From f99185cd130b5d0af774d48ce09d2dbcf3bbf252 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Tue, 29 Jul 2025 15:03:00 +1000 Subject: [PATCH] reduce reliance on feature variable --- modules/nixos/features/copyparty.nix | 19 ++++++----- modules/nixos/features/couchdb.nix | 2 +- modules/nixos/features/direnv.nix | 2 +- modules/nixos/features/flaresolverr.nix | 2 +- modules/nixos/features/homepage-dashboard.nix | 11 +++--- modules/nixos/features/immich.nix | 30 ++++++++-------- modules/nixos/features/jellyfin.nix | 2 +- modules/nixos/features/lidarr.nix | 2 +- modules/nixos/features/miniflux.nix | 8 +++-- modules/nixos/features/nginx.nix | 15 ++++---- modules/nixos/features/nh.nix | 2 +- modules/nixos/features/nixvim.nix | 2 +- modules/nixos/features/ntfy-sh.nix | 4 +-- modules/nixos/features/paperless.nix | 7 ++-- modules/nixos/features/pipewire.nix | 2 -- modules/nixos/features/plasma.nix | 2 -- modules/nixos/features/prowlarr.nix | 2 +- modules/nixos/features/radarr.nix | 2 +- modules/nixos/features/sonarr.nix | 2 +- modules/nixos/features/systemd-boot.nix | 2 -- modules/nixos/features/tailscale.nix | 4 +-- modules/nixos/features/vaultwarden.nix | 34 +++++++++---------- modules/nixos/features/vscode-server.nix | 4 +-- modules/templates/web-feature.nix | 2 +- 24 files changed, 82 insertions(+), 82 deletions(-) diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index 1a8dcf7..0bb19e0 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -13,17 +13,9 @@ in imports = [ inputs.copyparty.nixosModules.default ]; config = lib.mkIf config.${feature}.enable { - environment.systemPackages = [ pkgs.copyparty ]; - nixpkgs.overlays = [ inputs.copyparty.overlays.default ]; - - age.secrets."copyparty-will" = { - file = ../../../secrets/copyparty-will.age; - owner = "copyparty"; - }; - services = { # service - ${feature} = { + copyparty = { enable = true; settings = { z = true; @@ -62,6 +54,15 @@ in }; }; }; + + # secrets + age.secrets."copyparty-will" = { + file = ../../../secrets/copyparty-will.age; + owner = "copyparty"; + }; + + environment.systemPackages = [ pkgs.copyparty ]; + nixpkgs.overlays = [ inputs.copyparty.overlays.default ]; }; options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix index 5df60db..8206732 100644 --- a/modules/nixos/features/couchdb.nix +++ b/modules/nixos/features/couchdb.nix @@ -11,7 +11,7 @@ in config = lib.mkIf config.${feature}.enable { services = { # service - ${feature} = { + couchdb = { enable = true; databaseDir = "/srv/couchdb"; viewIndexDir = "/srv/couchdb"; diff --git a/modules/nixos/features/direnv.nix b/modules/nixos/features/direnv.nix index 12dbe12..d3de702 100644 --- a/modules/nixos/features/direnv.nix +++ b/modules/nixos/features/direnv.nix @@ -7,7 +7,7 @@ let feature = "direnv"; in { - config = lib.mkIf config.${feature}.enable { programs.${feature}.enable = true; }; + config = lib.mkIf config.${feature}.enable { programs.direnv.enable = true; }; options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/flaresolverr.nix b/modules/nixos/features/flaresolverr.nix index de295e4..84124f4 100644 --- a/modules/nixos/features/flaresolverr.nix +++ b/modules/nixos/features/flaresolverr.nix @@ -11,7 +11,7 @@ in config = lib.mkIf config.${feature}.enable { services = { # service - ${feature} = { + flaresolverr = { enable = true; port = lib.toInt port; }; diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index d9a18e2..6ffd488 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -33,15 +33,12 @@ let in { config = lib.mkIf config.${feature}.enable { - system.activationScripts = insertSecrets secrets; - age.secrets = genSecrets secrets; - services = { # service - ${feature} = { + homepage-dashboard = { enable = true; listenPort = lib.toInt port; - allowedHosts = "${feature}.fi33.buzz"; + allowedHosts = "homepage-dashboard.fi33.buzz"; services = [ { "Media Management" = [ @@ -275,6 +272,10 @@ in }; }; }; + + # secrets + age.secrets = genSecrets secrets; + system.activationScripts = insertSecrets secrets; }; options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index 0b66642..9ab2e83 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -9,22 +9,22 @@ let in { config = lib.mkIf config.${feature}.enable { - services.${feature} = { - enable = true; - port = builtins.fromJSON "${port}"; - mediaLocation = "/srv/${feature}"; - }; + services = { + immich = { + enable = true; + port = builtins.fromJSON "${port}"; + mediaLocation = "/srv/immich"; + }; - # reverse proxy - services.nginx = { - clientMaxBodySize = "50000M"; - - virtualHosts."${feature}.fi33.buzz" = { - forceSSL = true; - useACMEHost = "fi33.buzz"; - locations."/" = { - proxyPass = "http://[::1]:${port}"; - proxyWebsockets = true; + nginx = { + clientMaxBodySize = "50000M"; + virtualHosts."${feature}.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + locations."/" = { + proxyPass = "http://[::1]:${port}"; + proxyWebsockets = true; + }; }; }; }; diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index 707bbaa..c1d9abb 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -12,7 +12,7 @@ in config = lib.mkIf config.${feature}.enable { services = { # service - ${feature} = { + jellyfin = { enable = true; dataDir = "/srv/jellyfin"; group = "media"; diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 71d3627..02574d6 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -11,7 +11,7 @@ in config = lib.mkIf config.${feature}.enable { services = { # service - ${feature} = { + lidarr = { enable = true; dataDir = "/srv/lidarr"; settings.server.port = lib.toInt port; diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index 782f104..b27615f 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -9,11 +9,9 @@ let in { config = lib.mkIf config.${feature}.enable { - age.secrets.miniflux-creds.file = ../../../secrets/miniflux-creds.age; - services = { # service - ${feature} = { + miniflux = { enable = true; adminCredentialsFile = config.age.secrets.miniflux-creds.path; config = { @@ -34,6 +32,10 @@ in }; }; }; + + # secrets + age.secrets."miniflux-creds".file = ../../../secrets/miniflux-creds.age; + }; options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; diff --git a/modules/nixos/features/nginx.nix b/modules/nixos/features/nginx.nix index b808294..c5da142 100644 --- a/modules/nixos/features/nginx.nix +++ b/modules/nixos/features/nginx.nix @@ -8,11 +8,7 @@ let in { config = lib.mkIf config.${feature}.enable { - age.secrets."porkbun-api" = { - file = ../../../secrets/porkbun-api.age; - }; - - services.${feature} = { + services.nginx = { enable = true; recommendedProxySettings = true; @@ -33,14 +29,19 @@ in certs."fi33.buzz" = { domain = "fi33.buzz"; extraDomainNames = [ "*.fi33.buzz" ]; - group = "${feature}"; + group = "nginx"; dnsProvider = "porkbun"; dnsPropagationCheck = true; credentialsFile = config.age.secrets."porkbun-api".path; }; }; - users.users.${feature}.extraGroups = [ "acme" ]; + # secrets + age.secrets."porkbun-api" = { + file = ../../../secrets/porkbun-api.age; + }; + + users.users.nginx.extraGroups = [ "acme" ]; }; options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; diff --git a/modules/nixos/features/nh.nix b/modules/nixos/features/nh.nix index 9bca7e6..d26c29c 100644 --- a/modules/nixos/features/nh.nix +++ b/modules/nixos/features/nh.nix @@ -9,7 +9,7 @@ let in { config = lib.mkIf config.${feature}.enable { - programs.${feature} = { + programs.nh = { enable = true; # clean.enable = true; flake = "/home/${userName}/.dots"; diff --git a/modules/nixos/features/nixvim.nix b/modules/nixos/features/nixvim.nix index 5328d8c..84b5af8 100644 --- a/modules/nixos/features/nixvim.nix +++ b/modules/nixos/features/nixvim.nix @@ -10,7 +10,7 @@ in { config = lib.mkIf config.${feature}.enable { environment.variables.EDITOR = "nvim"; - programs.${feature} = { + programs.nixvim = { enable = true; opts = { shiftwidth = 2; diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index 2102a12..1182065 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -11,10 +11,10 @@ in config = lib.mkIf config.${feature}.enable { services = { # service - ${feature} = { + ntfy-sh = { enable = true; settings = { - base-url = "https://${feature}.fi33.buzz"; + base-url = "https://ntfy-sh.fi33.buzz"; listen-http = ":${port}"; behind-proxy = true; }; diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 4efdbe5..0474247 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -11,7 +11,7 @@ in config = lib.mkIf config.${feature}.enable { services = { # service - ${feature} = { + paperless = { enable = true; dataDir = "/srv/paperless"; database.createLocally = true; @@ -35,7 +35,10 @@ in }; }; - age.secrets.paperless.file = ../../../secrets/paperless.age; + age.secrets."paperless" = { + file = ../../../secrets/paperless.age; + owner = "paperless"; + }; }; options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; diff --git a/modules/nixos/features/pipewire.nix b/modules/nixos/features/pipewire.nix index 0b342c7..623dff9 100644 --- a/modules/nixos/features/pipewire.nix +++ b/modules/nixos/features/pipewire.nix @@ -15,7 +15,5 @@ in }; }; - imports = [ ]; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/plasma.nix b/modules/nixos/features/plasma.nix index 4d949bc..7868f69 100644 --- a/modules/nixos/features/plasma.nix +++ b/modules/nixos/features/plasma.nix @@ -13,7 +13,5 @@ in }; }; - imports = [ ]; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index 9f66969..004525f 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -11,7 +11,7 @@ in config = lib.mkIf config.${feature}.enable { services = { # service - ${feature} = { + prowlarr = { enable = true; dataDir = "/srv/prowlarr"; settings.server.port = lib.toInt port; diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index ff0740a..104145c 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -11,7 +11,7 @@ in config = lib.mkIf config.${feature}.enable { services = { # service - ${feature} = { + radarr = { enable = true; dataDir = "/srv/radarr"; settings.server.port = lib.toInt port; diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 75cc56a..0777fe1 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -11,7 +11,7 @@ in config = lib.mkIf config.${feature}.enable { services = { # service - ${feature} = { + sonarr = { enable = true; dataDir = "/srv/sonarr"; settings.server.port = lib.toInt port; diff --git a/modules/nixos/features/systemd-boot.nix b/modules/nixos/features/systemd-boot.nix index 423aab2..64fa9f0 100644 --- a/modules/nixos/features/systemd-boot.nix +++ b/modules/nixos/features/systemd-boot.nix @@ -10,7 +10,5 @@ in }; }; - imports = [ ]; - options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; } diff --git a/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index 60de135..369f485 100644 --- a/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -8,9 +8,7 @@ let in { config = lib.mkIf config.${feature}.enable { - services = { - ${feature}.enable = true; - }; + services.tailscale.enable = true; networking.firewall.trustedInterfaces = [ "tailscale0" ]; }; diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index 710de3b..52f971e 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -10,18 +10,20 @@ let in { config = lib.mkIf config.${feature}.enable { - services.${feature} = { - enable = true; - backupDir = "/srv/${feature}"; - config = { - rocketPort = "${port}"; - domain = "https://${feature}.fi33.buzz"; - signupsAllowed = false; - invitationsAllowed = false; - showPasswordHint = false; - useSyslog = true; - extendedLogging = true; - adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}"; + services = { + vaultwarden = { + enable = true; + backupDir = "/srv/vaultwarden"; + config = { + rocketPort = "${port}"; + domain = "https://vaultwarden.fi33.buzz"; + signupsAllowed = false; + invitationsAllowed = false; + showPasswordHint = false; + useSyslog = true; + extendedLogging = true; + adminTokenFile = "${config.age.secrets.vaultwarden-admin.path}"; + }; }; }; @@ -36,11 +38,9 @@ in }; # secrets - age.secrets = { - "vaultwarden-admin" = { - file = ../../../secrets/vaultwarden-admin.age; - owner = "${feature}"; - }; + age.secrets."vaultwarden-admin" = { + file = ../../../secrets/vaultwarden-admin.age; + owner = "vaultwarden"; }; }; diff --git a/modules/nixos/features/vscode-server.nix b/modules/nixos/features/vscode-server.nix index e7770ba..24abd68 100644 --- a/modules/nixos/features/vscode-server.nix +++ b/modules/nixos/features/vscode-server.nix @@ -8,9 +8,9 @@ let feature = "vscode-server"; in { - config = lib.mkIf config.${feature}.enable { services.${feature}.enable = true; }; + config = lib.mkIf config.${feature}.enable { services.vscode-server.enable = true; }; options.${feature}.enable = lib.mkEnableOption "enables ${feature}"; - imports = [ inputs.${feature}.nixosModules.default ]; + imports = [ inputs.vscode-server.nixosModules.default ]; } diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index eb17460..3081cba 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -7,7 +7,7 @@ in config = lib.mkIf config.${feature}.enable { services = { # service - ${feature} = { + feature = { enable = true; };