refactor: move homelab config to module

hosts/default.nix

@@ -44,6 +44,7 @@ with lib; let
               ../modules/system
               ../modules/programs
               ../modules/desktop
+              ../modules/homelab
               (mkSystemImports hostname)
               {nixpkgs.config.allowUnfree = true;}
             ]

hosts/homelab/configuration.nix

@@ -4,6 +4,7 @@
   ...
 }: {
   fireproof.dev.enable = true;
+  fireproof.homelab.enable = true;
 
   boot = {
     # Use grub as bootloader as it works better with mdadm

modules/homelab/arr.nix

@@ -1,8 +1,10 @@
 {
   config,
+  lib,
   username,
   ...
-}: let
+}:
+lib.mkIf config.fireproof.homelab.enable (let
   user = "media";
   group = "media";
 
@@ -80,4 +82,4 @@ in {
     };
     prowlarr.enable = true;
   };
-}
+})

modules/homelab/default.nix

@@ -0,0 +1,19 @@
+{lib, ...}: {
+  options.fireproof.homelab = {
+    enable = lib.mkEnableOption "Enable homelab services (arr, nginx, postgres, prometheus, etc.)";
+  };
+
+  imports = [
+    ./arr.nix
+    ./flame.nix
+    ./home-assistant.nix
+    ./nextcloud.nix
+    ./nginx.nix
+    ./plex.nix
+    ./postgres.nix
+    ./prometheus.nix
+    ./restic.nix
+    ./sso.nix
+    ./vaultwarden.nix
+  ];
+}

modules/homelab/flame.nix

@@ -1,4 +1,9 @@
-_: let
+{
+  config,
+  lib,
+  ...
+}:
+lib.mkIf config.fireproof.homelab.enable (let
   dataDir = "/var/lib/flame";
   domain = "flame.nickolaj.com";
 in {
@@ -29,4 +34,4 @@ in {
       };
     };
   };
-}
+})

modules/homelab/home-assistant.nix

@@ -1,8 +1,10 @@
 {
   pkgs,
   config,
+  lib,
   ...
-}: let
+}:
+lib.mkIf config.fireproof.homelab.enable (let
   mosquittoPort = 1883;
   zigbee2mqttPort = 8180;
   homeAssistantPort = 8123;
@@ -65,7 +67,7 @@ in {
       package = pkgs.home-assistant;
       customComponents = with pkgs.home-assistant-custom-components; [
         adaptive_lighting
-        sleep_as_android
+        sleep_as_android_mqtt
         (pkgs.buildHomeAssistantComponent rec {
           owner = "Sian-Lee-SA";
           domain = "switch_manager";
@@ -183,4 +185,4 @@ in {
       };
     };
   };
-}
+})

modules/homelab/nextcloud.nix

@@ -1,8 +1,10 @@
 {
   config,
   pkgs,
+  lib,
   ...
-}: {
+}:
+lib.mkIf config.fireproof.homelab.enable {
   age.secrets.nextcloud-admin-pass = {
     rekeyFile = ../../secrets/hosts/homelab/nextcloud-admin-pass.age;
     owner = "nextcloud";

modules/homelab/nginx.nix

@@ -1,4 +1,9 @@
-_: {
+{
+  config,
+  lib,
+  ...
+}:
+lib.mkIf config.fireproof.homelab.enable {
   networking.firewall.allowedTCPPorts = [80 443];
 
   services.nginx = {

modules/homelab/plex.nix

@@ -1,4 +1,10 @@
-{pkgsUnstable, ...}: let
+{
+  config,
+  pkgsUnstable,
+  lib,
+  ...
+}:
+lib.mkIf config.fireproof.homelab.enable (let
   domain = "plex.nickolaj.com";
 in {
   services.nginx.virtualHosts."${domain}" = {
@@ -18,4 +24,4 @@ in {
     user = "media";
     group = "media";
   };
-}
+})

modules/homelab/postgres.nix

@@ -1,4 +1,9 @@
-{config, ...}: {
+{
+  config,
+  lib,
+  ...
+}:
+lib.mkIf config.fireproof.homelab.enable {
   services = {
     restic.backups.homelab.paths = [config.services.postgresqlBackup.location];
 

modules/homelab/prometheus.nix

@@ -1,8 +1,10 @@
 {
   config,
   hostname,
+  lib,
   ...
-}: let
+}:
+lib.mkIf config.fireproof.homelab.enable (let
   mkScrapeConfig = name: {
     job_name = name;
     static_configs = [
@@ -49,4 +51,4 @@ in {
       ];
     };
   };
-}
+})

modules/homelab/restic.nix

@@ -1,8 +1,10 @@
 {
   pkgs,
   config,
+  lib,
   ...
-}: {
+}:
+lib.mkIf config.fireproof.homelab.enable {
   environment.systemPackages = with pkgs; [
     restic
   ];

modules/homelab/sso.nix

@@ -1,8 +1,10 @@
 {
   config,
   pkgsUnstable,
+  lib,
   ...
-}: let
+}:
+lib.mkIf config.fireproof.homelab.enable (let
   port = 9190;
   rootDomain = "nickolaj.com";
   zitadelDomain = "sso.${rootDomain}";
@@ -105,4 +107,4 @@ in {
       cookie-domain = ".${rootDomain}";
     };
   };
-}
+})

modules/homelab/vaultwarden.nix

@@ -1,4 +1,9 @@
-{config, ...}: let
+{
+  config,
+  lib,
+  ...
+}:
+lib.mkIf config.fireproof.homelab.enable (let
   domain = "bitwarden.nickolaj.com";
 in {
   services = {
@@ -27,4 +32,4 @@ in {
       };
     };
   };
-}
+})

modules/system/ssh.nix

@@ -30,50 +30,52 @@ in {
       forwardAgent = true;
       serverAliveInterval = 60;
       serverAliveCountMax = 10;
-      matchBlocks = {
+      matchBlocks =
-        "*" = {
+        {
-          identityFile = "${config.age.secrets.ssh-key.path}";
+          "*" = {
+            identityFile = "${config.age.secrets.ssh-key.path}";
+          };
+          homelab = {
+            hostname = "x.nickolaj.com";
+            user = "nickolaj";
+          };
+        }
+        // lib.optionalAttrs workEnabled {
+          # Work hostnames definded in ./networking.nix
+          "bastion.ao" = {
+            user = "nij";
+            identityFile = "${config.age.secrets.ssh-key-ao.path}";
+          };
+          "clickhouse.ao" = {
+            user = "ubuntu";
+            hostname = "51.158.205.48";
+            identityFile = "${config.age.secrets.ssh-key-ao.path}";
+          };
+          "flex.ao" = {
+            user = "nij";
+            hostname = "192.168.2.5";
+            proxyJump = "bastion.ao";
+            identityFile = "${config.age.secrets.ssh-key-ao.path}";
+          };
+          "scw.ao" = {
+            user = "nij";
+            hostname = "51.15.81.1";
+            proxyJump = lib.mkDefault "dev.ao";
+            identityFile = "${config.age.secrets.ssh-key-ao.path}";
+          };
+          "dev.ao" = {
+            user = "nij";
+            hostname = "192.168.2.28";
+            proxyJump = lib.mkDefault "bastion.ao";
+            identityFile = "${config.age.secrets.ssh-key-ao.path}";
+          };
+          "staging.ao" = {
+            user = "staging";
+            hostname = "172.16.2.102";
+            proxyJump = lib.mkDefault "bastion.ao";
+            identityFile = "${config.age.secrets.ssh-key-ao.path}";
+          };
         };
-        homelab = {
-          hostname = "x.nickolaj.com";
-          user = "nickolaj";
-        };
-      } // lib.optionalAttrs workEnabled {
-        # Work hostnames definded in ./networking.nix
-        "bastion.ao" = {
-          user = "nij";
-          identityFile = "${config.age.secrets.ssh-key-ao.path}";
-        };
-        "clickhouse.ao" = {
-          user = "ubuntu";
-          hostname = "51.158.205.48";
-          identityFile = "${config.age.secrets.ssh-key-ao.path}";
-        };
-        "flex.ao" = {
-          user = "nij";
-          hostname = "192.168.2.5";
-          proxyJump = "bastion.ao";
-          identityFile = "${config.age.secrets.ssh-key-ao.path}";
-        };
-        "scw.ao" = {
-          user = "nij";
-          hostname = "51.15.81.1";
-          proxyJump = lib.mkDefault "dev.ao";
-          identityFile = "${config.age.secrets.ssh-key-ao.path}";
-        };
-        "dev.ao" = {
-          user = "nij";
-          hostname = "192.168.2.28";
-          proxyJump = lib.mkDefault "bastion.ao";
-          identityFile = "${config.age.secrets.ssh-key-ao.path}";
-        };
-        "staging.ao" = {
-          user = "staging";
-          hostname = "172.16.2.102";
-          proxyJump = lib.mkDefault "bastion.ao";
-          identityFile = "${config.age.secrets.ssh-key-ao.path}";
-        };
-      };
     };
   };