🎉📝 initialize v2

2025-09-10 04:40:05 +00:00 · 2025-01-13 18:54:17 +01:00 · 2025-01-13 18:54:17 +01:00 · 5abbdd12fb
commit 5abbdd12fb
parent 5087472710
95 changed files with 38 additions and 2693 deletions
--- a/modules/nixos/services/bluesky/pds/default.nix
+++ b/modules/nixos/services/bluesky/pds/default.nix
@ -1,47 +0,0 @@
-{
-  lib,
-  namespace,
-  config,
-  host,
-  ...
-}: with lib; with lib.${namespace};
-let
-  cfg = config.${namespace}.services.bluesky.pds;
-in {
-  options.${namespace}.services.bluesky.pds = {
-    enable = mkEnableOption "Enable the Bluesky PDS, your own ATproto home!";
-  };
-
-  config = mkIf cfg.enable {
-    sops.secrets.bluesky-pds = {
-      sopsFile = lib.snowfall.fs.get-file "secrets/bluesky-pds.service.env";
-      format = "dotenv";
-    };
-
-    systemd.tmpfiles.rules = [
-      "d /var/lib/containers/bluesky 0700 root root -"
-      "d /var/lib/containers/bluesky/pds 0700 root root -"
-      "d /var/lib/containers/bluesky/pds/blobs 0700 root root -"
-    ];
-
-    virtualisation.oci-containers.containers.bluesky-pds = {
-      image = "ghcr.io/bluesky-social/pds:0.4";
-      autoStart = true;
-      hostname = host;
-      environmentFiles = [
-        config.sops.secrets.bluesky-pds.path
-      ];
-      labels = {
-        "traefik.enable" = "true";
-        "traefik.http.routers.bluesky-pds.entrypoints" = "websecure";
-        "traefik.http.routers.bluesky-pds.rule" = "Host(`bsky.thevoid.cafe`) || HostRegexp(`.+\.bsky\.thevoid\.cafe`)";
-        "traefik.http.middlewares.bluesky-pds-header.headers.customrequestheaders.Host" = "{host}";
-        "traefik.http.services.bluesky-pds.loadbalancer.server.port" = "2583";
-      };
-      volumes = [
-        "/var/lib/containers/bluesky/pds:/pds"
-      ];
-      extraOptions = ["--network=proxy"];
-    };
-  };
-}
--- a/modules/nixos/services/duckdns/default.nix
+++ b/modules/nixos/services/duckdns/default.nix
@ -1,30 +0,0 @@
-{
-  lib,
-  namespace,
-  config,
-  host,
-  ...
-}: with lib; with lib.${namespace};
-let
-  cfg = config.${namespace}.services.duckdns;
-in {
-  options.${namespace}.services.duckdns = {
-    enable = mkEnableOption "Enable DuckDNS, the dynamic dns service. Will periodically refresh your IP.";
-  };
-
-  config = mkIf cfg.enable {
-    sops.secrets.duckdns = {
-      sopsFile = lib.snowfall.fs.get-file "secrets/duckdns.service.env";
-      format = "dotenv";
-    };
-
-    virtualisation.oci-containers.containers.duckdns = {
-      image = "lscr.io/linuxserver/duckdns:latest";
-      autoStart = true;
-      hostname = host;
-      environmentFiles = [
-        config.sops.secrets.duckdns.path
-      ];
-    };
-  };
-}
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@ -1,56 +0,0 @@
-{
-  lib,
-  config,
-  namespace,
-  ...
-}:
-let
-  inherit (lib) mkEnableOption mkIf;
-  cfg = config.${namespace}.services.forgejo;
-in
-{
-  options.${namespace}.services.forgejo = {
-    enable = mkEnableOption "Whether to enable the forgejo git service.";
-  };
-
-  config = mkIf cfg.enable {
-    services.forgejo = {
-      enable = true;
-
-      database = {
-        type = "postgres";
-      };
-      lfs.enable = true;
-      settings = {
-        server = {
-          DOMAIN = "git.thevoid.cafe";
-          ROOT_URL = "https://git.thevoid.cafe/";
-          HTTP_PORT = "3030";
-        };
-        service.DISABLE_REGISTRATION = true;
-        actions = {
-          ENABLED = true;
-          DEFAULT_ACTIONS_URL = "github";
-        };
-      };
-    };
-
-    # TODO: finish this configuration
-
-    services.traefik = {
-      dynamicConfigOptions = {
-        http = {
-          routers.forgejo = {
-            entryPoints = ["websecure"];
-            rule = "Host(`git.thevoid.cafe`)";
-            service = "forgejo";
-          };
-
-          services.forgejo.loadbalancer.server = {
-            url = "http://localhost:3030";
-          };
-        };
-      };
-    };
-  };
-}
--- a/modules/nixos/services/homepage/default.nix
+++ b/modules/nixos/services/homepage/default.nix
@ -1,44 +0,0 @@
-{
-  lib,
-  namespace,
-  config,
-  host,
-  ...
-}: with lib; with lib.${namespace};
-let
-  cfg = config.${namespace}.services.homepage;
-  homepageConfigDirectory = lib.snowfall.fs.get-file "resources/services/homepage";
-in {
-  options.${namespace}.services.homepage = { enable = mkEnableOption "Enable Homepage, an intuitive dashboard for your services."; };
-
-  config = mkIf cfg.enable {
-    systemd.tmpfiles.rules = [
-      "d /var/lib/containers/homepage 0700 root root -"
-      "d /var/lib/containers/homepage/config 0700 root root -"
-      "d /var/lib/containers/homepage/images 0700 root root -"
-    ];
-
-    # Copy files from homepageConfigDirectory to the target directory
-    system.activationScripts.homepage = ''
-      cp -r ${homepageConfigDirectory}/* /var/lib/containers/homepage/
-    '';
-
-    virtualisation.oci-containers.containers.homepage = {
-      image = "ghcr.io/gethomepage/homepage:latest";
-      autoStart = true;
-      hostname = host;
-      labels = {
-        "traefik.enable" = "true";
-        "traefik.http.routers.homepage.entrypoints" = "websecure";
-        "traefik.http.routers.homepage.rule" = "Host(`home.thevoid.cafe`)";
-        "traefik.http.services.homepage.loadbalancer.server.port" = "3000";
-      };
-      volumes = [
-        "/var/lib/containers/homepage/config:/app/config:rw"
-        "/var/lib/containers/homepage/images:/app/public/images:rw"
-        "/var/run/docker.sock:/var/run/docker.sock:ro" # Optional, used for docker integration.
-      ];
-      extraOptions = ["--network=proxy"];
-    };
-  };
-}
--- a/modules/nixos/services/sharkey/default.nix
+++ b/modules/nixos/services/sharkey/default.nix
@ -1,109 +0,0 @@
-{
-  lib,
-  namespace,
-  config,
-  host,
-  ...
-}: with lib; with lib.${namespace};
-let
-  cfg = config.${namespace}.services.sharkey;
-in {
-  options.${namespace}.services.sharkey = { enable = mkEnableOption "Enable Sharkey, the activitypub-based microblogging service."; };
-
-  config = mkIf cfg.enable {
-    sops.secrets.sharkey-config = {
-      sopsFile = lib.snowfall.fs.get-file "secrets/default.sharkey.service.yaml";
-      format = "yaml";
-    };
-
-    sops.secrets.sharkey-docker-config = {
-      sopsFile = lib.snowfall.fs.get-file "secrets/docker-env.sharkey.service.env";
-      format = "dotenv";
-    };
-
-    sops.secrets.sharkey-meilisearch-config = {
-      sopsFile = lib.snowfall.fs.get-file "secrets/meilisearch.sharkey.service.env";
-      format = "dotenv";
-    };
-
-    systemd.tmpfiles.rules = [
-      "d /var/lib/containers/sharkey 0700 991 991 -"
-    ];
-
-    system.activationScripts.sharkey-web = ''
-      cp ${config.sops.secrets.sharkey-config.path} /var/lib/containers/sharkey/.config/default.yml
-    '';
-
-    virtualisation.oci-containers.containers.sharkey-web = {
-      image = "registry.activitypub.software/transfem-org/sharkey:latest";
-      autoStart = true;
-      hostname = host;
-      dependsOn = [ "sharkey-redis" "sharkey-db" ];
-      environment = {
-        NODE_ENV = "production";
-      };
-      labels = {
-        "traefik.enable" = "true";
-        "traefik.http.routers.sharkey.entrypoints" = "websecure";
-        "traefik.http.routers.sharkey.rule" = "Host(`voxtek.enterprises`)";
-        "traefik.http.services.sharkey.loadbalancer.server.port" = "3000";
-        # Homepage labels
-        "homepage.group" = "Entertainment";
-        "homepage.name" = "Sharkey";
-        "homepage.icon" = "/images/logo.png";
-        "homepage.href" = "https://voxtek.enterprises";
-        "homepage.description" = "Private VoxTek themed Sharkey instance";
-        "homepage.ping" = "https://voxtek.enterprises";
-        "homepage.widget.type" = "mastodon";
-        "homepage.widget.url" = "https://voxtek.enterprises";
-      };
-      volumes = [
-        "/var/lib/containers/sharkey/files:/sharkey/files:rw"
-        "/var/lib/containers/sharkey/.config:/sharkey/.config:ro"
-      ];
-      extraOptions = ["--network=proxy --network=sharknet"];
-    };
-
-    virtualisation.oci-containers.containers.sharkey-redis = {
-      image = "docker.io/redis:7.0-alpine";
-      autoStart = true;
-      hostname = host;
-      volumes = [
-        "/var/lib/containers/sharkey/redis:/data:rw"
-      ];
-      extraOptions = ["--network=sharknet"]; # Todo: implement healthcheck
-    };
-
-    virtualisation.oci-containers.containers.sharkey-meilisearch = {
-      image = "getmeili/meilisearch:v1.3.4";
-      autoStart = true;
-      hostname = host;
-      volumes = [
-        "/var/lib/containers/sharkey/meili_data:/meili_data:rw"
-      ];
-      environment = {
-        MEILI_NO_ANALYTICS = "true";
-        MEILI_ENV = "production";
-      };
-      environmentFiles = [
-        config.sops.secrets.sharkey-meilisearch.path
-      ];
-      extraOptions = ["--network=sharknet"];
-    };
-
-    virtualisation.oci-containers.containers.sharkey-db = {
-      image = "docker.io/postgres:16.1-alpine";
-      autoStart = true;
-      hostname = host;
-      volumes = [
-        "/var/lib/containers/sharkey/db:/var/lib/postgresql/data:rw"
-      ];
-      environmentFiles = [
-        config.sops.secrets.sharkey-docker-config.path
-      ];
-      extraOptions = ["--network=sharknet"]; # Todo: implement healthcheck
-    };
-
-    # W.I.P Todo: finish Sharkey service
-  };
-}
--- a/modules/nixos/services/traefik/default.nix
+++ b/modules/nixos/services/traefik/default.nix
@ -1,110 +0,0 @@
-{
-  lib,
-  namespace,
-  config,
-  ...
-}: with lib; with lib.${namespace};
-let
-  cfg = config.${namespace}.services.traefik;
-in {
-  options.${namespace}.services.traefik = {
-    enable = mkEnableOption "Enable the Traefik service.";
-    cloudflareEmail = mkOption {
-      type = types.str;
-      default = config.${namespace}.admin.email;
-      example = "system@thevoid.cafe";
-      description = "Specify the E-Mail associated with your Cloudflare account for ACME.";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [80 8080 443]; # http, dashboard, https
-
-    systemd.services.traefik = {
-      environment = {
-        CF_API_EMAIL = cfg.cloudflareEmail;
-      };
-      serviceConfig = {
-        EnvironmentFile = [config.sops.secrets."services/cloudflare/api_key".path];
-      };
-    };
-
-    services.traefik = {
-      enable = true;
-      group = "docker";
-
-      staticConfigOptions = {
-        log = {
-          level = "INFO";
-          filePath = "/var/lib/traefik/traefik.log";
-          noColor = false;
-          maxSize = 100;
-          compress = true;
-        };
-
-        api = {
-          dashboard = true;
-          insecure = true;
-        };
-
-        providers = {
-          docker = {
-            exposedByDefault = false;
-            network = "proxy";
-          };
-        };
-
-        certificatesResolvers = {
-          letsencrypt = {
-            acme = {
-              email = cfg.cloudflareEmail;
-              storage = "/var/lib/traefik/acme.json";
-              #caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; # Uncomment this when testing stuff!
-              dnsChallenge = {
-                provider = "cloudflare";
-              };
-            };
-          };
-        };
-
-        entryPoints.web = {
-          address = ":80";
-          http.redirections.entryPoint = {
-            to = "websecure";
-            scheme = "https";
-            permanent = true;
-          };
-        };
-
-        entryPoints.websecure = {
-          address = ":443";
-          http.tls = {
-            certResolver = "letsencrypt";
-            domains = [
-              {
-                main = "voidtales.dev";
-                sans = ["*.voidtales.dev"];
-              }
-              {
-                main = "voxtek.enterprises";
-                sans = ["*.voxtek.enterprises"];
-              }
-              {
-                main = "thevoid.cafe";
-                sans = ["*.thevoid.cafe"];
-              }
-              {
-                main = "reckers.dev";
-                sans = ["*.reckers.dev"];
-              }
-              {
-                main = "rhysbot.co.uk";
-                sans = ["*.rhysbot.co.uk"];
-              }
-            ];
-          };
-        };
-      };
-    };
-  };
-}
--- a/modules/nixos/services/vaultwarden/default.nix
+++ b/modules/nixos/services/vaultwarden/default.nix
@ -1,43 +0,0 @@
-{
-  lib,
-  namespace,
-  config,
-  host,
-  ...
-}: with lib; with lib.${namespace};
-let
-  cfg = config.${namespace}.services.vaultwarden;
-in {
-  options.${namespace}.services.vaultwarden = { enable = mkEnableOption "Enable Vaultwarden, a self-hostable password manager."; };
-
-  config = mkIf cfg.enable {
-    sops.secrets.vaultwarden = {
-      sopsFile = lib.snowfall.fs.get-file "secrets/vaultwarden.service.env";
-      format = "dotenv";
-    };
-
-    # Ensure directories exists before OCI container is launched.
-    systemd.tmpfiles.rules = [
-      "d /var/lib/containers/vaultwarden/data 0700 root root -"
-    ];
-
-    # "Inspired" by BreakingTV @ github.com
-    virtualisation.oci-containers.containers.vaultwarden = {
-      image = "vaultwarden/server";
-      autoStart = true;
-      hostname = host;
-      labels = {
-        "traefik.enable" = "true";
-        "traefik.http.routers.vaultwarden.entrypoints" = "websecure";
-        "traefik.http.routers.vaultwarden.rule" = "Host(`vault.thevoid.cafe`)";
-      };
-      volumes = [
-        "/var/lib/containers/vaultwarden/data:/data:rw"
-      ];
-      environmentFiles = [
-        config.sops.secrets.vaultwarden.path
-      ];
-      extraOptions = ["--network=proxy"];
-    };
-  };
-}