SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-22 05:44:25 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove meta.ports and meta.domains modules

Browse source
This commit is contained in:
SebastianStork 2026-01-21 23:25:16 +01:00
parent d8abea9e18
commit b487ec8ae7
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
31 changed files with 8 additions and 273 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/vps-monitor/default.nix
View file

@ -8,11 +8,6 @@
system.stateVersion = "25.11"; system.stateVersion = "25.11";
meta = {
domains.validate = true;
ports.validate = true;
};
custom = { custom = {
persistence.enable = true; persistence.enable = true;

5
hosts/vps-private/default.nix
View file

@ -8,11 +8,6 @@
system.stateVersion = "25.11"; system.stateVersion = "25.11";
meta = {
domains.validate = true;
ports.validate = true;
};
custom = custom =
let let
privateDomain = config.custom.networking.overlay.domain; privateDomain = config.custom.networking.overlay.domain;

5
hosts/vps-public/default.nix
View file

@ -8,11 +8,6 @@
system.stateVersion = "25.11"; system.stateVersion = "25.11";
meta = {
domains.validate = true;
ports.validate = true;
};
custom = custom =
let let
sproutedDomain = "sprouted.cloud"; sproutedDomain = "sprouted.cloud";

62
modules/system/meta/domains.nix
View file

@ -1,62 +0,0 @@
{
config,
self,
lib,
...
}:
let
cfg = config.meta.domains;
in
{
options.meta.domains = {
local = lib.mkOption {
type = lib.types.listOf lib.types.nonEmptyStr;
default = [ ];
};
global = lib.mkOption {
type = lib.types.listOf lib.types.nonEmptyStr;
default =
self.nixosConfigurations
|> lib.attrValues
|> lib.map (host: host.config.meta.domains.local)
|> lib.concatLists;
readOnly = true;
};
validate = lib.mkEnableOption "";
};
config = lib.mkIf cfg.validate {
assertions =
let
duplicateDomains =
self.nixosConfigurations
|> lib.attrValues
|> lib.map (host: host.options.meta.domains.local.definitionsWithLocations)
|> lib.concatLists
|> lib.concatMap (
{ file, value }:
value
|> lib.map (domain: {
file = self.lib.relativePath file;
inherit domain;
})
)
|> builtins.groupBy (entry: toString entry.domain)
|> lib.mapAttrs (_: values: values |> lib.map (value: value.file))
|> lib.filterAttrs (_: files: lib.length files > 1);
errorMessage =
duplicateDomains
|> lib.mapAttrsToList (
domain: files:
"Duplicate domain `${domain}` found in:\n"
+ (files |> lib.map (file: " - ${file}") |> lib.concatLines)
)
|> lib.concatStrings;
in
lib.singleton {
assertion = duplicateDomains == { };
message = errorMessage;
};
};
}

65
modules/system/meta/ports.nix
View file

@ -1,65 +0,0 @@
{
config,
options,
self,
lib,
...
}:
let
cfg = config.meta.ports;
in
{
options.meta.ports = {
tcp = lib.mkOption {
type = lib.types.listOf lib.types.port;
default = [ ];
};
udp = lib.mkOption {
type = lib.types.listOf lib.types.port;
default = [ ];
};
validate = lib.mkEnableOption "";
};
config = {
assertions =
let
findDuplicatePorts =
protocol:
options.meta.ports.${protocol}.definitionsWithLocations
|> lib.concatMap (
{ file, value }:
value
|> lib.map (port: {
file = self.lib.relativePath file;
inherit port;
})
)
|> builtins.groupBy (entry: toString entry.port)
|> lib.mapAttrs (_: values: values |> lib.map (value: value.file))
|> lib.filterAttrs (_: files: lib.length files > 1);
mkErrorMessage =
duplicatePorts:
duplicatePorts
|> lib.mapAttrsToList (
port: files:
"Duplicate port `${port}` found in:\n" + (files |> lib.map (file: " - ${file}") |> lib.concatLines)
)
|> lib.concatStrings;
duplicateTcpPorts = findDuplicatePorts "tcp";
duplicateUdpPorts = findDuplicatePorts "udp";
in
lib.mkIf cfg.validate [
{
assertion = duplicateTcpPorts == { };
message = mkErrorMessage duplicateTcpPorts;
}
{
assertion = duplicateUdpPorts == { };
message = mkErrorMessage duplicateUdpPorts;
}
];
};
}

7
modules/system/services/caddy.nix
View file

@ -95,7 +95,7 @@ in
message = "Each caddy virtual host must set exactly one of `port` or `files`"; message = "Each caddy virtual host must set exactly one of `port` or `files`";
}; };
meta.ports.tcp = [ cfg.metricsPort ]; networking.firewall.allowedTCPPorts = lib.mkIf publicHostsExist webPorts;
services.caddy = { services.caddy = {
enable = true; enable = true;
@ -111,11 +111,6 @@ in
custom.persistence.directories = [ "/var/lib/caddy" ]; custom.persistence.directories = [ "/var/lib/caddy" ];
} }
(lib.mkIf publicHostsExist {
meta.ports.tcp = webPorts;
networking.firewall.allowedTCPPorts = webPorts;
})
(lib.mkIf privateHostsExist { (lib.mkIf privateHostsExist {
sops.secrets = { sops.secrets = {
"porkbun/api-key".owner = config.users.users.acme.name; "porkbun/api-key".owner = config.users.users.acme.name;

5
modules/system/services/crowdsec/default.nix
View file

@ -38,11 +38,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.ports.tcp = [
cfg.apiPort
cfg.prometheusPort
];
sops.secrets."crowdsec/enrollment-key" = { sops.secrets."crowdsec/enrollment-key" = {
owner = user; owner = user;
restartUnits = [ "crowdsec.service" ]; restartUnits = [ "crowdsec.service" ];

9
modules/system/services/dns.nix
View file

@ -12,11 +12,6 @@ in
options.custom.services.dns.enable = lib.mkEnableOption ""; options.custom.services.dns.enable = lib.mkEnableOption "";
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# meta.ports = {
# tcp = [ 53 ];
# udp = [ 53 ];
# };
services = { services = {
unbound = { unbound = {
enable = true; enable = true;
@ -39,7 +34,9 @@ in
|> lib.attrValues |> lib.attrValues
|> lib.concatMap ( |> lib.concatMap (
host: host:
host.config.meta.domains.local host.config.custom.services.caddy.virtualHosts
|> lib.attrValues
|> lib.map (vHost: vHost.domain)
|> lib.filter (domain: self.lib.isPrivateDomain domain) |> lib.filter (domain: self.lib.isPrivateDomain domain)
|> lib.map (domain: "\"${domain}. A ${host.config.custom.networking.overlay.address}\"") |> lib.map (domain: "\"${domain}. A ${host.config.custom.networking.overlay.address}\"")
); );

2
modules/system/services/nebula/default.nix
View file

@ -38,8 +38,6 @@ in
systemdUnit = "nebula@mesh.service"; systemdUnit = "nebula@mesh.service";
}; };
meta.ports.udp = lib.optional netCfg.underlay.isPublic publicPort;
sops.secrets."nebula/host-key" = { sops.secrets."nebula/host-key" = {
owner = config.users.users.nebula-mesh.name; owner = config.users.users.nebula-mesh.name;
restartUnits = [ "nebula@mesh.service" ]; restartUnits = [ "nebula@mesh.service" ];

12
modules/system/services/resolved.nix
View file

@ -1,22 +1,10 @@
{ config, lib, ... }: { config, lib, ... }:
let
ports = [
53
5353
5355
];
in
{ {
options.custom.services.resolved.enable = lib.mkEnableOption "" // { options.custom.services.resolved.enable = lib.mkEnableOption "" // {
default = config.systemd.network.enable; default = config.systemd.network.enable;
}; };
config = lib.mkIf config.custom.services.resolved.enable { config = lib.mkIf config.custom.services.resolved.enable {
meta.ports = {
tcp = ports;
udp = ports;
};
services.resolved = { services.resolved = {
enable = true; enable = true;
dnssec = "allow-downgrade"; dnssec = "allow-downgrade";

2
modules/system/services/sshd.nix
View file

@ -12,8 +12,6 @@ in
options.custom.services.sshd.enable = lib.mkEnableOption ""; options.custom.services.sshd.enable = lib.mkEnableOption "";
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.ports.tcp = [ 22 ];
services = { services = {
openssh = { openssh = {
enable = true; enable = true;

11
modules/system/services/syncthing.nix
View file

@ -61,17 +61,6 @@ in
} }
]; ];
meta = {
domains.local = lib.mkIf (cfg.gui.domain != null) [ cfg.gui.domain ];
ports = {
tcp = [
cfg.syncPort
cfg.gui.port
];
udp = [ cfg.syncPort ];
};
};
sops.secrets = lib.mkIf useSopsSecrets { sops.secrets = lib.mkIf useSopsSecrets {
"syncthing/cert" = { "syncthing/cert" = {
owner = config.services.syncthing.user; owner = config.services.syncthing.user;

5
modules/system/web-services/actualbudget.nix
View file

@ -19,11 +19,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
users = { users = {
users.actual = { users.actual = {
isSystemUser = true; isSystemUser = true;

5
modules/system/web-services/alloy.nix
View file

@ -63,11 +63,6 @@ in
in in
metricsAssertions ++ logsAssertions; metricsAssertions ++ logsAssertions;
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
services.alloy = { services.alloy = {
enable = true; enable = true;
extraFlags = [ extraFlags = [

5
modules/system/web-services/filebrowser.nix
View file

@ -29,11 +29,6 @@ in
message = self.lib.mkUnprotectedMessage "Filebrowser"; message = self.lib.mkUnprotectedMessage "Filebrowser";
}; };
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
services.filebrowser = { services.filebrowser = {
enable = true; enable = true;
settings = { settings = {

5
modules/system/web-services/forgejo/default.nix
View file

@ -17,11 +17,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
users = { users = {
users.git = { users.git = {
isSystemUser = true; isSystemUser = true;

2
modules/system/web-services/forgejo/ssh.nix
View file

@ -12,8 +12,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.ports.tcp = [ cfg.port ];
services.forgejo.settings.server.SSH_PORT = cfg.port; services.forgejo.settings.server.SSH_PORT = cfg.port;
services.openssh = { services.openssh = {

5
modules/system/web-services/freshrss.nix
View file

@ -29,11 +29,6 @@ in
message = self.lib.mkUnprotectedMessage "FreshRSS"; message = self.lib.mkUnprotectedMessage "FreshRSS";
}; };
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
services.freshrss = { services.freshrss = {
enable = true; enable = true;
baseUrl = "https://${cfg.domain}"; baseUrl = "https://${cfg.domain}";

10
modules/system/web-services/gatus.nix
View file

@ -70,11 +70,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
sops = { sops = {
secrets."healthchecks/ping-key" = { }; secrets."healthchecks/ping-key" = { };
templates."gatus.env" = { templates."gatus.env" = {
@ -176,7 +171,10 @@ in
let let
defaultEndpoints = defaultEndpoints =
self.nixosConfigurations self.nixosConfigurations
|> lib.mapAttrs (_: host: host.config.meta.domains.local) |> lib.mapAttrs (
_: host:
host.config.custom.services.caddy.virtualHosts |> lib.attrValues |> lib.map (vHost: vHost.domain)
)
|> lib.concatMapAttrs ( |> lib.concatMapAttrs (
hostName: domains: hostName: domains:
domains domains

5
modules/system/web-services/grafana.nix
View file

@ -64,11 +64,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
sops.secrets."grafana/admin-password" = { sops.secrets."grafana/admin-password" = {
owner = config.users.users.grafana.name; owner = config.users.users.grafana.name;
restartUnits = [ "grafana.service" ]; restartUnits = [ "grafana.service" ];

2
modules/system/web-services/it-tools.nix
View file

@ -17,8 +17,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.domains.local = [ cfg.domain ];
custom.services.caddy.virtualHosts.${cfg.domain}.files = "${pkgs.it-tools}/lib"; custom.services.caddy.virtualHosts.${cfg.domain}.files = "${pkgs.it-tools}/lib";
}; };
} }

5
modules/system/web-services/memos.nix
View file

@ -24,11 +24,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
services.memos = { services.memos = {
enable = true; enable = true;
settings = options.services.memos.settings.default // { settings = options.services.memos.settings.default // {

5
modules/system/web-services/ntfy.nix
View file

@ -16,11 +16,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
services.ntfy-sh = { services.ntfy-sh = {
enable = true; enable = true;
settings = lib.mkForce { settings = lib.mkForce {

5
modules/system/web-services/outline.nix
View file

@ -22,11 +22,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
sops.secrets."outline/gitlab-auth-secret" = { sops.secrets."outline/gitlab-auth-secret" = {
owner = config.users.users.outline.name; owner = config.users.users.outline.name;
restartUnits = [ "outline.service" ]; restartUnits = [ "outline.service" ];

2
modules/system/web-services/personal-blog.nix
View file

@ -19,8 +19,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta.domains.local = [ cfg.domain ];
systemd.services.generate-blog = { systemd.services.generate-blog = {
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

5
modules/system/web-services/privatebin.nix
View file

@ -20,11 +20,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
services = { services = {
privatebin = { privatebin = {
enable = true; enable = true;

5
modules/system/web-services/radicale.nix
View file

@ -25,11 +25,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
sops.secrets."radicale/htpasswd" = { sops.secrets."radicale/htpasswd" = {
owner = config.users.users.radicale.name; owner = config.users.users.radicale.name;
restartUnits = [ "radicale.service" ]; restartUnits = [ "radicale.service" ];

5
modules/system/web-services/stirling-pdf.nix
View file

@ -26,11 +26,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
services.stirling-pdf = { services.stirling-pdf = {
enable = true; enable = true;
environment = { environment = {

5
modules/system/web-services/uptime-kuma.nix
View file

@ -16,11 +16,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
services.uptime-kuma = { services.uptime-kuma = {
enable = true; enable = true;
settings.PORT = toString cfg.port; settings.PORT = toString cfg.port;

5
modules/system/web-services/victorialogs.nix
View file

@ -16,11 +16,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
users = { users = {
users.victorialogs = { users.victorialogs = {
isSystemUser = true; isSystemUser = true;

5
modules/system/web-services/victoriametrics.nix
View file

@ -16,11 +16,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
meta = {
domains.local = [ cfg.domain ];
ports.tcp = [ cfg.port ];
};
users = { users = {
users.victoriametrics = { users.victoriametrics = {
isSystemUser = true; isSystemUser = true;