chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wiiiiips

Browse source
This commit is contained in:
Chris Kruining 2026-03-25 16:26:04 +01:00
parent ac3dac322d
commit a7a1763fe0
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
105 changed files with 1152 additions and 1093 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/nixos/services/authentication/authelia/default.nix
View file

@ -8,14 +8,14 @@
inherit (lib) mkIf mkEnableOption;
user = "authelia-testing";
cfg = config.${namespace}.services.authentication.authelia;
cfg = config.sneeuwvlok.services.authentication.authelia;
in {
options.${namespace}.services.authentication.authelia = {
options.sneeuwvlok.services.authentication.authelia = {
enable = mkEnableOption "Authelia";
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy = {
sneeuwvlok.services.networking.caddy = {
hosts = {
"auth.kruining.eu".extraConfig = ''
reverse_proxy http://127.0.0.1:9091

4
modules/nixos/services/authentication/himmelblau/default.nix
View file

@ -6,9 +6,9 @@
}: let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.authentication.himmelblau;
cfg = config.sneeuwvlok.services.authentication.himmelblau;
in {
options.${namespace}.services.authentication.himmelblau = {
options.sneeuwvlok.services.authentication.himmelblau = {
enable = mkEnableOption "enable azure entra ID authentication";
};

6
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -3,12 +3,12 @@ let
inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames;
inherit (sneeuwvlokLib.strings) toSnakeCase;
cfg = config.${namespace}.services.authentication.zitadel;
cfg = config.sneeuwvlok.services.authentication.zitadel;
database = "zitadel";
in
{
options.${namespace}.services.authentication.zitadel = {
options.sneeuwvlok.services.authentication.zitadel = {
enable = mkEnableOption "Zitadel";
organization = mkOption {
@ -537,7 +537,7 @@ in
};
in
mkIf cfg.enable {
${namespace}.services = {
sneeuwvlok.services = {
persistance.postgresql.enable = true;
networking.caddy = {

4
modules/nixos/services/backup/borg/default.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.backup.borg;
cfg = config.sneeuwvlok.services.backup.borg;
in
{
options.${namespace}.services.backup.borg = {
options.sneeuwvlok.services.backup.borg = {
enable = mkEnableOption "Borg Backup";
};

6
modules/nixos/services/communication/matrix/default.nix
View file

@ -8,7 +8,7 @@
inherit (builtins) toString toJSON;
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.communication.matrix;
cfg = config.sneeuwvlok.services.communication.matrix;
domain = "kruining.eu";
fqn = "matrix.${domain}";
@ -17,12 +17,12 @@
database = "synapse";
keyFile = "/var/lib/element-call/key";
in {
options.${namespace}.services.communication.matrix = {
options.sneeuwvlok.services.communication.matrix = {
enable = mkEnableOption "Matrix server (Synapse)";
};
config = mkIf cfg.enable {
${namespace}.services = {
sneeuwvlok.services = {
persistance.postgresql.enable = true;
# virtualisation.podman.enable = true;

6
modules/nixos/services/development/forgejo/default.nix
View file

@ -8,10 +8,10 @@
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption;
cfg = config.${namespace}.services.development.forgejo;
cfg = config.sneeuwvlok.services.development.forgejo;
domain = "git.amarth.cloud";
in {
options.${namespace}.services.development.forgejo = {
options.sneeuwvlok.services.development.forgejo = {
enable = mkEnableOption "Forgejo";
port = mkOption {
@ -25,7 +25,7 @@ in {
};
config = mkIf cfg.enable {
${namespace}.services = {
sneeuwvlok.services = {
persistance.postgresql.enable = true;
virtualisation.podman.enable = true;

4
modules/nixos/services/games/minecraft/default.nix
View file

@ -8,9 +8,9 @@
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str;
cfg = config.${namespace}.services.games.minecraft;
cfg = config.sneeuwvlok.services.games.minecraft;
in {
options.${namespace}.services.games.minecraft = {
options.sneeuwvlok.services.games.minecraft = {
enable = mkEnableOption "Minecraft";
user = mkOption {

18
modules/nixos/services/games/openrct.nix
View file

@ -1,11 +1,15 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.games.openrct;
in
{
options.${namespace}.services.games.openrct = {
cfg = config.sneeuwvlok.services.games.openrct;
in {
options.sneeuwvlok.services.games.openrct = {
enable = mkEnableOption "OpenRCT2";
};
@ -16,7 +20,7 @@ in
systemd.services.openrct = {
enable = true;
after = [ "network.target"];
after = ["network.target"];
description = "OpenRCT2 Server";
serviceConfig = {
Type = "";

4
modules/nixos/services/games/palworld/default.nix
View file

@ -6,9 +6,9 @@
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.games.palworld;
cfg = config.sneeuwvlok.services.games.palworld;
in {
options.${namespace}.services.games.palworld = {
options.sneeuwvlok.services.games.palworld = {
enable = mkEnableOption "Palworld";
};

4
modules/nixos/services/media/default.nix
View file

@ -8,7 +8,7 @@
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str;
cfg = config.${namespace}.services.media;
cfg = config.sneeuwvlok.services.media;
in {
imports = [
./glance
@ -19,7 +19,7 @@ in {
./servarr
];
options.${namespace}.services.media = {
options.sneeuwvlok.services.media = {
enable = mkEnableOption "Enable media services";
user = mkOption {

6
modules/nixos/services/media/glance/default.nix
View file

@ -6,14 +6,14 @@
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.glance;
cfg = config.sneeuwvlok.services.media.glance;
in {
options.${namespace}.services.media.glance = {
options.sneeuwvlok.services.media.glance = {
enable = mkEnableOption "Enable Glance";
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy.hosts = {
sneeuwvlok.services.networking.caddy.hosts = {
"https://${config.networking.hostName}:443" = ''
reverse_proxy http://[::1]:2000
'';

6
modules/nixos/services/media/jellyfin/default.nix
View file

@ -9,14 +9,14 @@
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.jellyfin;
cfg = config.sneeuwvlok.services.media.jellyfin;
in {
options.${namespace}.services.media.jellyfin = {
options.sneeuwvlok.services.media.jellyfin = {
enable = mkEnableOption "Enable jellyfin server";
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy = {
sneeuwvlok.services.networking.caddy = {
hosts = {
"jellyfin.kruining.eu" = ''
reverse_proxy http://[::1]:8096

4
modules/nixos/services/media/mydia/default.nix
View file

@ -6,9 +6,9 @@
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.mydia;
cfg = config.sneeuwvlok.services.media.mydia;
in {
options.${namespace}.services.media.mydia = {
options.sneeuwvlok.services.media.mydia = {
enable = mkEnableOption "Enable Mydia";
};

6
modules/nixos/services/media/nextcloud/default.nix
View file

@ -8,9 +8,9 @@
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str;
cfg = config.${namespace}.services.media.nextcloud;
cfg = config.sneeuwvlok.services.media.nextcloud;
in {
options.${namespace}.services.media.nextcloud = {
options.sneeuwvlok.services.media.nextcloud = {
enable = mkEnableOption "Nextcloud";
user = mkOption {
@ -25,7 +25,7 @@ in {
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy = {
sneeuwvlok.services.networking.caddy = {
hosts."cloud.kruining.eu" = ''
php_fastcgi unix//run/phpfpm/nextcloud.sock {
env front_controller_active true

4
modules/nixos/services/media/nfs/default.nix
View file

@ -2,10 +2,10 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.media.nfs;
cfg = config.sneeuwvlok.services.media.nfs;
in
{
options.${namespace}.services.media.nfs = {
options.sneeuwvlok.services.media.nfs = {
enable = mkEnableOption "Enable NFS";
};

4
modules/nixos/services/media/servarr/default.nix
View file

@ -9,11 +9,11 @@
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.servarr;
cfg = config.sneeuwvlok.services.media.servarr;
servarr = import ./lib.nix {inherit lib;};
anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0);
in {
options.${namespace}.services.media = {
options.sneeuwvlok.services.media = {
servarr = mkOption {
type = types.attrsOf (types.submodule ({name, ...}: {
options = {

4
modules/nixos/services/networking/caddy/default.nix
View file

@ -8,14 +8,14 @@
inherit (builtins) length;
inherit (lib) mkIf mkEnableOption mkOption types attrNames mapAttrs;
cfg = config.${namespace}.services.networking.caddy;
cfg = config.sneeuwvlok.services.networking.caddy;
hasHosts = (cfg.hosts |> attrNames |> length) > 0;
caddyPackage = pkgs.caddy.withPlugins {
plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
};
in {
options.${namespace}.services.networking.caddy = {
options.sneeuwvlok.services.networking.caddy = {
enable = mkEnableOption "enable caddy" // {default = true;};
hosts = mkOption {

19
modules/nixos/services/networking/ssh/default.nix
View file

@ -1,12 +1,15 @@
{ config, lib, namespace, ... }:
let
{
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.networking.ssh;
in
{
options.${namespace}.services.networking.ssh = {
cfg = config.sneeuwvlok.services.networking.ssh;
in {
options.sneeuwvlok.services.networking.ssh = {
enable = mkEnableOption "enable ssh";
};
@ -14,10 +17,10 @@ in
services.openssh = {
enable = true;
openFirewall = true;
ports = [ 22 ];
ports = [22];
settings = {
PasswordAuthentication = true;
AllowUsers = [ "chris" "root" ];
AllowUsers = ["chris" "root"];
UseDns = true;
UsePAM = true;
PermitRootLogin = "prohibit-password";

4
modules/nixos/services/networking/wireguard/default.nix
View file

@ -8,10 +8,10 @@
inherit (builtins) length;
inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs;
cfg = config.${namespace}.services.networking.wireguard;
cfg = config.sneeuwvlok.services.networking.wireguard;
hasPeers = (cfg.peer |> attrNames |> length) > 0;
in {
options.${namespace}.services.networking.wireguard = {
options.sneeuwvlok.services.networking.wireguard = {
# enable = mkEnableOption "enable wireguard" // {default = true;};
peer = mkOption {

4
modules/nixos/services/observability/grafana/default.nix
View file

@ -8,12 +8,12 @@
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.observability.grafana;
cfg = config.sneeuwvlok.services.observability.grafana;
db_user = "grafana";
db_name = "grafana";
in {
options.${namespace}.services.observability.grafana = {
options.sneeuwvlok.services.observability.grafana = {
enable = mkEnableOption "enable Grafana";
};

18
modules/nixos/services/observability/loki/default.nix
View file

@ -1,12 +1,16 @@
{ pkgs, config, lib, namespace, ... }:
let
{
pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.observability.loki;
in
{
options.${namespace}.services.observability.loki = {
cfg = config.sneeuwvlok.services.observability.loki;
in {
options.sneeuwvlok.services.observability.loki = {
enable = mkEnableOption "enable Grafana Loki";
};
@ -44,6 +48,6 @@ in
};
};
networking.firewall.allowedTCPPorts = [ 9003 ];
networking.firewall.allowedTCPPorts = [9003];
};
}

4
modules/nixos/services/observability/prometheus/default.nix
View file

@ -3,10 +3,10 @@ let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.observability.prometheus;
cfg = config.sneeuwvlok.services.observability.prometheus;
in
{
options.${namespace}.services.observability.prometheus = {
options.sneeuwvlok.services.observability.prometheus = {
enable = mkEnableOption "enable Prometheus";
};

4
modules/nixos/services/observability/promtail/default.nix
View file

@ -8,9 +8,9 @@
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.observability.promtail;
cfg = config.sneeuwvlok.services.observability.promtail;
in {
options.${namespace}.services.observability.promtail = {
options.sneeuwvlok.services.observability.promtail = {
enable = mkEnableOption "enable Grafana Promtail";
};

20
modules/nixos/services/observability/uptime-kuma/default.nix
View file

@ -1,12 +1,16 @@
{ pkgs, config, lib, namespace, ... }:
let
{
pkgs,
config,
lib,
namespace,
...
}: let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.observability.uptime-kuma;
in
{
options.${namespace}.services.observability.uptime-kuma = {
cfg = config.sneeuwvlok.services.observability.uptime-kuma;
in {
options.sneeuwvlok.services.observability.uptime-kuma = {
enable = mkEnableOption "enable uptime kuma";
};
@ -19,7 +23,7 @@ in
HOST = "0.0.0.0";
};
};
networking.firewall.allowedTCPPorts = [ 9006 ];
networking.firewall.allowedTCPPorts = [9006];
};
}

4
modules/nixos/services/persistance/postgesql/default.nix
View file

@ -7,9 +7,9 @@
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.persistance.postgresql;
cfg = config.sneeuwvlok.services.persistance.postgresql;
in {
options.${namespace}.services.persistance.postgresql = {
options.sneeuwvlok.services.persistance.postgresql = {
enable = mkEnableOption "Postgresql";
};

6
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -10,7 +10,7 @@
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep;
cfg = config.${namespace}.services.security.vaultwarden;
cfg = config.sneeuwvlok.services.security.vaultwarden;
databaseProviderSqlite = types.submodule ({...}: {
options = {
@ -78,7 +78,7 @@
// (urlOptions |> getAttrs ["protocol" "host" "port"]);
});
in {
options.${namespace}.services.security.vaultwarden = {
options.sneeuwvlok.services.security.vaultwarden = {
enable = mkEnableOption "enable vaultwarden";
database = mkOption {
@ -93,7 +93,7 @@ in {
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy.hosts = {
sneeuwvlok.services.networking.caddy.hosts = {
"vault.kruining.eu" = ''
encode zstd gzip

17
modules/nixos/services/virtualisation/podman/default.nix
View file

@ -1,11 +1,16 @@
{ config, options, lib, pkgs, namespace, ... }:
let
{
config,
options,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.virtualisation.podman;
in
{
options.${namespace}.services.virtualisation.podman = {
cfg = config.sneeuwvlok.services.virtualisation.podman;
in {
options.sneeuwvlok.services.virtualisation.podman = {
enable = mkEnableOption "enable podman";
};