diff options
| author | seth <[email protected]> | 2024-02-11 03:12:54 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2024-02-11 03:15:48 -0500 |
| commit | dadd33514c1fdc8ba4890e9334ab0fb89c31d02a (patch) | |
| tree | 20d8f9a31933ee143c5d6d1fefa92f3a5f6d402d | |
| parent | 055b48c798039558e2ffde83b589ef6856917bbf (diff) | |
nixos/server: init (again)
| -rw-r--r-- | modules/nixos/archetypes/server.nix | 37 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/server/default.nix | 43 | ||||
| -rw-r--r-- | modules/nixos/server/mixins/acme.nix (renamed from modules/nixos/traits/acme.nix) | 8 | ||||
| -rw-r--r-- | modules/nixos/server/mixins/cloudflared.nix (renamed from modules/nixos/traits/cloudflared.nix) | 6 | ||||
| -rw-r--r-- | modules/nixos/server/mixins/default.nix | 9 | ||||
| -rw-r--r-- | modules/nixos/server/mixins/hercules.nix (renamed from modules/nixos/traits/hercules.nix) | 6 | ||||
| -rw-r--r-- | modules/nixos/server/mixins/nginx.nix (renamed from modules/nixos/traits/nginx.nix) | 8 | ||||
| -rw-r--r-- | modules/nixos/server/mixins/promtail.nix (renamed from modules/nixos/traits/promtail.nix) | 8 | ||||
| -rw-r--r-- | modules/nixos/traits/default.nix | 5 |
10 files changed, 79 insertions, 52 deletions
diff --git a/modules/nixos/archetypes/server.nix b/modules/nixos/archetypes/server.nix index e42e3d4..3933b6f 100644 --- a/modules/nixos/archetypes/server.nix +++ b/modules/nixos/archetypes/server.nix @@ -1,8 +1,6 @@ { config, lib, - pkgs, - inputs, ... }: let cfg = config.archetypes.server; @@ -18,17 +16,22 @@ in { defaultPrograms.enable = false; }; + server = { + enable = true; + mixins = { + cloudflared.enable = true; + nginx.enable = true; + }; + }; + traits = { autoUpgrade.enable = true; - cloudflared.enable = true; locale = { en_US.enable = true; US-east.enable = true; }; - nginx.defaultConfiguration = true; - secrets.enable = true; tailscale = { @@ -43,29 +46,5 @@ in { zram.enable = true; }; - - _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}; - - boot.tmp.cleanOnBoot = lib.mkDefault true; - - documentation = { - enable = false; - man.enable = false; - }; - - environment = { - defaultPackages = lib.mkForce []; - etc."nix/inputs/nixpkgs".source = inputs.nixpkgs-stable.outPath; - }; - - nix = { - gc = { - dates = "*-*-1,5,9,13,17,21,25,29 00:00:00"; - options = "-d --delete-older-than 2d"; - }; - - registry.n.flake = inputs.nixpkgs-stable; - settings.allowed-users = [config.networking.hostName]; - }; }; } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 3ef9339..b66e06d 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -2,5 +2,6 @@ archetypes = ./archetypes; base = ./base; desktop = ./desktop; + server = ./server; traits = ./traits; } diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix new file mode 100644 index 0000000..83ec0a8 --- /dev/null +++ b/modules/nixos/server/default.nix @@ -0,0 +1,43 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: let + cfg = config.server; +in { + options.server = { + enable = lib.mkEnableOption "server settings"; + }; + + imports = [ + ./mixins + ]; + + config = lib.mkIf cfg.enable { + _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}; + + boot.tmp.cleanOnBoot = lib.mkDefault true; + + documentation = { + enable = false; + man.enable = false; + }; + + environment = { + defaultPackages = lib.mkForce []; + etc."nix/inputs/nixpkgs".source = inputs.nixpkgs-stable.outPath; + }; + + nix = { + gc = { + dates = "*-*-1,5,9,13,17,21,25,29 00:00:00"; + options = "-d --delete-older-than 2d"; + }; + + registry.n.flake = inputs.nixpkgs-stable; + settings.allowed-users = [config.networking.hostName]; + }; + }; +} diff --git a/modules/nixos/traits/acme.nix b/modules/nixos/server/mixins/acme.nix index 0d42f6a..60703e6 100644 --- a/modules/nixos/traits/acme.nix +++ b/modules/nixos/server/mixins/acme.nix @@ -4,10 +4,10 @@ secretsDir, ... }: let - cfg = config.traits.acme; + cfg = config.server.mixins.acme; in { - options.traits.acme = { - enable = lib.mkEnableOption "ACME support"; + options.server.mixins.acme = { + enable = lib.mkEnableOption "ACME mixin"; manageSecrets = lib.mkEnableOption "automatic secrets management" @@ -15,7 +15,7 @@ in { default = config.traits.secrets.enable; }; - useDns = lib.mkEnableOption "the usage of dns to get certs" // {default = true;}; + useDns = lib.mkEnableOption "the usage of Cloudflare to obtain certs" // {default = true;}; }; config = lib.mkIf cfg.enable ( diff --git a/modules/nixos/traits/cloudflared.nix b/modules/nixos/server/mixins/cloudflared.nix index 5bff263..5f75a35 100644 --- a/modules/nixos/traits/cloudflared.nix +++ b/modules/nixos/server/mixins/cloudflared.nix @@ -4,11 +4,11 @@ secretsDir, ... }: let - cfg = config.traits.cloudflared; + cfg = config.server.mixins.cloudflared; inherit (config.services) nginx; in { - options.traits.cloudflared = { - enable = lib.mkEnableOption "cloudflared"; + options.server.mixins.cloudflared = { + enable = lib.mkEnableOption "cloudflared mixin"; manageSecrets = lib.mkEnableOption "automatic secrets management" // { diff --git a/modules/nixos/server/mixins/default.nix b/modules/nixos/server/mixins/default.nix new file mode 100644 index 0000000..461cd34 --- /dev/null +++ b/modules/nixos/server/mixins/default.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./acme.nix + ./cloudflared.nix + ./hercules.nix + ./nginx.nix + ./promtail.nix + ]; +} diff --git a/modules/nixos/traits/hercules.nix b/modules/nixos/server/mixins/hercules.nix index 14e8c12..103f58e 100644 --- a/modules/nixos/traits/hercules.nix +++ b/modules/nixos/server/mixins/hercules.nix @@ -5,10 +5,10 @@ secretsDir, ... }: let - cfg = config.traits.hercules-ci; + cfg = config.server.mixins.hercules-ci; in { - options.traits.hercules-ci = { - enable = lib.mkEnableOption "hercules-ci"; + options.server.mixins.hercules-ci = { + enable = lib.mkEnableOption "hercules-ci mixin"; manageSecrets = lib.mkEnableOption "automatic secrets management" // { diff --git a/modules/nixos/traits/nginx.nix b/modules/nixos/server/mixins/nginx.nix index 0693719..ba18ecf 100644 --- a/modules/nixos/traits/nginx.nix +++ b/modules/nixos/server/mixins/nginx.nix @@ -3,13 +3,13 @@ lib, ... }: let - cfg = config.traits.nginx; + cfg = config.server.mixins.nginx; in { - options.traits.nginx = { - defaultConfiguration = lib.mkEnableOption "default nginx configuration"; + options.server.mixins.nginx = { + enable = lib.mkEnableOption "nginx mixin"; }; - config = lib.mkIf cfg.defaultConfiguration { + config = lib.mkIf cfg.enable { services.nginx = { enable = true; diff --git a/modules/nixos/traits/promtail.nix b/modules/nixos/server/mixins/promtail.nix index 5e08b25..1baaac6 100644 --- a/modules/nixos/traits/promtail.nix +++ b/modules/nixos/server/mixins/promtail.nix @@ -3,16 +3,16 @@ lib, ... }: let - cfg = config.traits.promtail; + cfg = config.server.mixins.promtail; inherit (lib) types; in { - options.traits.promtail = { - enable = lib.mkEnableOption "Promtail"; + options.server.mixins.promtail = { + enable = lib.mkEnableOption "Promtail mixin"; clients = lib.mkOption { type = types.listOf types.attrs; default = [{}]; - description = "clients for promtail"; + description = "Clients for promtail"; }; }; diff --git a/modules/nixos/traits/default.nix b/modules/nixos/traits/default.nix index 7b1d6fa..090e23f 100644 --- a/modules/nixos/traits/default.nix +++ b/modules/nixos/traits/default.nix @@ -1,15 +1,10 @@ { imports = [ - ./acme.nix ./auto-upgrade.nix - ./cloudflared.nix ./containers.nix - ./hercules.nix ./home-manager.nix ./locale.nix - ./nginx.nix ./nvk - ./promtail.nix ./secrets.nix ./tailscale.nix ./user-setup.nix |