fireproof/nixos
1
0
Fork 0
mirror of https://github.com/nickolaj-jepsen/nixos.git synced 2026-01-22 08:06:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: move homelab config to module

Browse source
This commit is contained in:
Nickolaj Jepsen 2025-12-12 04:30:57 +01:00
parent 742a55e5a0
commit e03f3af01d
19 changed files with 123 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/default.nix
View file

@ -44,6 +44,7 @@ with lib; let
../modules/system ../modules/system
../modules/programs ../modules/programs
../modules/desktop ../modules/desktop
../modules/homelab
(mkSystemImports hostname) (mkSystemImports hostname)
{nixpkgs.config.allowUnfree = true;} {nixpkgs.config.allowUnfree = true;}
] ]

1
hosts/homelab/configuration.nix
View file

@ -4,6 +4,7 @@
... ...
}: { }: {
fireproof.dev.enable = true; fireproof.dev.enable = true;
fireproof.homelab.enable = true;
boot = { boot = {
# Use grub as bootloader as it works better with mdadm # Use grub as bootloader as it works better with mdadm

6
hosts/homelab/arr.nix → modules/homelab/arr.nix
View file

@ -1,8 +1,10 @@
{ {
config, config,
lib,
username, username,
... ...
}: let }:
lib.mkIf config.fireproof.homelab.enable (let
user = "media"; user = "media";
group = "media"; group = "media";
@ -80,4 +82,4 @@ in {
}; };
prowlarr.enable = true; prowlarr.enable = true;
}; };
} })

19
modules/homelab/default.nix Normal file
View file

@ -0,0 +1,19 @@
{lib, ...}: {
options.fireproof.homelab = {
enable = lib.mkEnableOption "Enable homelab services (arr, nginx, postgres, prometheus, etc.)";
};
imports = [
./arr.nix
./flame.nix
./home-assistant.nix
./nextcloud.nix
./nginx.nix
./plex.nix
./postgres.nix
./prometheus.nix
./restic.nix
./sso.nix
./vaultwarden.nix
];
}

9
hosts/homelab/flame.nix → modules/homelab/flame.nix
View file

@ -1,4 +1,9 @@
_: let {
config,
lib,
...
}:
lib.mkIf config.fireproof.homelab.enable (let
dataDir = "/var/lib/flame"; dataDir = "/var/lib/flame";
domain = "flame.nickolaj.com"; domain = "flame.nickolaj.com";
in { in {
@ -29,4 +34,4 @@ in {
}; };
}; };
}; };
} })

8
hosts/homelab/home-assistant.nix → modules/homelab/home-assistant.nix
View file

@ -1,8 +1,10 @@
{ {
pkgs, pkgs,
config, config,
lib,
... ...
}: let }:
lib.mkIf config.fireproof.homelab.enable (let
mosquittoPort = 1883; mosquittoPort = 1883;
zigbee2mqttPort = 8180; zigbee2mqttPort = 8180;
homeAssistantPort = 8123; homeAssistantPort = 8123;
@ -65,7 +67,7 @@ in {
package = pkgs.home-assistant; package = pkgs.home-assistant;
customComponents = with pkgs.home-assistant-custom-components; [ customComponents = with pkgs.home-assistant-custom-components; [
adaptive_lighting adaptive_lighting
sleep_as_android sleep_as_android_mqtt
(pkgs.buildHomeAssistantComponent rec { (pkgs.buildHomeAssistantComponent rec {
owner = "Sian-Lee-SA"; owner = "Sian-Lee-SA";
domain = "switch_manager"; domain = "switch_manager";
@ -183,4 +185,4 @@ in {
}; };
}; };
}; };
} })

4
hosts/homelab/nextcloud.nix → modules/homelab/nextcloud.nix
View file

@ -1,8 +1,10 @@
{ {
config, config,
pkgs, pkgs,
lib,
... ...
}: { }:
lib.mkIf config.fireproof.homelab.enable {
age.secrets.nextcloud-admin-pass = { age.secrets.nextcloud-admin-pass = {
rekeyFile = ../../secrets/hosts/homelab/nextcloud-admin-pass.age; rekeyFile = ../../secrets/hosts/homelab/nextcloud-admin-pass.age;
owner = "nextcloud"; owner = "nextcloud";

7
hosts/homelab/nginx.nix → modules/homelab/nginx.nix
View file

@ -1,4 +1,9 @@
_: { {
config,
lib,
...
}:
lib.mkIf config.fireproof.homelab.enable {
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 443];
services.nginx = { services.nginx = {

10
hosts/homelab/plex.nix → modules/homelab/plex.nix
View file

@ -1,4 +1,10 @@
{pkgsUnstable, ...}: let {
config,
pkgsUnstable,
lib,
...
}:
lib.mkIf config.fireproof.homelab.enable (let
domain = "plex.nickolaj.com"; domain = "plex.nickolaj.com";
in { in {
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
@ -18,4 +24,4 @@ in {
user = "media"; user = "media";
group = "media"; group = "media";
}; };
} })

7
hosts/homelab/postgres.nix → modules/homelab/postgres.nix
View file

@ -1,4 +1,9 @@
{config, ...}: { {
config,
lib,
...
}:
lib.mkIf config.fireproof.homelab.enable {
services = { services = {
restic.backups.homelab.paths = [config.services.postgresqlBackup.location]; restic.backups.homelab.paths = [config.services.postgresqlBackup.location];

6
hosts/homelab/prometheus.nix → modules/homelab/prometheus.nix
View file

@ -1,8 +1,10 @@
{ {
config, config,
hostname, hostname,
lib,
... ...
}: let }:
lib.mkIf config.fireproof.homelab.enable (let
mkScrapeConfig = name: { mkScrapeConfig = name: {
job_name = name; job_name = name;
static_configs = [ static_configs = [
@ -49,4 +51,4 @@ in {
]; ];
}; };
}; };
} })

4
hosts/homelab/restic.nix → modules/homelab/restic.nix
View file

@ -1,8 +1,10 @@
{ {
pkgs, pkgs,
config, config,
lib,
... ...
}: { }:
lib.mkIf config.fireproof.homelab.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
restic restic
]; ];

6
hosts/homelab/sso.nix → modules/homelab/sso.nix
View file

@ -1,8 +1,10 @@
{ {
config, config,
pkgsUnstable, pkgsUnstable,
lib,
... ...
}: let }:
lib.mkIf config.fireproof.homelab.enable (let
port = 9190; port = 9190;
rootDomain = "nickolaj.com"; rootDomain = "nickolaj.com";
zitadelDomain = "sso.${rootDomain}"; zitadelDomain = "sso.${rootDomain}";
@ -105,4 +107,4 @@ in {
cookie-domain = ".${rootDomain}"; cookie-domain = ".${rootDomain}";
}; };
}; };
} })

9
hosts/homelab/vaultwarden.nix → modules/homelab/vaultwarden.nix
View file

@ -1,4 +1,9 @@
{config, ...}: let {
config,
lib,
...
}:
lib.mkIf config.fireproof.homelab.enable (let
domain = "bitwarden.nickolaj.com"; domain = "bitwarden.nickolaj.com";
in { in {
services = { services = {
@ -27,4 +32,4 @@ in {
}; };
}; };
}; };
} })

6
modules/system/ssh.nix
View file

@ -30,7 +30,8 @@ in {
forwardAgent = true; forwardAgent = true;
serverAliveInterval = 60; serverAliveInterval = 60;
serverAliveCountMax = 10; serverAliveCountMax = 10;
matchBlocks = { matchBlocks =
{
"*" = { "*" = {
identityFile = "${config.age.secrets.ssh-key.path}"; identityFile = "${config.age.secrets.ssh-key.path}";
}; };
@ -38,7 +39,8 @@ in {
hostname = "x.nickolaj.com"; hostname = "x.nickolaj.com";
user = "nickolaj"; user = "nickolaj";
}; };
} // lib.optionalAttrs workEnabled { }
// lib.optionalAttrs workEnabled {
# Work hostnames definded in ./networking.nix # Work hostnames definded in ./networking.nix
"bastion.ao" = { "bastion.ao" = {
user = "nij"; user = "nij";

BIN
secrets/hosts/bootstrap/.rekey/6cf125b0ff06b3abca21a3a0c1535d1f-ssh-key-ao.age
View file

Binary file not shown.

BIN
secrets/hosts/homelab/.rekey/0caf919251bb18b1001dc9edd0b65e8f-ssh-key-ao.age
View file

Binary file not shown.

BIN
secrets/hosts/homelab/.rekey/2065d9b9ea4ca971c2fc9d12218c1ea7-k8s-ao-dev.age Normal file
View file

Binary file not shown.

BIN
secrets/hosts/homelab/.rekey/456a05a5f283a7e7fcd797b29f5e5de0-k8s-ao-prod.age Normal file
View file

Binary file not shown.