 22; port = 22;
proto = "tcp"; proto = "tcp";
host = client.hostname; host = client.hostName;
}); });
}; };
@ -48,7 +48,7 @@ in
users.users.seb.openssh.authorizedKeys.keyFiles = users.users.seb.openssh.authorizedKeys.keyFiles =
self.nixosConfigurations self.nixosConfigurations
|> lib.attrValues |> lib.attrValues
|> lib.filter (host: host.config.custom.networking.hostname != netCfg.hostname) |> lib.filter (host: host.config.custom.networking.hostName != netCfg.hostName)
|> lib.filter (host: host.config |> lib.hasAttr "home-manager") |> lib.filter (host: host.config |> lib.hasAttr "home-manager")
|> lib.map (host: host.config.home-manager.users.seb.custom.programs.ssh) |> lib.map (host: host.config.home-manager.users.seb.custom.programs.ssh)
|> lib.filter (ssh: ssh.enable) |> lib.filter (ssh: ssh.enable)

11
modules/system/services/syncthing.nix
View file

@ -96,16 +96,15 @@ in
key = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/key".path; key = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/key".path;
settings = { settings = {
# Get the devices and their ids from the configs of the other hosts
devices = devices =
self.nixosConfigurations self.nixosConfigurations
|> lib.filterAttrs (name: _: name != config.networking.hostName) |> lib.filterAttrs (_: host: host.config.networking.hostName != config.networking.hostName)
|> lib.filterAttrs (_: value: value.config.custom.services.syncthing.enable) |> lib.filterAttrs (_: host: host.config.custom.services.syncthing.enable)
|> lib.mapAttrs ( |> lib.mapAttrs (
_: value: { _: host: {
id = value.config.custom.services.syncthing.deviceId; id = host.config.custom.services.syncthing.deviceId;
addresses = [ addresses = [
"tcp://${value.config.custom.networking.overlay.address}:${toString cfg.syncPort}" "tcp://${host.config.custom.networking.overlay.address}:${toString host.config.custom.services.syncthing.syncPort}"
]; ];
} }
); );

18
modules/system/web-services/gatus.nix
View file

@ -143,21 +143,21 @@ in
endpoints = endpoints =
let let
mkEndpoint = value: { mkEndpoint = endpoint: {
inherit (value) name group interval; inherit (endpoint) name group interval;
url = "${value.protocol}://${value.domain}${value.path}"; url = "${endpoint.protocol}://${endpoint.domain}${endpoint.path}";
alerts = lib.mkIf value.enableAlerts [ { type = "ntfy"; } ]; alerts = lib.mkIf endpoint.enableAlerts [ { type = "ntfy"; } ];
ssh = lib.mkIf (value.protocol == "ssh") { ssh = lib.mkIf (endpoint.protocol == "ssh") {
username = ""; username = "";
password = ""; password = "";
}; };
conditions = lib.concatLists [ conditions = lib.concatLists [
value.extraConditions endpoint.extraConditions
(lib.optional (lib.elem value.protocol [ (lib.optional (lib.elem endpoint.protocol [
"http" "http"
"https" "https"
]) "[STATUS] == 200") ]) "[STATUS] == 200")
(lib.optional (lib.elem value.protocol [ (lib.optional (lib.elem endpoint.protocol [
"tcp" "tcp"
"ssh" "ssh"
"icmp" "icmp"
@ -176,7 +176,7 @@ in
let let
defaultEndpoints = defaultEndpoints =
self.nixosConfigurations self.nixosConfigurations
|> lib.mapAttrs (_: value: value.config.meta.domains.local) |> lib.mapAttrs (_: host: host.config.meta.domains.local)
|> lib.concatMapAttrs ( |> lib.concatMapAttrs (
hostName: domains: hostName: domains:
domains domains