Jo/puzzlevision
1
0
Fork 0
mirror of https://github.com/Jokiller230/puzzlevision.git synced 2025-09-09 12:20:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

🎉📝 initialize v2

Browse source
This commit is contained in:
Jo 2025-01-13 18:54:17 +01:00
parent 5087472710
commit 5abbdd12fb
95 changed files with 38 additions and 2693 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/nixos/admin/default.nix
View file

@ -1,16 +0,0 @@
{
lib,
namespace,
...
}:
let
inherit (lib) types;
inherit (lib.${namespace}) mkOpt;
in
{
options.${namespace}.admin = with types; {
name = mkOpt str "Jo" "The short name of the system admin.";
full-name = mkOpt str "Johannes Reckers" "The full name of the system admin.";
email = mkOpt str "system@thevoid.cafe" "The E-Mail of the system admin. (Used for system services by default)";
};
}

32
modules/nixos/archetypes/server/default.nix
View file

@ -1,32 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.archetypes.server;
in {
options.${namespace}.archetypes.server = { enable = mkEnableOption "Enable the server archetype for your current system"; };
config = mkIf cfg.enable {
# Enable modules
puzzlevision = {
common = {
nix = {
enable = true;
use-lix = true;
};
grub.enable = true;
networking.enable = true;
kernel.enable = true;
shell.enable = true;
hardware.enable = true;
locale.enable = true;
};
};
# Enable SSH for remote login
services.openssh.enable = true;
};
}

44
modules/nixos/archetypes/workstation/default.nix
View file

@ -1,44 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.archetypes.workstation;
in {
options.${namespace}.archetypes.workstation = { enable = mkEnableOption "Enable the workstation archetype for your current system"; };
config = mkIf cfg.enable {
environment.sessionVariables = {
MOZ_ENABLE_WAYLAND = "1"; # Firefox native Wayland support
NIXOS_OZONE_WL = "1"; # Native Wayland in Chromium and Electron based applications
};
# Enable modules
puzzlevision = {
common = {
nix = {
enable = true; # Standard Nix configuration
use-lix = true;
use-nixld = true;
};
grub.enable = true; # Bootloader grub
networking.enable = true; # Networkmanager configuration
kernel.enable = true; # Kernel modifications
bluetooth.enable = true; # Bluetooth support
shell.enable = true; # Shell environment configuration
hardware.enable = true; # Common hardware support and tweaks
fonts.enable = true; # Common fonts and font management tweaks
audio.enable = true; # Audio setup
locale.enable = true; # Locale settings
};
tools = {
cachix.enable = true;
};
desktop.gnome.enable = true;
};
};
}

23
modules/nixos/common/audio/default.nix
View file

@ -1,23 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.audio;
in {
options.${namespace}.common.audio = { enable = mkEnableOption "whether to enable common audio support and tweaks"; };
config = mkIf cfg.enable {
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
}

32
modules/nixos/common/bluetooth/default.nix
View file

@ -1,32 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.bluetooth;
in {
options.${namespace}.common.bluetooth = { enable = mkEnableOption "Enable bluetooth support on your current system"; };
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ bluez ];
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
package = pkgs.bluez;
settings = {
General = {
ControllerMode = "dual";
FastConnectable = "true";
Experimental = "true";
KernelExperimental = "true";
Disable= "Handsfree";
};
};
};
};
}

30
modules/nixos/common/fonts/default.nix
View file

@ -1,30 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.fonts;
in {
options.${namespace}.common.fonts = with types; {
enable = mkEnableOption "Enable system font management";
fonts = mkOption {
type = listOf package;
default = with pkgs; [ noto-fonts noto-fonts-cjk-sans noto-fonts-cjk-serif noto-fonts-emoji nerd-fonts.bigblue-terminal nerd-fonts.zed-mono monocraft ];
example = [ noto-fonts noto-fonts-emoji ];
description = "Install additional font packages";
};
};
config = mkIf cfg.enable {
environment.variables = {
LOG_ICONS = "true"; # Enable icons in tooling (requires nerdfonts)
};
environment.systemPackages = with pkgs; [ font-manager ];
fonts.packages = cfg.fonts;
};
}

31
modules/nixos/common/grub/default.nix
View file

@ -1,31 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.grub;
in {
options.${namespace}.common.grub = { enable = mkEnableOption "grub"; };
config = mkIf cfg.enable {
boot.loader.systemd-boot.enable = false;
boot.loader.grub = {
enable = true;
devices = [ "nodev" ];
efiInstallAsRemovable = true;
efiSupport = true;
extraEntries = ''
menuentry "Reboot" {
reboot
}
menuentry "Poweroff" {
halt
}
'';
};
};
}

16
modules/nixos/common/hardware/default.nix
View file

@ -1,16 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.hardware;
in {
options.${namespace}.common.hardware = { enable = mkEnableOption "whether to enable common hardware support"; };
config = mkIf cfg.enable {
hardware.sensor.iio.enable = true; # Enable iio-sensor for automatic screen rotation and similar features.
hardware.flipperzero.enable = true; # Enable support for the flipperzero device.
};
}

24
modules/nixos/common/kernel/default.nix
View file

@ -1,24 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.kernel;
in {
options.${namespace}.common.kernel = {
enable = mkEnableOption "Modify the standard kernel settings";
version = mkOption {
type = types.str;
default = "linuxPackages_latest";
example = "linuxPackages_latest";
description = "Set the kernel version to be used by your system";
};
};
config = mkIf cfg.enable {
boot.kernelPackages = pkgs.${cfg.version};
};
}

56
modules/nixos/common/locale/default.nix
View file

@ -1,56 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.locale;
in {
options.${namespace}.common.locale = {
enable = mkEnableOption "whether to enable common locale tweaks";
language = mkOption {
type = types.str;
default = "en_US";
example = "en_US";
description = "Sets the language for most text, doesn't include monetary or measurement settings";
};
country = mkOption {
type = types.str;
default = "de_DE";
example = "de_DE";
description = "Sets the language used for monetary or measurement settings (USD vs Euro, etc...)";
};
keymap = mkOption {
type = types.str;
default = "de";
example = "de";
description = "Sets the keymap to be used by the system";
};
};
config = mkIf cfg.enable {
# Internationalisation properties.
i18n.defaultLocale = "${cfg.language}.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "${cfg.country}.UTF-8";
LC_IDENTIFICATION = "${cfg.country}.UTF-8";
LC_MEASUREMENT = "${cfg.country}.UTF-8";
LC_MONETARY = "${cfg.country}.UTF-8";
LC_NAME = "${cfg.country}.UTF-8";
LC_NUMERIC = "${cfg.country}.UTF-8";
LC_PAPER = "${cfg.country}.UTF-8";
LC_TELEPHONE = "${cfg.country}.UTF-8";
LC_TIME = "${cfg.country}.UTF-8";
};
# Set console keymap.
console.keyMap = cfg.keymap;
services.xserver = {
xkb.layout = cfg.keymap;
};
};
}

20
modules/nixos/common/networking/default.nix
View file

@ -1,20 +0,0 @@
{
lib,
namespace,
config,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.common.networking;
in {
options.${namespace}.common.networking = {
enable = mkEnableOption "Whether to enable networking through NetworkManager.";
};
config = mkIf cfg.enable {
networking.networkmanager = {
enable = true;
};
};
}

53
modules/nixos/common/nix/default.nix
View file

@ -1,53 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.nix;
in {
options.${namespace}.common.nix = {
enable = mkEnableOption "Overwrite the default Nix configuration.";
use-lix = mkEnableOption "Enable Lix as an alternative to CppNix.";
use-nixld = mkEnableOption "Enable the use of dynamically linked executables on nix based systems.";
};
config = mkIf cfg.enable {
nix = {
settings = {
auto-optimise-store = true;
builders-use-substitutes = true;
experimental-features = [ "nix-command" "flakes" ];
keep-derivations = true;
keep-outputs = true;
max-jobs = "auto";
warn-dirty = false;
};
# Garbage collection configuration.
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 3d";
};
extraOptions = ''
extra-substituters = https://devenv.cachix.org
extra-trusted-public-keys = devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=
'';
package = mkIf cfg.use-lix pkgs.lix; # Enable LIX
};
# Dynamic libraries for unpackaged programs
programs.nix-ld = mkIf cfg.use-nixld {
enable = true;
libraries = with pkgs; [
glibc
libcxx
];
};
};
}

20
modules/nixos/common/shell/default.nix
View file

@ -1,20 +0,0 @@
{
lib,
namespace,
config,
pkgs,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.common.shell;
in {
options.${namespace}.common.shell = {
enable = mkEnableOption "Modify the standard shell options";
};
config = mkIf cfg.enable {
environment.shells = with pkgs; [ fish ];
users.defaultUserShell = pkgs.fish;
programs.fish.enable = true;
};
}

53
modules/nixos/desktop/gnome/default.nix
View file

@ -1,53 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.desktop.gnome;
in {
options.${namespace}.desktop.gnome = { enable = mkEnableOption "gnome"; };
config = mkIf cfg.enable {
services.xserver.enable = true;
# Enable GNOME and GDM.
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
environment.gnome.excludePackages = with pkgs; [
gnome-tour
gedit
cheese
geary
yelp # Help view
epiphany # Gnome web
gnome-console
gnome-terminal
gnome-music
tali # Poker game
iagno # Go game
hitori # Sudoku game
gnome-contacts
gnome-initial-setup
gnome-system-monitor
];
programs.dconf.enable = true;
services.gnome.gnome-keyring.enable = true;
programs.kdeconnect = {
enable = true;
package = pkgs.gnomeExtensions.gsconnect;
};
environment.systemPackages = with pkgs; [
gnome-tweaks
blackbox-terminal # Terminal app
resources # System resource manager
];
};
}

20
modules/nixos/desktop/plasma/default.nix
View file

@ -1,20 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.desktop.plasma;
in {
options.${namespace}.desktop.plasma = { enable = mkEnableOption "Whether to enable the KDE Plasma desktop environment"; };
config = mkIf cfg.enable {
services.xserver.enable = true;
services.desktopManager.plasma6.enable = true;
services.displayManager.sddm.enable = true;
programs.kdeconnect.enable = true;
};
}

50
modules/nixos/security/yubikey/default.nix
View file

@ -1,50 +0,0 @@
{
lib,
pkgs,
config,
namespace,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.security.yubikey;
in
{
options.${namespace}.security.yubikey = with types; {
enable = mkEnableOption "Enable the Yubikey as a security device.";
key-id = mkOption {
type = listOf str;
default = [ "30650551" ];
example = [ "123456" "1234567" ];
description = "Register additional Yubikey IDs.";
};
enable-agent = mkEnableOption "Enable the Yubikey agent";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ yubikey-manager yubioath-flutter ];
services.udev.packages = [ pkgs.yubikey-personalization ];
services.pcscd.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
security.pam.services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
services.yubikey-agent.enable = cfg.enable-agent;
programs.ssh.extraConfig = mkIf cfg.enable-agent ''
Host *
IdentityAgent /usr/local/var/run/yubikey-agent.sock
'';
environment.sessionVariables = mkIf cfg.enable-agent {
SSH_AUTH_SOCK = "/usr/local/var/run/yubikey-agent.sock";
};
};
}

47
modules/nixos/services/bluesky/pds/default.nix
View file

@ -1,47 +0,0 @@
{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.bluesky.pds;
in {
options.${namespace}.services.bluesky.pds = {
enable = mkEnableOption "Enable the Bluesky PDS, your own ATproto home!";
};
config = mkIf cfg.enable {
sops.secrets.bluesky-pds = {
sopsFile = lib.snowfall.fs.get-file "secrets/bluesky-pds.service.env";
format = "dotenv";
};
systemd.tmpfiles.rules = [
"d /var/lib/containers/bluesky 0700 root root -"
"d /var/lib/containers/bluesky/pds 0700 root root -"
"d /var/lib/containers/bluesky/pds/blobs 0700 root root -"
];
virtualisation.oci-containers.containers.bluesky-pds = {
image = "ghcr.io/bluesky-social/pds:0.4";
autoStart = true;
hostname = host;
environmentFiles = [
config.sops.secrets.bluesky-pds.path
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.bluesky-pds.entrypoints" = "websecure";
"traefik.http.routers.bluesky-pds.rule" = "Host(`bsky.thevoid.cafe`) || HostRegexp(`.+\.bsky\.thevoid\.cafe`)";
"traefik.http.middlewares.bluesky-pds-header.headers.customrequestheaders.Host" = "{host}";
"traefik.http.services.bluesky-pds.loadbalancer.server.port" = "2583";
};
volumes = [
"/var/lib/containers/bluesky/pds:/pds"
];
extraOptions = ["--network=proxy"];
};
};
}

30
modules/nixos/services/duckdns/default.nix
View file

@ -1,30 +0,0 @@
{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.duckdns;
in {
options.${namespace}.services.duckdns = {
enable = mkEnableOption "Enable DuckDNS, the dynamic dns service. Will periodically refresh your IP.";
};
config = mkIf cfg.enable {
sops.secrets.duckdns = {
sopsFile = lib.snowfall.fs.get-file "secrets/duckdns.service.env";
format = "dotenv";
};
virtualisation.oci-containers.containers.duckdns = {
image = "lscr.io/linuxserver/duckdns:latest";
autoStart = true;
hostname = host;
environmentFiles = [
config.sops.secrets.duckdns.path
];
};
};
}

56
modules/nixos/services/forgejo/default.nix
View file

@ -1,56 +0,0 @@
{
lib,
config,
namespace,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.forgejo;
in
{
options.${namespace}.services.forgejo = {
enable = mkEnableOption "Whether to enable the forgejo git service.";
};
config = mkIf cfg.enable {
services.forgejo = {
enable = true;
database = {
type = "postgres";
};
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.thevoid.cafe";
ROOT_URL = "https://git.thevoid.cafe/";
HTTP_PORT = "3030";
};
service.DISABLE_REGISTRATION = true;
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
};
};
# TODO: finish this configuration
services.traefik = {
dynamicConfigOptions = {
http = {
routers.forgejo = {
entryPoints = ["websecure"];
rule = "Host(`git.thevoid.cafe`)";
service = "forgejo";
};
services.forgejo.loadbalancer.server = {
url = "http://localhost:3030";
};
};
};
};
};
}

44
modules/nixos/services/homepage/default.nix
View file

@ -1,44 +0,0 @@
{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.homepage;
homepageConfigDirectory = lib.snowfall.fs.get-file "resources/services/homepage";
in {
options.${namespace}.services.homepage = { enable = mkEnableOption "Enable Homepage, an intuitive dashboard for your services."; };
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d /var/lib/containers/homepage 0700 root root -"
"d /var/lib/containers/homepage/config 0700 root root -"
"d /var/lib/containers/homepage/images 0700 root root -"
];
# Copy files from homepageConfigDirectory to the target directory
system.activationScripts.homepage = ''
cp -r ${homepageConfigDirectory}/* /var/lib/containers/homepage/
'';
virtualisation.oci-containers.containers.homepage = {
image = "ghcr.io/gethomepage/homepage:latest";
autoStart = true;
hostname = host;
labels = {
"traefik.enable" = "true";
"traefik.http.routers.homepage.entrypoints" = "websecure";
"traefik.http.routers.homepage.rule" = "Host(`home.thevoid.cafe`)";
"traefik.http.services.homepage.loadbalancer.server.port" = "3000";
};
volumes = [
"/var/lib/containers/homepage/config:/app/config:rw"
"/var/lib/containers/homepage/images:/app/public/images:rw"
"/var/run/docker.sock:/var/run/docker.sock:ro" # Optional, used for docker integration.
];
extraOptions = ["--network=proxy"];
};
};
}

109
modules/nixos/services/sharkey/default.nix
View file

@ -1,109 +0,0 @@
{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.sharkey;
in {
options.${namespace}.services.sharkey = { enable = mkEnableOption "Enable Sharkey, the activitypub-based microblogging service."; };
config = mkIf cfg.enable {
sops.secrets.sharkey-config = {
sopsFile = lib.snowfall.fs.get-file "secrets/default.sharkey.service.yaml";
format = "yaml";
};
sops.secrets.sharkey-docker-config = {
sopsFile = lib.snowfall.fs.get-file "secrets/docker-env.sharkey.service.env";
format = "dotenv";
};
sops.secrets.sharkey-meilisearch-config = {
sopsFile = lib.snowfall.fs.get-file "secrets/meilisearch.sharkey.service.env";
format = "dotenv";
};
systemd.tmpfiles.rules = [
"d /var/lib/containers/sharkey 0700 991 991 -"
];
system.activationScripts.sharkey-web = ''
cp ${config.sops.secrets.sharkey-config.path} /var/lib/containers/sharkey/.config/default.yml
'';
virtualisation.oci-containers.containers.sharkey-web = {
image = "registry.activitypub.software/transfem-org/sharkey:latest";
autoStart = true;
hostname = host;
dependsOn = [ "sharkey-redis" "sharkey-db" ];
environment = {
NODE_ENV = "production";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.sharkey.entrypoints" = "websecure";
"traefik.http.routers.sharkey.rule" = "Host(`voxtek.enterprises`)";
"traefik.http.services.sharkey.loadbalancer.server.port" = "3000";
# Homepage labels
"homepage.group" = "Entertainment";
"homepage.name" = "Sharkey";
"homepage.icon" = "/images/logo.png";
"homepage.href" = "https://voxtek.enterprises";
"homepage.description" = "Private VoxTek themed Sharkey instance";
"homepage.ping" = "https://voxtek.enterprises";
"homepage.widget.type" = "mastodon";
"homepage.widget.url" = "https://voxtek.enterprises";
};
volumes = [
"/var/lib/containers/sharkey/files:/sharkey/files:rw"
"/var/lib/containers/sharkey/.config:/sharkey/.config:ro"
];
extraOptions = ["--network=proxy --network=sharknet"];
};
virtualisation.oci-containers.containers.sharkey-redis = {
image = "docker.io/redis:7.0-alpine";
autoStart = true;
hostname = host;
volumes = [
"/var/lib/containers/sharkey/redis:/data:rw"
];
extraOptions = ["--network=sharknet"]; # Todo: implement healthcheck
};
virtualisation.oci-containers.containers.sharkey-meilisearch = {
image = "getmeili/meilisearch:v1.3.4";
autoStart = true;
hostname = host;
volumes = [
"/var/lib/containers/sharkey/meili_data:/meili_data:rw"
];
environment = {
MEILI_NO_ANALYTICS = "true";
MEILI_ENV = "production";
};
environmentFiles = [
config.sops.secrets.sharkey-meilisearch.path
];
extraOptions = ["--network=sharknet"];
};
virtualisation.oci-containers.containers.sharkey-db = {
image = "docker.io/postgres:16.1-alpine";
autoStart = true;
hostname = host;
volumes = [
"/var/lib/containers/sharkey/db:/var/lib/postgresql/data:rw"
];
environmentFiles = [
config.sops.secrets.sharkey-docker-config.path
];
extraOptions = ["--network=sharknet"]; # Todo: implement healthcheck
};
# W.I.P Todo: finish Sharkey service
};
}

110
modules/nixos/services/traefik/default.nix
View file

@ -1,110 +0,0 @@
{
lib,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.traefik;
in {
options.${namespace}.services.traefik = {
enable = mkEnableOption "Enable the Traefik service.";
cloudflareEmail = mkOption {
type = types.str;
default = config.${namespace}.admin.email;
example = "system@thevoid.cafe";
description = "Specify the E-Mail associated with your Cloudflare account for ACME.";
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [80 8080 443]; # http, dashboard, https
systemd.services.traefik = {
environment = {
CF_API_EMAIL = cfg.cloudflareEmail;
};
serviceConfig = {
EnvironmentFile = [config.sops.secrets."services/cloudflare/api_key".path];
};
};
services.traefik = {
enable = true;
group = "docker";
staticConfigOptions = {
log = {
level = "INFO";
filePath = "/var/lib/traefik/traefik.log";
noColor = false;
maxSize = 100;
compress = true;
};
api = {
dashboard = true;
insecure = true;
};
providers = {
docker = {
exposedByDefault = false;
network = "proxy";
};
};
certificatesResolvers = {
letsencrypt = {
acme = {
email = cfg.cloudflareEmail;
storage = "/var/lib/traefik/acme.json";
#caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; # Uncomment this when testing stuff!
dnsChallenge = {
provider = "cloudflare";
};
};
};
};
entryPoints.web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
permanent = true;
};
};
entryPoints.websecure = {
address = ":443";
http.tls = {
certResolver = "letsencrypt";
domains = [
{
main = "voidtales.dev";
sans = ["*.voidtales.dev"];
}
{
main = "voxtek.enterprises";
sans = ["*.voxtek.enterprises"];
}
{
main = "thevoid.cafe";
sans = ["*.thevoid.cafe"];
}
{
main = "reckers.dev";
sans = ["*.reckers.dev"];
}
{
main = "rhysbot.co.uk";
sans = ["*.rhysbot.co.uk"];
}
];
};
};
};
};
};
}

43
modules/nixos/services/vaultwarden/default.nix
View file

@ -1,43 +0,0 @@
{
lib,
namespace,
config,
host,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.services.vaultwarden;
in {
options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable Vaultwarden, a self-hostable password manager."; };
config = mkIf cfg.enable {
sops.secrets.vaultwarden = {
sopsFile = lib.snowfall.fs.get-file "secrets/vaultwarden.service.env";
format = "dotenv";
};
# Ensure directories exists before OCI container is launched.
systemd.tmpfiles.rules = [
"d /var/lib/containers/vaultwarden/data 0700 root root -"
];
# "Inspired" by BreakingTV @ github.com
virtualisation.oci-containers.containers.vaultwarden = {
image = "vaultwarden/server";
autoStart = true;
hostname = host;
labels = {
"traefik.enable" = "true";
"traefik.http.routers.vaultwarden.entrypoints" = "websecure";
"traefik.http.routers.vaultwarden.rule" = "Host(`vault.thevoid.cafe`)";
};
volumes = [
"/var/lib/containers/vaultwarden/data:/data:rw"
];
environmentFiles = [
config.sops.secrets.vaultwarden.path
];
extraOptions = ["--network=proxy"];
};
};
}

17
modules/nixos/tools/cachix/default.nix
View file

@ -1,17 +0,0 @@
{
lib,
pkgs,
namespace,
config,
...
}: with lib; with lib.${namespace};
let
cfg = config.${namespace}.tools.cachix;
in {
options.${namespace}.tools.cachix = { enable = mkEnableOption "Enable the cachix binary cache service on your system."; };
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ cachix ];
};
}