dot013/spacestation
1
0
Fork 0
Code Issues Pull Requests Activity

refactor: move websites to single file

Browse Source
This commit is contained in:
Guz
2025-04-04 20:11:53 -03:00
parent 653334cd80
commit af76210fe4
8 changed files with 224 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
capytal/default.nix
View File

@@ -2,11 +2,11 @@
imports = [
./caddy.nix
./cloudflare.nix
./websites.nix
./forgejo
./garage.nix
./music-bot.nix
./sqld.nix
./websites
];
}

12
capytal/websites/keikos.work.nix → capytal/websites.nix
View File

@@ -2,16 +2,20 @@
config,
inputs,
...
}: let
secrets = config.spacestation-secrets.lesser;
in {
}: {
imports = [
inputs.capytalcc.nixosModules.default
inputs.keikoswork.nixosModules.default
];
services.capytalcc.web = {
enable = true;
port = 7010;
};
services.keikos.web = {
enable = true;
port = secrets.guz.services."keikos.work".port;
port = 7030;
envFile = config.sops.secrets."keiko/envFile".path;
};
}

16
capytal/websites/capytal.cc.nix
View File

@@ -1,16 +0,0 @@
{
config,
inputs,
...
}: let
secrets = config.spacestation-secrets.lesser;
in {
imports = [
inputs.capytalcc.nixosModules.default
];
services.capytalcc.web = {
enable = true;
port = secrets.guz.services."capytal.cc".port;
};
}

6
capytal/websites/default.nix
View File

@@ -1,6 +0,0 @@
{...}: {
imports = [
./capytal.cc.nix
./keikos.work.nix
];
}

155
modules/anubis/default.nix Normal file
View File

@@ -0,0 +1,155 @@
{
config,
lib,
pkgs-unstable,
...
}: let
cfg = config.services.anubis;
in {
options.services.anubis = with lib; {
enable = mkEnableOption "Enable anubis systemd services";
user = mkOption {
type = with types; str;
default = "anubis";
};
group = mkOption {
type = with types; str;
default = cfg.user;
};
package = mkOption {
type = with types; package;
default = pkgs-unstable.callPackage ./derivation.nix {}; # it uses Golang 1.24.1
};
instances = mkOption {
type = with types;
attrsOf (submodule ({
config,
lib,
...
}: {
options = with lib; {
user = mkOption {
type = with types; str;
default = cfg.user;
};
group = mkOption {
type = with types; str;
default = cfg.group;
};
bind = mkOption {
type = with types; str;
default = ":8923";
};
bindNetwork = mkOption {
type = with types; (enum ["tcp" "tcp4" "tcp6" "unix" "unixpacket"]);
default = "tcp";
};
cookieDomain = mkOption {
type = with types; str;
default = "";
};
cookiePartitioned = mkOption {
type = with types; bool;
default = false;
};
difficulty = mkOption {
type = with types; ints.unsigned;
default = 5;
};
ed25519PrivateKeyHex = mkOption {
type = with types; str;
default = "";
};
ed25519PrivateKeyHexFile = mkOption {
type = with types; (either str path);
default = "";
};
metricsBind = mkOption {
type = with types; str;
default = ":9090";
};
metricsBindNetwork = mkOption {
type = with types; (enum ["tcp" "tcp4" "tcp6" "unix" "unixpacket"]);
default = "tcp";
};
socketMode = mkOption {
type = with types; nullOr ints.unsigned;
default = null;
};
policyFName = mkOption {
type = with types; str;
default = "";
};
serveRobotsTxt = mkOption {
type = with types; bool;
default = false;
};
target = mkOption {
type = with types; str;
default = "http://localhost:3923";
};
useRemoteAddress = mkOption {
type = with types; bool;
default = false;
};
};
}));
default = {};
};
};
config = lib.mkIf cfg.enable {
systemd.services = with lib;
with lib.attrsets;
mapAttrs' (n: v:
nameValuePair "anubis-${n}" {
after = ["network.target"];
wantedBy = ["multi-user.target"];
environment = {
BIND = toString v.bind;
BIND_NETWORK = toString v.bindNetwork;
COOKIE_DOMAIN = toString v.cookieDomain;
COOKIE_PARTITIONED = toString v.cookiePartitioned;
DIFFICULTY = toString v.difficulty;
ED25519_PRIVATE_KEY_HEX = toString v.ed25519PrivateKeyHex;
ED25519_PRIVATE_KEY_HEX_FILE = toString v.ed25519PrivateKeyHexFile;
METRICS_BIND = toString v.metricsBind;
METRICS_BIND_NETWORK = toString v.metricsBindNetwork;
SOCKET_MODE = mkIf (!isNull v.socketMode) (toString v.socketMode);
POLICY_FNAME = toString v.policyFName;
SERVE_ROBOTS_TXT = toString v.serveRobotsTxt;
TARGET = toString v.target;
USE_REMOTE_ADDRESS = toString v.useRemoteAddress;
};
serviceConfig = {
Type = "simple";
User = v.user;
Group = v.user;
ExecStart = "${escapeShellArg (getExe cfg.package)}";
Restart = "on-success";
};
})
cfg.instances;
users.users = with lib.attrsets;
(mapAttrs' (n: v:
nameValuePair (v.user) {
isSystemUser = true;
group = v.group;
})
cfg.instances)
// {
"${cfg.user}" = {
isSystemUser = true;
group = cfg.group;
};
};
users.groups = with lib.attrsets;
(mapAttrs' (n: v:
nameValuePair (v.user) {})
cfg.instances)
// {
"${cfg.group}" = {};
};
};
}

25
modules/anubis/derivation.nix Normal file
View File

@@ -0,0 +1,25 @@
{
buildGoModule,
fetchFromGitHub,
...
}:
buildGoModule rec {
name = "Anubis";
pname = "anubis";
version = "1.15.2";
src = fetchFromGitHub {
owner = "TecharoHQ";
repo = "anubis";
rev = "35e0a8179a70678708ceb90c9a285940f99b9774";
hash = "sha256-5OqpmuRTrM+hseIhR2sTb+K01Co6X+Rhb6mN+U54NAI=";
};
vendorHash = "sha256-Rcra5cu7zxGm2LhL2x9Kd3j/uQaEb8OOh/j5Rhh8S1k=";
doCheck = false;
meta = {
mainProgram = "anubis";
};
}

1
modules/default.nix
View File

@@ -1,6 +1,7 @@
{...}: {
imports = [
./adguardhome.nix
./anubis
./forgejo
./locales.nix
./nh

34
modules/medama.nix Normal file
View File

@@ -0,0 +1,34 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.services.medama;
in {
imports = [];
options.services.medama = {
enable = mkEnableOption "";
ssl = mkEnableOption "";
port = mkOption {
type = with types; port;
default = 8080;
};
};
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.medama = {
image = "ghcr.io/medama-io/medama:v0.5.2";
autoStart = true;
ports = [
"${cfg.port}:8080"
];
volumes = [
"/var/lib/medama/data:/app/data"
];
environment = {
AUTO_SLL = toString cfg.ssl;
PORT = toString 8080;
};
};
};
}