summaryrefslogtreecommitdiff
path: root/modules/nixos/server/mixins
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/server/mixins')
-rw-r--r--modules/nixos/server/mixins/acme.nix52
-rw-r--r--modules/nixos/server/mixins/cloudflared.nix60
-rw-r--r--modules/nixos/server/mixins/default.nix9
-rw-r--r--modules/nixos/server/mixins/hercules.nix55
-rw-r--r--modules/nixos/server/mixins/nginx.nix22
-rw-r--r--modules/nixos/server/mixins/promtail.nix48
6 files changed, 0 insertions, 246 deletions
diff --git a/modules/nixos/server/mixins/acme.nix b/modules/nixos/server/mixins/acme.nix
deleted file mode 100644
index 39166f2..0000000
--- a/modules/nixos/server/mixins/acme.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{
- config,
- lib,
- secretsDir,
- ...
-}:
-let
- cfg = config.server.mixins.acme;
-in
-{
- options.server.mixins.acme = {
- enable = lib.mkEnableOption "ACME mixin";
-
- manageSecrets = lib.mkEnableOption "automatic management of secrets" // {
- default = config.traits.secrets.enable;
- defaultText = lib.literalExpression "config.traits.secrets.enable";
- };
-
- useDns = lib.mkEnableOption "the use of Cloudflare to obtain certs" // {
- default = true;
- };
- };
-
- config = lib.mkIf cfg.enable (
- lib.mkMerge [
- {
- security.acme = {
- acceptTerms = true;
- defaults = {
- email = "[email protected]";
- };
- };
- }
-
- (lib.mkIf cfg.useDns {
- security.acme.defaults = {
- dnsProvider = "cloudflare";
- };
- })
-
- (lib.mkIf cfg.manageSecrets {
- age.secrets = {
- cloudflareApiKey.file = secretsDir + "/cloudflareApiKey.age";
- };
-
- security.acme.defaults = {
- credentialsFile = config.age.secrets.cloudflareApiKey.path;
- };
- })
- ]
- );
-}
diff --git a/modules/nixos/server/mixins/cloudflared.nix b/modules/nixos/server/mixins/cloudflared.nix
deleted file mode 100644
index 9a56aaa..0000000
--- a/modules/nixos/server/mixins/cloudflared.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{
- config,
- lib,
- secretsDir,
- ...
-}:
-let
- cfg = config.server.mixins.cloudflared;
- inherit (config.services) nginx;
-in
-{
- options.server.mixins.cloudflared = {
- enable = lib.mkEnableOption "cloudflared mixin";
- tunnelName = lib.mkOption {
- description = ''
- Name of the default tunnel being created
- '';
- type = lib.types.str;
- default = "${config.networking.hostName}-nginx";
- defaultText = lib.literalExpression "\${config.networking.hostName}-nginx";
- example = "my-tunnel";
- };
-
- manageSecrets = lib.mkEnableOption "automatic management of secrets" // {
- default = config.traits.secrets.enable;
- defaultText = lib.literalExpression "config.traits.secrets.enable";
- };
- };
-
- config = lib.mkIf cfg.enable (
- lib.mkMerge [
- {
- services.cloudflared = {
- enable = true;
- tunnels.${cfg.tunnelName} = {
- default = "http_status:404";
-
- # map our virtualHosts from nginx to ingress rules
- ingress = lib.mapAttrs (_: _: {
- service = "http://localhost:${toString nginx.defaultHTTPListenPort}";
- }) nginx.virtualHosts;
- };
- };
- }
-
- (lib.mkIf cfg.manageSecrets {
- age.secrets.cloudflaredCreds = {
- file = secretsDir + "/cloudflaredCreds.age";
- mode = "400";
- owner = "cloudflared";
- group = "cloudflared";
- };
-
- services.cloudflared.tunnels.${cfg.tunnelName} = {
- credentialsFile = config.age.secrets.cloudflaredCreds.path;
- };
- })
- ]
- );
-}
diff --git a/modules/nixos/server/mixins/default.nix b/modules/nixos/server/mixins/default.nix
deleted file mode 100644
index 461cd34..0000000
--- a/modules/nixos/server/mixins/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- imports = [
- ./acme.nix
- ./cloudflared.nix
- ./hercules.nix
- ./nginx.nix
- ./promtail.nix
- ];
-}
diff --git a/modules/nixos/server/mixins/hercules.nix b/modules/nixos/server/mixins/hercules.nix
deleted file mode 100644
index a04f9b1..0000000
--- a/modules/nixos/server/mixins/hercules.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{
- config,
- lib,
- unstable,
- secretsDir,
- ...
-}:
-let
- cfg = config.server.mixins.hercules-ci;
-in
-{
- options.server.mixins.hercules-ci = {
- enable = lib.mkEnableOption "Hercules CI mixin";
- manageSecrets = lib.mkEnableOption "automatic management of secrets" // {
- default = config.traits.secrets.enable;
- defaultText = lib.literalExpression "config.traits.secrets.enable";
- };
- };
-
- config = lib.mkIf cfg.enable (
- lib.mkMerge [
- {
- services.hercules-ci-agent = {
- enable = true;
- # we want newer features
- package = unstable.hercules-ci-agent;
- };
- }
-
- (
- let
- secretNames = [
- "binaryCaches"
- "clusterJoinToken"
- "secretsJson"
- ];
- in
- lib.mkIf cfg.manageSecrets {
- age.secrets = lib.genAttrs secretNames (file: {
- file = "${secretsDir}/${file}.age";
- mode = "400";
- owner = "hercules-ci-agent";
- group = "hercules-ci-agent";
- });
-
- services.hercules-ci-agent = {
- settings = lib.mapAttrs' (name: lib.nameValuePair (name + "Path")) (
- lib.genAttrs secretNames (name: config.age.secrets.${name}.path)
- );
- };
- }
- )
- ]
- );
-}
diff --git a/modules/nixos/server/mixins/nginx.nix b/modules/nixos/server/mixins/nginx.nix
deleted file mode 100644
index e3cc47a..0000000
--- a/modules/nixos/server/mixins/nginx.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ config, lib, ... }:
-let
- cfg = config.server.mixins.nginx;
-in
-{
- options.server.mixins.nginx = {
- enable = lib.mkEnableOption "NGINX mixin";
- };
-
- config = lib.mkIf cfg.enable {
- services.nginx = {
- enable = true;
-
- recommendedBrotliSettings = true;
- recommendedGzipSettings = true;
- recommendedOptimisation = true;
- recommendedProxySettings = true;
- recommendedTlsSettings = true;
- recommendedZstdSettings = true;
- };
- };
-}
diff --git a/modules/nixos/server/mixins/promtail.nix b/modules/nixos/server/mixins/promtail.nix
deleted file mode 100644
index 173a85b..0000000
--- a/modules/nixos/server/mixins/promtail.nix
+++ /dev/null
@@ -1,48 +0,0 @@
-{ config, lib, ... }:
-let
- cfg = config.server.mixins.promtail;
- inherit (lib) types;
-in
-{
- options.server.mixins.promtail = {
- enable = lib.mkEnableOption "Promtail mixin";
-
- clients = lib.mkOption {
- type = types.listOf types.attrs;
- default = [ { } ];
- defaultText = lib.literalExpression "[ { } ]";
- description = "Clients for promtail";
- };
- };
-
- config = lib.mkIf cfg.enable {
- services.promtail = {
- enable = true;
- configuration = {
- inherit (cfg) clients;
- server.disable = true;
-
- scrape_configs = [
- {
- job_name = "journal";
-
- journal = {
- max_age = "12h";
- labels = {
- job = "systemd-journal";
- host = "${config.networking.hostName}";
- };
- };
-
- relabel_configs = [
- {
- source_labels = [ "__journal__systemd_unit" ];
- target_label = "unit";
- }
- ];
- }
- ];
- };
- };
- };
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 22:22:40 +0000