🐛 Tons of type and bug fixes (thanks language server for not working)

modules/flake/systems.nix

@@ -17,7 +17,6 @@
         (lib.optionals (class == "nixos") [
           inputs.home-manager.nixosModules.default
           inputs.sops-nix.nixosModules.sops
-          inputs.attic.nixosModules.atticd
         ])
         ++ (self.lib.dirToModuleList ../${class}); # Import modules based on current classname.
     };

modules/nixos/services/atticd/default.nix

@@ -4,7 +4,7 @@
   config,
   ...
 }: let
-  inherit (lib) mkEnableOption mkIf;
+  inherit (lib) mkEnableOption mkIf types;
   inherit (self) namespace;
   inherit (self.lib) mkOpt;
 
@@ -12,13 +12,13 @@
 in {
   options.${namespace}.services.atticd = {
     enable = mkEnableOption "the attic service, a multi-tenant nix binary cache.";
-    sopsFile = mkOpt types.str null "The location of the sops secret file for the Atticd service.";
+    sopsFile = mkOpt types.path null "The location of the sops secret file for the Atticd service.";
     sopsFormat = mkOpt types.str null "The format of the sops secret file for the Atticd service.";
     subdomain = mkOpt types.str "cache" "The subdomain, of the system domain, the service should be exposed on.";
   };
 
   config = mkIf cfg.enable {
-    config.sops.secrets."services/atticd" = {
+    sops.secrets."services/atticd" = {
       sopsFile = cfg.sopsFile;
       format = cfg.sopsFormat;
     };
@@ -46,7 +46,7 @@ in {
         services.atticd.loadBalancer.server.url = "http://localhost:3900";
         routers.atticd = {
           entrypoints = ["websecure"];
-          rule = "Host(`${cfg.subdomain}.${config.services.domain}`)";
+          rule = "Host(`${cfg.subdomain}.${config.${namespace}.services.domain}`)";
         };
       };
     };

modules/nixos/services/default.nix

@@ -9,5 +9,6 @@
 in {
   options.${namespace}.services = {
     domain = mkOpt types.str "thevoid.cafe" "The main system domain, used for exposing services.";
+    mail = mkOpt types.str "system@thevoid.cafe" "The main system administration E-Mail, used for logs and services.";
   };
 }

modules/nixos/services/duckdns/default.nix

@@ -12,7 +12,7 @@
 in {
   options.${namespace}.services.duckdns = {
     enable = mkEnableOption "DuckDNS, the dynamic dns service. Will periodically refresh your IP.";
-    sopsFile = mkOpt types.str null "The location of the sops secret file for the DuckDNS service.";
+    sopsFile = mkOpt types.path null "The location of the sops secret file for the DuckDNS service.";
     sopsFormat = mkOpt types.str null "The format of the sops secret file for the DuckDNS service.";
   };
 
@@ -25,7 +25,7 @@ in {
     virtualisation.oci-containers.containers.duckdns = {
       image = "lscr.io/linuxserver/duckdns:latest";
       autoStart = true;
-      hostname = config.networking.hostname;
+      hostname = config.networking.hostName;
       environmentFiles = [
         config.sops.secrets.duckdns.path
       ];

modules/nixos/services/homepage/default.nix

@@ -13,7 +13,7 @@ in {
   options.${namespace}.services.homepage = {
     enable = mkEnableOption "Homepage, an intuitive dashboard for your services.";
     subdomain = mkOpt types.str "home" "The subdomain, of the system domain, the service should be exposed on.";
-    configDir = mkOpt types.str null "The config directory, which will be copied to the Homepage directory during compilation.";
+    configDir = mkOpt types.path null "The config directory, which will be copied to the Homepage directory during compilation.";
   };
 
   config = mkIf cfg.enable {
@@ -31,11 +31,11 @@ in {
     virtualisation.oci-containers.containers.homepage = {
       image = "ghcr.io/gethomepage/homepage:latest";
       autoStart = true;
-      hostname = config.networking.hostname;
+      hostname = config.networking.hostName;
       labels = {
         "traefik.enable" = "true";
         "traefik.http.routers.homepage.entrypoints" = "websecure";
-        "traefik.http.routers.homepage.rule" = "Host(`${cfg.subdomain}.${config.services.domain}`)";
+        "traefik.http.routers.homepage.rule" = "Host(`${cfg.subdomain}.${config.${namespace}.services.domain}`)";
         "traefik.http.services.homepage.loadbalancer.server.port" = "3000";
       };
       volumes = [
@@ -46,7 +46,7 @@ in {
         "/var/run/docker.sock:/var/run/docker.sock:ro"
       ];
       environment = {
-        "HOMEPAGE_ALLOWED_HOSTS" = "${cfg.subdomain}.${config.services.domain}";
+        "HOMEPAGE_ALLOWED_HOSTS" = "${cfg.subdomain}.${config.${namespace}.services.domain}";
       };
       extraOptions = ["--network=proxy"];
     };

modules/nixos/services/traefik/default.nix

@@ -4,14 +4,15 @@
   config,
   ...
 }: let
-  inherit (lib) mkEnableOption mkIf;
+  inherit (lib) mkEnableOption mkIf types;
   inherit (self) namespace;
+  inherit (self.lib) mkOpt;
 
   cfg = config.${namespace}.services.traefik;
 in {
   options.${namespace}.services.traefik = {
     enable = mkEnableOption "the Traefik service.";
-    sopsFile = mkOpt types.str null "The location of the sops secret file for the Traefik service.";
+    sopsFile = mkOpt types.path null "The location of the sops secret file for the Traefik service.";
     sopsFormat = mkOpt types.str null "The format of the sops secret file for the Traefik service.";
   };
 
@@ -57,7 +58,7 @@ in {
         certificatesResolvers = {
           letsencrypt = {
             acme = {
-              email = cfg.cloudflareEmail;
+              email = config.${namespace}.services.mail;
               storage = "/var/lib/traefik/acme.json";
               #caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; # Uncomment this when testing stuff!
               dnsChallenge = {

modules/nixos/services/vaultwarden/default.nix

@@ -12,7 +12,7 @@
 in {
   options.${namespace}.services.vaultwarden = {
     enable = mkEnableOption "Vaultwarden, a self-hostable password manager.";
-    sopsFile = mkOpt types.str null "The location of the sops secret file for the Vaultwarden service.";
+    sopsFile = mkOpt types.path null "The location of the sops secret file for the Vaultwarden service.";
     sopsFormat = mkOpt types.str null "The format of the sops secret file for the Vaultwarden service.";
     subdomain = mkOpt types.str "vault" "The subdomain, of the system domain, the service should be exposed on.";
   };
@@ -31,11 +31,11 @@ in {
     virtualisation.oci-containers.containers.vaultwarden = {
       image = "vaultwarden/server";
       autoStart = true;
-      hostname = config.networking.hostname;
+      hostname = config.networking.hostName;
       labels = {
         "traefik.enable" = "true";
         "traefik.http.routers.vaultwarden.entrypoints" = "websecure";
-        "traefik.http.routers.vaultwarden.rule" = "Host(`${cfg.subdomain}.${config.services.domain}`)";
+        "traefik.http.routers.vaultwarden.rule" = "Host(`${cfg.subdomain}.${config.${namespace}.services.domain}`)";
       };
       volumes = [
         "/var/lib/containers/vaultwarden/data:/data:rw"

modules/nixos/system/nix/default.nix

@@ -5,8 +5,9 @@
   config,
   ...
 }: let
-  inherit (lib) mkEnableOption mkIf;
+  inherit (lib) mkEnableOption mkIf types;
   inherit (self) namespace;
+  inherit (self.lib) mkOpt;
 
   cfg = config.${namespace}.system.nix;
 in {
@@ -14,6 +15,7 @@ in {
     enable = mkEnableOption "Nix configuration overrides.";
     use-lix = mkEnableOption "Lix as an alternative to CppNix.";
     use-nixld = mkEnableOption "the use of dynamically linked executables on nix based systems.";
+    trusted-users = mkOpt (types.listOf types.str) ["@wheel"] "List of trusted users for this NixOS system.";
   };
 
   config = mkIf cfg.enable {
@@ -26,6 +28,7 @@ in {
         keep-outputs = true;
         max-jobs = "auto";
         warn-dirty = false;
+        trusted-users = cfg.trusted-users;
       };
 
       # Garbage collection configuration.