diff --git a/flake.nix b/flake.nix index 7662af8..fc77bf1 100644 --- a/flake.nix +++ b/flake.nix @@ -55,6 +55,12 @@ ... } @ inputs: let forAllSystems = nixpkgs.lib.genAttrs utils.lib.defaultSystems; + + defaultModules = [ + self.overlaysModule + home-manager.nixosModules.home-manager + ./modules + ]; in { # Your custom packages # Accessible through 'nix build', 'nix shell', etc @@ -69,94 +75,95 @@ nixosConfigurations = { loft = nixpkgs.lib.nixosSystem { system = utils.lib.system.x86_64-linux; - modules = [ - self.overlaysModule - home-manager.nixosModules.home-manager - ./modules/common.nix - ./modules/containers.nix + modules = + defaultModules + ++ [ + ./modules/common.nix + ./modules/containers.nix - ./machines/loft/configuration.nix - ]; + ./machines/loft/configuration.nix + ]; specialArgs = {inherit inputs;}; }; kitchen = nixpkgs.lib.nixosSystem { system = utils.lib.system.x86_64-linux; - modules = [ - self.overlaysModule - home-manager.nixosModules.home-manager - ./modules/common.nix - ./modules/containers.nix - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.michael = import ./user/environments/nixos/home.nix; - } + modules = + defaultModules + ++ [ + ./modules/common.nix + ./modules/containers.nix + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.michael = import ./user/environments/nixos/home.nix; + } - ./machines/kitchen/configuration.nix - ]; + ./machines/kitchen/configuration.nix + ]; specialArgs = {inherit inputs;}; }; thinkcentre = nixpkgs.lib.nixosSystem { system = utils.lib.system.x86_64-linux; - modules = [ - self.overlaysModule - home-manager.nixosModules.home-manager - ./modules/common.nix - ./modules/hyprland.nix - ./modules/containers.nix - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.michael = import ./user/environments/nixos/home.nix; - } + modules = + defaultModules + ++ [ + ./modules/common.nix + ./modules/hyprland.nix + ./modules/containers.nix + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.michael = import ./user/environments/nixos/home.nix; + } - ./machines/thinkcentre/configuration.nix - agenix.nixosModules.default - { - environment.systemPackages = [ - agenix.packages.x86_64-linux.default - ]; - } - ]; + ./machines/thinkcentre/configuration.nix + agenix.nixosModules.default + { + environment.systemPackages = [ + agenix.packages.x86_64-linux.default + ]; + } + ]; specialArgs = {inherit inputs;}; }; oracle = nixpkgs.lib.nixosSystem { system = utils.lib.system.x86_64-linux; - modules = [ - home-manager.nixosModules.home-manager - ./modules/nix.nix - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.michael = import ./user/environments/nixos-server/home.nix; - } - agenix.nixosModules.default - { - environment.systemPackages = [ - agenix.packages.x86_64-linux.default - ]; - } + modules = + defaultModules + ++ [ + ./modules/nix.nix + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.michael = import ./user/environments/nixos-server/home.nix; + } + agenix.nixosModules.default + { + environment.systemPackages = [ + agenix.packages.x86_64-linux.default + ]; + } - ./machines/oracle/configuration.nix - ]; + ./machines/oracle/configuration.nix + ]; specialArgs = {inherit inputs;}; }; # WSL environment work = inputs.nixpkgs.lib.nixosSystem { system = utils.lib.system.x86_64-linux; - modules = [ - self.overlaysModule - home-manager.nixosModules.home-manager - vscode-server.nixosModules.default - ./modules/containers.nix - ./modules/nix.nix + modules = + defaultModules + ++ [ + vscode-server.nixosModules.default + ./modules/containers.nix + ./modules/nix.nix - ./machines/work/configuration.nix - ]; + ./machines/work/configuration.nix + ]; specialArgs = {inherit inputs;}; }; }; @@ -165,18 +172,18 @@ mac = darwin.lib.darwinSystem { system = "aarch64-darwin"; specialArgs = {inherit inputs;}; - modules = [ - self.overlaysModule - home-manager.darwinModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.michael = import ./user/environments/mac/home.nix; - } + modules = + defaultModules + ++ [ + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.michael = import ./user/environments/mac/home.nix; + } - ./modules/yabai.nix - ./machines/mac/configuration.nix - ]; + ./modules/yabai.nix + ./machines/mac/configuration.nix + ]; }; }; diff --git a/machines/oracle/configuration.nix b/machines/oracle/configuration.nix index 940bfe5..dd53d42 100644 --- a/machines/oracle/configuration.nix +++ b/machines/oracle/configuration.nix @@ -103,6 +103,9 @@ }; networking.firewall.allowedTCPPorts = [80 443]; + my.server.proxyIP = "10.0.0.2"; + my.services.forgejo.proxy = true; + services.uptime-kuma = { enable = true; settings = { diff --git a/machines/thinkcentre/configuration.nix b/machines/thinkcentre/configuration.nix index 609509d..5af926c 100644 --- a/machines/thinkcentre/configuration.nix +++ b/machines/thinkcentre/configuration.nix @@ -13,7 +13,7 @@ networking.firewall = { enable = true; interfaces."wg0" = { - allowedTCPPorts = [7654 3030 3000]; + allowedTCPPorts = [7654 3030]; }; }; @@ -103,29 +103,39 @@ }; }; - services.forgejo = { - enable = true; - settings.server = { - DOMAIN = "git.s.michaelt.xyz"; - ROOT_URL = "https://git.s.michaelt.xyz"; - DISABLE_SSH = true; - HTTP_PORT = 3000; - }; - settings.session = { - COOKIE_SECURE = true; - }; - settings.service = { - DISABLE_REGISTRATION = true; - }; - settings.openid = { - ENABLE_OPENID_SIGNIN = true; - ENABLE_OPENID_SIGNUP = true; - }; - settings.oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - }; + my.server = { + domain = "s.michaelt.xyz"; + firewallInterface = "wg0"; }; + my.services.forgejo = { + enable = true; + port = 3000; + }; + + # services.forgejo = { + # enable = true; + # settings.server = { + # DOMAIN = "git.s.michaelt.xyz"; + # ROOT_URL = "https://git.s.michaelt.xyz"; + # DISABLE_SSH = true; + # HTTP_PORT = 3000; + # }; + # settings.session = { + # COOKIE_SECURE = true; + # }; + # settings.service = { + # DISABLE_REGISTRATION = true; + # }; + # settings.openid = { + # ENABLE_OPENID_SIGNIN = true; + # ENABLE_OPENID_SIGNUP = true; + # }; + # settings.oauth2_client = { + # ENABLE_AUTO_REGISTRATION = true; + # }; + # }; + swapDevices = [ { device = "/swapfile"; diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..4ffe14a --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./server + ./services + ]; +} diff --git a/modules/server/default.nix b/modules/server/default.nix new file mode 100644 index 0000000..bcef6c2 --- /dev/null +++ b/modules/server/default.nix @@ -0,0 +1,28 @@ +{lib, ...}: +with lib; { + options.my.server = { + name = mkOption { + type = types.str; + default = "Server"; + example = "Venus"; + description = "User-facing name of the server."; + }; + domain = mkOption { + type = types.str; + example = "example.com"; + description = "Full domain name of the server."; + }; + proxyIP = mkOption { + type = types.str; + default = "127.0.0.1"; + example = "127.0.0.1"; + description = "IP address of server hosting services behind reverse proxy."; + }; + firewallInterface = mkOption { + type = types.str; + default = "eth0"; + example = "wg0"; + description = "Network interface to expose services on."; + }; + }; +} diff --git a/modules/services/default.nix b/modules/services/default.nix new file mode 100644 index 0000000..c7f3bff --- /dev/null +++ b/modules/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./forgejo + ]; +} diff --git a/modules/services/forgejo/default.nix b/modules/services/forgejo/default.nix new file mode 100644 index 0000000..60cb29a --- /dev/null +++ b/modules/services/forgejo/default.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.my.services.forgejo; + inherit (config.my.server) domain proxyIP firewallInterface; + url = "https://git.${domain}"; +in { + options.my.services.forgejo = { + enable = mkEnableOption "Forgejo"; + proxy = mkEnableOption "Forgejo reverse proxy entry"; + subdomain = mkOption { + type = types.str; + default = "git"; + example = "git"; + description = "Subdomain to use for the service."; + }; + port = mkOption { + type = types.port; + default = 3000; + example = 8080; + description = "HTTP port for the Forgejo service."; + }; + }; + + config = mkMerge [ + (mkIf cfg.enable { + services.forgejo = { + enable = true; + settings.server = { + DOMAIN = "git.${domain}"; + ROOT_URL = url; + DISABLE_SSH = true; + HTTP_PORT = cfg.port; + }; + settings.session = { + COOKIE_SECURE = true; + }; + settings.service = { + DISABLE_REGISTRATION = true; + }; + settings.openid = { + ENABLE_OPENID_SIGNIN = true; + ENABLE_OPENID_SIGNUP = true; + }; + settings.oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + }; + }; + + networking.firewall.interfaces."${firewallInterface}".allowedTCPPorts = [cfg.port]; + + # services.homepage-dashboard.services = [ + # { + # Git = { + # Forgejo = { + # href = url; + # description = "Beyond coding. We forge."; + # }; + # }; + # } + # ]; + }) + (mkIf cfg.proxy { + services.caddy.virtualHosts."${url}".extraConfig = '' + reverse_proxy http://${proxyIP}:${cfg.port} + ''; + }) + ]; +}