From d5f7e88b5948f8ca4e2bd9c55b8a31cb65b0b302 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Wed, 28 May 2025 21:11:51 +0200
Subject: [PATCH] Avoid "networking.domain"

---
 hosts/alto/default.nix                         | 18 +++++++++---------
 hosts/cirrus/default.nix                       |  7 +++----
 hosts/shared.nix                               |  2 --
 .../system/services/actualbudget/default.nix   |  3 +--
 modules/system/services/forgejo/default.nix    |  4 ++--
 modules/system/services/hedgedoc/default.nix   |  4 ++--
 modules/system/services/nextcloud/default.nix  |  4 ++--
 modules/system/services/syncthing/default.nix  | 10 +++++++++-
 .../system/services/tailscale/caddy-serve.nix  |  2 +-
 modules/system/services/tailscale/default.nix  |  7 +++----
 10 files changed, 32 insertions(+), 29 deletions(-)

diff --git a/hosts/alto/default.nix b/hosts/alto/default.nix
index 72f96cc..f1256ac 100644
--- a/hosts/alto/default.nix
+++ b/hosts/alto/default.nix
@@ -1,14 +1,14 @@
 { config, ... }:
 let
-  inherit (config.custom) services;
-  inherit (config.custom.services.tailscale) caddyServe;
+  tsDomain = config.custom.services.tailscale.domain;
+  portOf = service: config.custom.services.${service}.port;
 in
 {
   system.stateVersion = "24.11";
 
   custom = {
-    boot.loader.systemdBoot.enable = true;
     sops.enable = true;
+    boot.loader.systemdBoot.enable = true;
 
     services = {
       tailscale = {
@@ -24,32 +24,32 @@ in
         caddyServe = {
           nextcloud = {
             subdomain = "cloud";
-            inherit (services.nextcloud) port;
+            port = portOf "nextcloud";
           };
           actualbudget = {
             subdomain = "budget";
-            inherit (services.actualbudget) port;
+            port = portOf "actualbudget";
           };
           forgejo = {
             subdomain = "git";
-            inherit (services.forgejo) port;
+            port = portOf "forgejo";
           };
         };
       };
 
       nextcloud = {
         enable = true;
-        inherit (caddyServe.nextcloud) subdomain;
+        domain = "cloud.${tsDomain}";
         backups.enable = true;
       };
       actualbudget = {
         enable = true;
-        inherit (caddyServe.actualbudget) subdomain;
+        domain = "budget.${tsDomain}";
         backups.enable = true;
       };
       forgejo = {
         enable = true;
-        inherit (caddyServe.forgejo) subdomain;
+        domain = "git.${tsDomain}";
       };
 
       syncthing = {
diff --git a/hosts/cirrus/default.nix b/hosts/cirrus/default.nix
index aa92d6b..64ffcfd 100644
--- a/hosts/cirrus/default.nix
+++ b/hosts/cirrus/default.nix
@@ -1,11 +1,10 @@
 { config, ... }:
 {
   system.stateVersion = "24.11";
-  networking.domain = "sprouted.cloud";
 
   custom = {
-    boot.loader.grub.enable = true;
     sops.enable = true;
+    boot.loader.grub.enable = true;
 
     services = {
       tailscale = {
@@ -15,7 +14,7 @@
 
       hedgedoc = {
         enable = true;
-        subdomain = "docs";
+        domain = "docs.sprouted.cloud";
         backups.enable = true;
       };
 
@@ -32,7 +31,7 @@
 
   services.caddy = {
     enable = true;
-    virtualHosts."docs.${config.networking.domain}".extraConfig = ''
+    virtualHosts.${config.custom.services.hedgedoc.domain}.extraConfig = ''
       reverse_proxy localhost:${toString config.custom.services.hedgedoc.port}
     '';
   };
diff --git a/hosts/shared.nix b/hosts/shared.nix
index 11ec2b1..ff17784 100644
--- a/hosts/shared.nix
+++ b/hosts/shared.nix
@@ -9,8 +9,6 @@
 {
   imports = [ self.nixosModules.default ];
 
-  networking.domain = lib.mkDefault "stork-atlas.ts.net";
-
   nix =
     let
       flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
diff --git a/modules/system/services/actualbudget/default.nix b/modules/system/services/actualbudget/default.nix
index 6796bee..ae49688 100644
--- a/modules/system/services/actualbudget/default.nix
+++ b/modules/system/services/actualbudget/default.nix
@@ -9,7 +9,7 @@ in
 {
   options.custom.services.actualbudget = {
     enable = lib.mkEnableOption "";
-    subdomain = lib.mkOption {
+    domain = lib.mkOption {
       type = lib.types.nonEmptyStr;
       default = "";
     };
@@ -28,7 +28,6 @@ in
 
     services.actual = {
       enable = true;
-
       settings = {
         hostname = "localhost";
         inherit (cfg) port;
diff --git a/modules/system/services/forgejo/default.nix b/modules/system/services/forgejo/default.nix
index 849bede..95bf911 100644
--- a/modules/system/services/forgejo/default.nix
+++ b/modules/system/services/forgejo/default.nix
@@ -11,7 +11,7 @@ in
 {
   options.custom.services.forgejo = {
     enable = lib.mkEnableOption "";
-    subdomain = lib.mkOption {
+    domain = lib.mkOption {
       type = lib.types.nonEmptyStr;
       default = "";
     };
@@ -30,7 +30,7 @@ in
 
       settings = {
         server = {
-          DOMAIN = "${cfg.subdomain}.${config.networking.domain}";
+          DOMAIN = cfg.domain;
           ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
           HTTP_PORT = cfg.port;
         };
diff --git a/modules/system/services/hedgedoc/default.nix b/modules/system/services/hedgedoc/default.nix
index d05b0bb..b9a145d 100644
--- a/modules/system/services/hedgedoc/default.nix
+++ b/modules/system/services/hedgedoc/default.nix
@@ -14,7 +14,7 @@ in
 {
   options.custom.services.hedgedoc = {
     enable = lib.mkEnableOption "";
-    subdomain = lib.mkOption {
+    domain = lib.mkOption {
       type = lib.types.nonEmptyStr;
       default = "";
     };
@@ -42,7 +42,7 @@ in
 
       environmentFile = config.sops.templates."hedgedoc/environment".path;
       settings = {
-        domain = "${cfg.subdomain}.${config.networking.domain}";
+        domain = cfg.domain;
         inherit (cfg) port;
         protocolUseSSL = true;
         allowAnonymous = false;
diff --git a/modules/system/services/nextcloud/default.nix b/modules/system/services/nextcloud/default.nix
index f696c9d..2aea91a 100644
--- a/modules/system/services/nextcloud/default.nix
+++ b/modules/system/services/nextcloud/default.nix
@@ -13,7 +13,7 @@ in
 {
   options.custom.services.nextcloud = {
     enable = lib.mkEnableOption "";
-    subdomain = lib.mkOption {
+    domain = lib.mkOption {
       type = lib.types.nonEmptyStr;
       default = "";
     };
@@ -30,7 +30,7 @@ in
     services.nextcloud = {
       enable = true;
       package = pkgs.nextcloud31;
-      hostName = "${cfg.subdomain}.${config.networking.domain}";
+      hostName = cfg.domain;
 
       database.createLocally = true;
       config = {
diff --git a/modules/system/services/syncthing/default.nix b/modules/system/services/syncthing/default.nix
index b861eb5..c536c21 100644
--- a/modules/system/services/syncthing/default.nix
+++ b/modules/system/services/syncthing/default.nix
@@ -6,6 +6,7 @@
 }:
 let
   cfg = config.custom.services.syncthing;
+  tsCfg = config.custom.services.tailscale;
 in
 {
   options.custom.services.syncthing = {
@@ -18,6 +19,13 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = tsCfg.enable;
+        message = "syncthing requires tailscale";
+      }
+    ];
+
     services.syncthing = {
       enable = true;
 
@@ -36,7 +44,7 @@ in
           |> lib.mapAttrs (
             name: value: {
               id = value.config.custom.services.syncthing.deviceId;
-              addresses = [ "tcp://${name}.${value.config.networking.domain}:22000" ];
+              addresses = [ "tcp://${name}.${tsCfg.domain}:22000" ];
             }
           );
 
diff --git a/modules/system/services/tailscale/caddy-serve.nix b/modules/system/services/tailscale/caddy-serve.nix
index 7d4dabc..ba4d5bf 100644
--- a/modules/system/services/tailscale/caddy-serve.nix
+++ b/modules/system/services/tailscale/caddy-serve.nix
@@ -53,7 +53,7 @@ in
 
       virtualHosts = lib.mapAttrs' (
         _: value:
-        lib.nameValuePair "https://${value.subdomain}.${config.networking.domain}" {
+        lib.nameValuePair "https://${value.subdomain}.${config.custom.services.tailscale.domain}" {
           extraConfig = ''
             bind tailscale/${value.subdomain}
             tailscale_auth
diff --git a/modules/system/services/tailscale/default.nix b/modules/system/services/tailscale/default.nix
index 52897b6..dcfae37 100644
--- a/modules/system/services/tailscale/default.nix
+++ b/modules/system/services/tailscale/default.nix
@@ -10,9 +10,9 @@ in
 {
   options.custom.services.tailscale = {
     enable = lib.mkEnableOption "";
-    subdomain = lib.mkOption {
+    domain = lib.mkOption {
       type = lib.types.nonEmptyStr;
-      default = config.networking.hostName;
+      default = "stork-atlas.ts.net";
     };
     ssh.enable = lib.mkEnableOption "";
     exitNode.enable = lib.mkEnableOption "";
@@ -36,7 +36,6 @@ in
         if (cfg.exitNode.enable || (cfg.serve.target != null)) then "server" else "client";
       extraUpFlags = [ "--reset=true" ];
       extraSetFlags = [
-        "--hostname=${cfg.subdomain}"
         "--ssh=${lib.boolToString cfg.ssh.enable}"
         "--advertise-exit-node=${lib.boolToString cfg.exitNode.enable}"
       ];
@@ -57,7 +56,7 @@ in
           serviceConfig = {
             Type = "oneshot";
             RemainAfterExit = true;
-            ExecStartPre = "${lib.getExe pkgs.tailscale} cert --min-validity 120h ${cfg.subdomain}.${config.networking.domain}";
+            ExecStartPre = "${lib.getExe pkgs.tailscale} cert --min-validity 120h ${config.networking.hostName}.${cfg.domain}";
             ExecStart = "${lib.getExe pkgs.tailscale} ${mode} --bg ${cfg.serve.target}";
             ExecStop = "${lib.getExe pkgs.tailscale} ${mode} reset";
             Restart = "on-failure";